diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 9fb2ffeb23d1a..d28dd666c7969 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -32,7 +32,7 @@ jobs: docs: ${{ steps.filter.outputs.docs_any_changed }} steps: - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - - uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45.0.4 + - uses: tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366 # v45.0.5 id: filter with: # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file @@ -57,7 +57,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Download all Go modules @@ -78,11 +78,11 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -105,14 +105,14 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?\d+)\.(?\d+)\.(?\d+)?$ - version: v1.62.0 + version: v1.62.2 args: --verbose test-go: @@ -133,7 +133,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -153,7 +153,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -197,7 +197,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -217,7 +217,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -253,7 +253,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Create symlink in GOPATH @@ -311,7 +311,7 @@ jobs: node-version: '22.9.0' - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -351,7 +351,7 @@ jobs: fetch-depth: 0 - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -370,11 +370,11 @@ jobs: path: test-results - name: combine-go-coverage # We generate coverage reports for all Argo CD components, but only the applicationset-controller, - # app-controller, and repo-server report contain coverage data. The other components currently don't shut down - # gracefully, so no coverage data is produced. Once those components are fixed, we can add references to their - # coverage output directories. + # app-controller, repo-server, and commit-server report contain coverage data. The other components currently + # don't shut down gracefully, so no coverage data is produced. Once those components are fixed, we can add + # references to their coverage output directories. run: | - go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller -o test-results/full-coverage.out + go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller,e2e-code-coverage/commit-server -o test-results/full-coverage.out - name: Upload code coverage information to codecov.io uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: @@ -393,7 +393,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - uses: SonarSource/sonarqube-scan-action@13990a695682794b53148ff9f6a8b6e22e43955e # v2.2 + uses: SonarSource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1 if: env.sonar_secret != '' test-e2e: name: Run end-to-end tests @@ -429,10 +429,17 @@ jobs: GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }} steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + with: + large-packages: false + docker-images: false + swap-storage: false + tool-cache: false - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: GH actions workaround - Kill XSP4 process @@ -451,7 +458,7 @@ jobs: sudo chmod go-r $HOME/.kube/config kubectl version - name: Restore go build cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 634fbb2647787..1ebb6852bddcc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087 - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: go.mod diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 571f7b6f31ab6..ebfc52870f23a 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -17,11 +17,9 @@ on: platforms: required: true type: string - default: linux/amd64 push: required: true type: boolean - default: false target: required: false type: string @@ -69,7 +67,7 @@ jobs: if: ${{ github.ref_type != 'tag'}} - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ inputs.go-version }} @@ -77,7 +75,7 @@ jobs: uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Setup tags for container image as a CSV type run: | @@ -143,7 +141,7 @@ jobs: - name: Build and push container image id: image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 #v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0 with: context: . platforms: ${{ inputs.platforms }} diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index 61c38548cf6ba..5c19a36a48140 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -23,7 +23,7 @@ jobs: name: Validate PR Title runs-on: ubuntu-latest steps: - - uses: thehanimo/pr-title-checker@1d8cd483a2b73118406a187f54dca8a9415f1375 # v1.4.2 + - uses: thehanimo/pr-title-checker@7fbfe05602bdd86f926d3fb3bccb6f3aed43bc70 # v1.4.3 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration_path: ".github/pr-title-checker-config.json" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 39c3689c7257e..9629af2581fa2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -70,7 +70,7 @@ jobs: run: git fetch --force --tags - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} @@ -151,7 +151,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Golang - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: ${{ env.GOLANG_VERSION }} @@ -195,7 +195,7 @@ jobs: echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" - name: Upload SBOM - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile index ec47f2553d19d..ccdbfeb4529df 100644 --- a/.gitpod.Dockerfile +++ b/.gitpod.Dockerfile @@ -1,4 +1,4 @@ -FROM gitpod/workspace-full@sha256:230285e0b949e6d728d384b2029a4111db7b9c87c182f22f32a0be9e36b225df +FROM gitpod/workspace-full@sha256:bec45ebdcc9b9c5ec28d5c61c16bf599200aa0d2dc1e69e2ed8ab0a424bae6db USER root diff --git a/.golangci.yaml b/.golangci.yaml index 5333f86b47f94..1aea900d3cd11 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -14,6 +14,7 @@ linters: - gocritic - gofumpt - goimports + - gomodguard - gosimple - govet - ineffassign @@ -40,17 +41,23 @@ linters-settings: - typeSwitchVar goimports: local-prefixes: github.com/argoproj/argo-cd/v2 + gomodguard: + blocked: + modules: + - github.com/pkg/errors: + recommendations: + - errors perfsprint: # Optimizes even if it requires an int or uint type cast. int-conversion: true # Optimizes into `err.Error()` even if it is only equivalent for non-nil errors. - err-error: false + err-error: true # Optimizes `fmt.Errorf`. errorf: false # Optimizes `fmt.Sprintf` with only one argument. sprintf1: true # Optimizes into strings concatenation. - strconcat: false + strconcat: true testifylint: enable-all: true disable: diff --git a/.mockery.yaml b/.mockery.yaml index 3a8b437ef347d..a2af16e826166 100644 --- a/.mockery.yaml +++ b/.mockery.yaml @@ -26,6 +26,13 @@ packages: github.com/argoproj/argo-cd/v2/applicationset/utils: interfaces: Renderer: + github.com/argoproj/argo-cd/v2/commitserver/commit: + interfaces: + RepoClientFactory: + github.com/argoproj/argo-cd/v2/commitserver/apiclient: + interfaces: + CommitServiceClient: + Clientset: github.com/argoproj/argo-cd/v2/controller/cache: interfaces: LiveStateCache: diff --git a/Dockerfile b/Dockerfile index ec12fb873ea9e..45c1deb4d8c9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -140,7 +140,8 @@ RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller && \ - ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth + ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth && \ + ln -s /usr/local/bin/argocd /usr/local/bin/argocd-commit-server USER $ARGOCD_USER_ID ENTRYPOINT ["/usr/bin/tini", "--"] diff --git a/Makefile b/Makefile index c1ef27163cc60..8cc1b928dad83 100644 --- a/Makefile +++ b/Makefile @@ -472,6 +472,7 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local mkdir -p /tmp/coverage/repo-server mkdir -p /tmp/coverage/applicationset-controller mkdir -p /tmp/coverage/notification + mkdir -p /tmp/coverage/commit-server # set paths for locally managed ssh known hosts and tls certs data ARGOCD_SSH_DATA_PATH=/tmp/argo-e2e/app/config/ssh \ ARGOCD_TLS_DATA_PATH=/tmp/argo-e2e/app/config/tls \ @@ -489,6 +490,7 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE=true \ ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS=http://127.0.0.1:8341,http://127.0.0.1:8342,http://127.0.0.1:8343,http://127.0.0.1:8344 \ ARGOCD_E2E_TEST=true \ + ARGOCD_HYDRATOR_ENABLED=true \ goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START} ls -lrt /tmp/coverage diff --git a/Procfile b/Procfile index fd955a39ac416..9ff5e67236088 100644 --- a/Procfile +++ b/Procfile @@ -1,9 +1,10 @@ -controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1 FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}" -api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}" +controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1 FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --commit-server localhost:${ARGOCD_E2E_COMMITSERVER_PORT:-8086} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}" +api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}" dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml" redis: hack/start-redis-with-password.sh repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/repo-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}" cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}" +commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/commit-server} FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}" ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start' git-server: test/fixture/testrepos/start-git.sh helm-registry: test/fixture/testrepos/start-helm-registry.sh diff --git a/USERS.md b/USERS.md index 815300ca64f49..9135d45f8d0e3 100644 --- a/USERS.md +++ b/USERS.md @@ -17,6 +17,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [AirQo](https://airqo.net/) 1. [Akuity](https://akuity.io/) 1. [Alarm.com](https://alarm.com/) +1. [Alauda](https://alauda.io/) 1. [Albert Heijn](https://ah.nl/) 1. [Alibaba Group](https://www.alibabagroup.com/) 1. [Allianz Direct](https://www.allianzdirect.de/) @@ -267,6 +268,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/) 1. [Platform9 Systems](https://platform9.com/) 1. [Polarpoint.io](https://polarpoint.io) +1. [Pollinate](https://www.pollinate.global) 1. [PostFinance](https://github.com/postfinance) 1. [Preferred Networks](https://preferred.jp/en/) 1. [Previder BV](https://previder.nl) @@ -334,6 +336,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Swisscom](https://www.swisscom.ch) 1. [Swissquote](https://github.com/swissquote) 1. [Syncier](https://syncier.com/) +1. [Synergy](https://synergy.net.au) 1. [Syself](https://syself.com) 1. [TableCheck](https://tablecheck.com/) 1. [Tailor Brands](https://www.tailorbrands.com) @@ -391,4 +394,5 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Yubo](https://www.yubo.live/) 1. [ZDF](https://www.zdf.de/) 1. [Zimpler](https://www.zimpler.com/) +1. [ZipRecuiter](https://www.ziprecruiter.com/) 1. [ZOZO](https://corp.zozo.com/) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 149e2766dfbdf..c0545222817fa 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "reflect" + "runtime/debug" "sort" "strconv" "strings" @@ -95,10 +96,22 @@ type ApplicationSetReconciler struct { // +kubebuilder:rbac:groups=argoproj.io,resources=applicationsets,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=argoproj.io,resources=applicationsets/status,verbs=get;update;patch -func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { +func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, err error) { startReconcile := time.Now() logCtx := log.WithField("applicationset", req.NamespacedName) + defer func() { + if rec := recover(); rec != nil { + logCtx.Errorf("Recovered from panic: %+v\n%s", rec, debug.Stack()) + result = ctrl.Result{} + var ok bool + err, ok = rec.(error) + if !ok { + err = fmt.Errorf("%v", r) + } + } + }() + var applicationSetInfo argov1alpha1.ApplicationSet parametersGenerated := false startTime := time.Now() @@ -483,7 +496,7 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con return nil, err } - if err := utils.ValidateDestination(ctx, &app.Spec.Destination, r.KubeClientset, r.ArgoCDNamespace); err != nil { + if err := argoutil.ValidateDestination(ctx, &app.Spec.Destination, r.ArgoDB); err != nil { errorsByIndex[i] = fmt.Errorf("application destination spec is invalid: %s", err.Error()) continue } @@ -770,7 +783,7 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte var validDestination bool // Detect if the destination is invalid (name doesn't correspond to a matching cluster) - if err := utils.ValidateDestination(ctx, &app.Spec.Destination, r.KubeClientset, r.ArgoCDNamespace); err != nil { + if err := argoutil.ValidateDestination(ctx, &app.Spec.Destination, r.ArgoDB); err != nil { appLog.Warnf("The destination cluster for %s couldn't be found: %v", app.Name, err) validDestination = false } else { diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index f4e63a9e6866b..ec28e96d767e7 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -4,9 +4,7 @@ import ( "context" "encoding/json" "fmt" - "reflect" "strconv" - "strings" "testing" "time" @@ -33,14 +31,13 @@ import ( "github.com/argoproj/argo-cd/v2/applicationset/generators" "github.com/argoproj/argo-cd/v2/applicationset/generators/mocks" - "github.com/argoproj/argo-cd/v2/applicationset/utils" - appsetmetrics "github.com/argoproj/argo-cd/v2/applicationset/metrics" + "github.com/argoproj/argo-cd/v2/applicationset/utils" argocommon "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" - "github.com/argoproj/argo-cd/v2/pkg/apis/application" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/db" + "github.com/argoproj/argo-cd/v2/util/settings" ) func TestCreateOrUpdateInCluster(t *testing.T) { @@ -1167,12 +1164,15 @@ func TestRemoveFinalizerOnInvalidDestination_FinalizerTypes(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset(objects...) metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(10), KubeClientset: kubeclientset, Metrics: metrics, + ArgoDB: argodb, } // settingsMgr := settings.NewSettingsManager(context.TODO(), kubeclientset, "namespace") // argoDB := db.NewDB("namespace", settingsMgr, r.KubeClientset) @@ -1305,7 +1305,7 @@ func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "my-secret", - Namespace: "namespace", + Namespace: "argocd", Labels: map[string]string{ argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster, }, @@ -1323,17 +1323,18 @@ func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset(objects...) metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(10), KubeClientset: kubeclientset, Metrics: metrics, + ArgoDB: argodb, } - // settingsMgr := settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd") - // argoDB := db.NewDB("argocd", settingsMgr, r.KubeClientset) - // clusterList, err := argoDB.ListClusters(context.Background()) - clusterList, err := utils.ListClusters(context.Background(), kubeclientset, "namespace") + + clusterList, err := utils.ListClusters(context.Background(), kubeclientset, "argocd") require.NoError(t, err) appLog := log.WithFields(log.Fields{"app": app.Name, "appSet": ""}) @@ -1783,7 +1784,7 @@ func TestDeleteInCluster(t *testing.T) { Name: obj.Name, }, got) - assert.EqualError(t, err, fmt.Sprintf("applications.argoproj.io \"%s\" not found", obj.Name)) + assert.EqualError(t, err, fmt.Sprintf("applications.argoproj.io %q not found", obj.Name)) } } } @@ -1890,16 +1891,12 @@ func TestRequeueGeneratorFails(t *testing.T) { } func TestValidateGeneratedApplications(t *testing.T) { + t.Parallel() + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) require.NoError(t, err) - // Valid cluster - myCluster := v1alpha1.Cluster{ - Server: "https://kubernetes.default.svc", - Name: "my-cluster", - } - // Valid project myProject := &v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "namespace"}, @@ -1927,7 +1924,6 @@ func TestValidateGeneratedApplications(t *testing.T) { for _, cc := range []struct { name string apps []v1alpha1.Application - expectedErrors []string validationErrors map[int]error }{ { @@ -1950,7 +1946,6 @@ func TestValidateGeneratedApplications(t *testing.T) { }, }, }, - expectedErrors: []string{}, validationErrors: map[int]error{}, }, { @@ -1974,7 +1969,6 @@ func TestValidateGeneratedApplications(t *testing.T) { }, }, }, - expectedErrors: []string{"application destination can't have both name and server defined"}, validationErrors: map[int]error{0: fmt.Errorf("application destination spec is invalid: application destination can't have both name and server defined: my-cluster my-server")}, }, { @@ -1997,7 +1991,6 @@ func TestValidateGeneratedApplications(t *testing.T) { }, }, }, - expectedErrors: []string{"application references project DOES-NOT-EXIST which does not exist"}, validationErrors: map[int]error{0: fmt.Errorf("application references project DOES-NOT-EXIST which does not exist")}, }, { @@ -2020,7 +2013,6 @@ func TestValidateGeneratedApplications(t *testing.T) { }, }, }, - expectedErrors: []string{}, validationErrors: map[int]error{}, }, { @@ -2043,15 +2035,16 @@ func TestValidateGeneratedApplications(t *testing.T) { }, }, }, - expectedErrors: []string{"there are no clusters with this name: nonexistent-cluster"}, validationErrors: map[int]error{0: fmt.Errorf("application destination spec is invalid: unable to find destination server: there are no clusters with this name: nonexistent-cluster")}, }, } { t.Run(cc.name, func(t *testing.T) { + t.Parallel() + secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "my-secret", - Namespace: "namespace", + Namespace: "argocd", Labels: map[string]string{ argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster, }, @@ -2066,54 +2059,22 @@ func TestValidateGeneratedApplications(t *testing.T) { objects := append([]runtime.Object{}, secret) kubeclientset := kubefake.NewSimpleClientset(objects...) - argoDBMock := dbmocks.ArgoDB{} - argoDBMock.On("GetCluster", mock.Anything, "https://kubernetes.default.svc").Return(&myCluster, nil) - argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ - myCluster, - }}, nil) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: argodb, ArgoCDNamespace: "namespace", KubeClientset: kubeclientset, Metrics: metrics, } appSetInfo := v1alpha1.ApplicationSet{} - validationErrors, _ := r.validateGeneratedApplications(context.TODO(), cc.apps, appSetInfo) - var errorMessages []string - for _, v := range validationErrors { - errorMessages = append(errorMessages, v.Error()) - } - - if len(errorMessages) == 0 { - assert.Empty(t, cc.expectedErrors, "Expected errors but none were seen") - } else { - // An error was returned: it should be expected - matched := false - for _, expectedErr := range cc.expectedErrors { - foundMatch := strings.Contains(strings.Join(errorMessages, ";"), expectedErr) - assert.True(t, foundMatch, "Unble to locate expected error: %s", cc.expectedErrors) - matched = matched || foundMatch - } - assert.True(t, matched, "An unexpected error occurrred: %v", err) - // validation message was returned: it should be expected - matched = false - foundMatch := reflect.DeepEqual(validationErrors, cc.validationErrors) - var message string - for _, v := range validationErrors { - message = v.Error() - break - } - assert.True(t, foundMatch, "Unble to locate validation message: %s", message) - matched = matched || foundMatch - assert.True(t, matched, "An unexpected error occurrred: %v", err) - } + assert.Equal(t, cc.validationErrors, validationErrors) }) } } @@ -2159,17 +2120,11 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { } kubeclientset := kubefake.NewSimpleClientset() - argoDBMock := dbmocks.ArgoDB{} client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet, &project).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) - goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} - badCluster := v1alpha1.Cluster{Server: "https://bad-cluster", Name: "bad-cluster"} - argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) - argoDBMock.On("GetCluster", mock.Anything, "https://bad-cluster").Return(&badCluster, nil) - argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ - goodCluster, - }}, nil) + + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) r := ApplicationSetReconciler{ Client: client, @@ -2179,7 +2134,7 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Policy: v1alpha1.ApplicationsSyncPolicySync, ArgoCDNamespace: "argocd", @@ -2363,12 +2318,13 @@ func TestSetApplicationSetStatusCondition(t *testing.T) { } kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} for _, testCase := range testCases { client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&testCase.appset).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).WithStatusSubresource(&testCase.appset).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, @@ -2377,7 +2333,7 @@ func TestSetApplicationSetStatusCondition(t *testing.T) { Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Metrics: metrics, } @@ -2433,16 +2389,30 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp }, } - kubeclientset := kubefake.NewSimpleClientset() - argoDBMock := dbmocks.ArgoDB{} + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "argocd", + Labels: map[string]string{ + argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster, + }, + }, + Data: map[string][]byte{ + // Since this test requires the cluster to be an invalid destination, we + // always return a cluster named 'my-cluster2' (different from app 'my-cluster', above) + "name": []byte("good-cluster"), + "server": []byte("https://good-cluster"), + "config": []byte("{\"username\":\"foo\",\"password\":\"foo\"}"), + }, + } + + objects := append([]runtime.Object{}, secret) + kubeclientset := kubefake.NewSimpleClientset(objects...) client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet, &defaultProject).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) - goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} - argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) - argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ - goodCluster, - }}, nil) + + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) r := ApplicationSetReconciler{ Client: client, @@ -2452,7 +2422,7 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: argodb, ArgoCDNamespace: "argocd", KubeClientset: kubeclientset, Policy: v1alpha1.ApplicationsSyncPolicySync, @@ -2595,16 +2565,30 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp }, } - kubeclientset := kubefake.NewSimpleClientset() - argoDBMock := dbmocks.ArgoDB{} + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster", + Namespace: "argocd", + Labels: map[string]string{ + argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster, + }, + }, + Data: map[string][]byte{ + // Since this test requires the cluster to be an invalid destination, we + // always return a cluster named 'my-cluster2' (different from app 'my-cluster', above) + "name": []byte("good-cluster"), + "server": []byte("https://good-cluster"), + "config": []byte("{\"username\":\"foo\",\"password\":\"foo\"}"), + }, + } + + objects := append([]runtime.Object{}, secret) + kubeclientset := kubefake.NewSimpleClientset(objects...) client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet, &defaultProject).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) - goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} - argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) - argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ - goodCluster, - }}, nil) + + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) r := ApplicationSetReconciler{ Client: client, @@ -2614,7 +2598,7 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: argodb, ArgoCDNamespace: "argocd", KubeClientset: kubeclientset, Policy: v1alpha1.ApplicationsSyncPolicySync, @@ -2689,7 +2673,7 @@ func TestDeletePerformedWithSyncPolicyCreateDelete(t *testing.T) { apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, true) - assert.Empty(t, apps.Items) + assert.NotNil(t, apps.Items[0].DeletionTimestamp) } func TestDeletePerformedWithSyncPolicySync(t *testing.T) { @@ -2697,7 +2681,7 @@ func TestDeletePerformedWithSyncPolicySync(t *testing.T) { apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, true) - assert.Empty(t, apps.Items) + assert.NotNil(t, apps.Items[0].DeletionTimestamp) } func TestDeletePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *testing.T) { @@ -2705,7 +2689,7 @@ func TestDeletePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *t apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, false) - assert.Empty(t, apps.Items) + assert.NotNil(t, apps.Items[0].DeletionTimestamp) } func TestPolicies(t *testing.T) { @@ -2717,14 +2701,8 @@ func TestPolicies(t *testing.T) { ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, Spec: v1alpha1.AppProjectSpec{SourceRepos: []string{"*"}, Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "https://kubernetes.default.svc"}}}, } - myCluster := v1alpha1.Cluster{ - Server: "https://kubernetes.default.svc", - Name: "my-cluster", - } kubeclientset := kubefake.NewSimpleClientset() - argoDBMock := dbmocks.ArgoDB{} - argoDBMock.On("GetCluster", mock.Anything, "https://kubernetes.default.svc").Return(&myCluster, nil) for _, c := range []struct { name string @@ -2799,6 +2777,8 @@ func TestPolicies(t *testing.T) { client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet, &defaultProject).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, @@ -2807,7 +2787,7 @@ func TestPolicies(t *testing.T) { Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: argodb, ArgoCDNamespace: "argocd", KubeClientset: kubeclientset, Policy: policy, @@ -2881,7 +2861,6 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { require.NoError(t, err) kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} for _, cc := range []struct { name string @@ -2957,6 +2936,8 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, @@ -2965,7 +2946,7 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { Generators: map[string]generators.Generator{ "List": generators.NewListGenerator(), }, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Metrics: metrics, } @@ -3714,14 +3695,15 @@ func TestBuildAppDependencyList(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} + + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Metrics: metrics, } @@ -4381,14 +4363,15 @@ func TestBuildAppSyncMap(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} + + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Metrics: metrics, } @@ -5326,17 +5309,18 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Metrics: metrics, } @@ -6075,17 +6059,18 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Metrics: metrics, } @@ -6286,17 +6271,18 @@ func TestUpdateResourceStatus(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} client := fake.NewClientBuilder().WithScheme(scheme).WithStatusSubresource(&cc.appSet).WithObjects(&cc.appSet).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Metrics: metrics, } @@ -6376,17 +6362,18 @@ func TestResourceStatusAreOrdered(t *testing.T) { } { t.Run(cc.name, func(t *testing.T) { kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} client := fake.NewClientBuilder().WithScheme(scheme).WithStatusSubresource(&cc.appSet).WithObjects(&cc.appSet).Build() metrics := appsetmetrics.NewFakeAppsetMetrics(client) + argodb := db.NewDB("argocd", settings.NewSettingsManager(context.TODO(), kubeclientset, "argocd"), kubeclientset) + r := ApplicationSetReconciler{ Client: client, Scheme: scheme, Recorder: record.NewFakeRecorder(1), Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, + ArgoDB: argodb, KubeClientset: kubeclientset, Metrics: metrics, } diff --git a/applicationset/controllers/template/template.go b/applicationset/controllers/template/template.go index bb4bc155d4e59..616b7ef9a7e74 100644 --- a/applicationset/controllers/template/template.go +++ b/applicationset/controllers/template/template.go @@ -69,9 +69,11 @@ func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.App res = append(res, *app) } } - - logCtx.WithField("generator", requestedGenerator).Infof("generated %d applications", len(res)) - logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res) + if log.IsLevelEnabled(log.DebugLevel) { + logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res) + } else { + logCtx.Infof("generated %d applications", len(res)) + } } return res, applicationSetReason, firstError diff --git a/applicationset/generators/cluster.go b/applicationset/generators/cluster.go index 100e8e45022c8..d7b35d1815454 100644 --- a/applicationset/generators/cluster.go +++ b/applicationset/generators/cluster.go @@ -48,7 +48,7 @@ func NewClusterGenerator(c client.Client, ctx context.Context, clientset kuberne // GetRequeueAfter never requeue the cluster generator because the `clusterSecretEventHandler` will requeue the appsets // when the cluster secrets change -func (g *ClusterGenerator) GetRequeueAfter(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) time.Duration { +func (g *ClusterGenerator) GetRequeueAfter(_ *argoappsetv1alpha1.ApplicationSetGenerator) time.Duration { return NoRequeueAfter } @@ -57,6 +57,7 @@ func (g *ClusterGenerator) GetTemplate(appSetGenerator *argoappsetv1alpha1.Appli } func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator, appSet *argoappsetv1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) { + logCtx := log.WithField("applicationset", appSet.GetName()).WithField("namespace", appSet.GetNamespace()) if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError } @@ -79,7 +80,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap return nil, nil } - clusterSecrets, err := g.getSecretsByClusterName(appSetGenerator) + clusterSecrets, err := g.getSecretsByClusterName(logCtx, appSetGenerator) if err != nil { return nil, fmt.Errorf("error getting cluster secrets: %w", err) } @@ -89,7 +90,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap secretsFound := []corev1.Secret{} isFlatMode := appSetGenerator.Clusters.FlatList - log.Debug("Using flat mode = ", isFlatMode, " for cluster generator") + logCtx.Debugf("Using flat mode = %t for cluster generator", isFlatMode) clustersParams := make([]map[string]interface{}, 0) for _, cluster := range clustersFromArgoCD.Items { @@ -116,7 +117,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap res = append(res, params) } - log.WithField("cluster", "local cluster").Info("matched local cluster") + logCtx.WithField("cluster", "local cluster").Info("matched local cluster") } } @@ -148,11 +149,11 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap params["metadata"] = meta } else { for key, value := range cluster.ObjectMeta.Annotations { - params[fmt.Sprintf("metadata.annotations.%s", key)] = value + params["metadata.annotations."+key] = value } for key, value := range cluster.ObjectMeta.Labels { - params[fmt.Sprintf("metadata.labels.%s", key)] = value + params["metadata.labels."+key] = value } } @@ -167,7 +168,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap res = append(res, params) } - log.WithField("cluster", cluster.Name).Info("matched cluster secret") + logCtx.WithField("cluster", cluster.Name).Debug("matched cluster secret") } if isFlatMode { @@ -178,8 +179,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap return res, nil } -func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) (map[string]corev1.Secret, error) { - // List all Clusters: +func (g *ClusterGenerator) getSecretsByClusterName(log *log.Entry, appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) (map[string]corev1.Secret, error) { clusterSecretList := &corev1.SecretList{} selector := metav1.AddLabelToSelector(&appSetGenerator.Clusters.Selector, common.LabelKeySecretType, common.LabelValueSecretTypeCluster) @@ -191,7 +191,7 @@ func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1 if err := g.Client.List(context.Background(), clusterSecretList, client.MatchingLabelsSelector{Selector: secretSelector}); err != nil { return nil, err } - log.Debug("clusters matching labels", "count", len(clusterSecretList.Items)) + log.Debugf("clusters matching labels: %d", len(clusterSecretList.Items)) res := map[string]corev1.Secret{} diff --git a/applicationset/generators/duck_type.go b/applicationset/generators/duck_type.go index 7bd78a07146b2..b971f7a1e0b1b 100644 --- a/applicationset/generators/duck_type.go +++ b/applicationset/generators/duck_type.go @@ -211,7 +211,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A } params["values"].(map[string]string)[key] = value } else { - params[fmt.Sprintf("values.%s", key)] = value + params["values."+key] = value } } diff --git a/applicationset/generators/list.go b/applicationset/generators/list.go index fad6a6af5c6d9..5980d95e77332 100644 --- a/applicationset/generators/list.go +++ b/applicationset/generators/list.go @@ -61,7 +61,7 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli if !ok { return nil, fmt.Errorf("error parsing value as string %w", err) } - params[fmt.Sprintf("values.%s", k)] = value + params["values."+k] = value } } else { v, ok := value.(string) diff --git a/applicationset/generators/value_interpolation.go b/applicationset/generators/value_interpolation.go index 814843e3d899d..a87e1fab9bdb1 100644 --- a/applicationset/generators/value_interpolation.go +++ b/applicationset/generators/value_interpolation.go @@ -22,7 +22,7 @@ func appendTemplatedValues(values map[string]string, params map[string]interface } tmp["values"].(map[string]string)[key] = result } else { - tmp[fmt.Sprintf("values.%s", key)] = result + tmp["values."+key] = result } } diff --git a/applicationset/services/internal/github_app/client.go b/applicationset/services/internal/github_app/client.go index 668f0a1506628..5980802341dee 100644 --- a/applicationset/services/internal/github_app/client.go +++ b/applicationset/services/internal/github_app/client.go @@ -6,7 +6,7 @@ import ( "github.com/aburan28/httpcache" "github.com/bradleyfalzon/ghinstallation/v2" - "github.com/google/go-github/v63/github" + "github.com/google/go-github/v66/github" "github.com/argoproj/argo-cd/v2/applicationset/services/github_app_auth" ) diff --git a/applicationset/services/plugin/utils.go b/applicationset/services/plugin/utils.go index 26e38e492200d..f165107ee809f 100644 --- a/applicationset/services/plugin/utils.go +++ b/applicationset/services/plugin/utils.go @@ -1,7 +1,6 @@ package plugin import ( - "fmt" "strings" "github.com/argoproj/argo-cd/v2/common" @@ -12,7 +11,7 @@ func ParseSecretKey(key string) (secretName string, tokenKey string) { if strings.Contains(key, ":") { parts := strings.Split(key, ":") secretName = parts[0][1:] - tokenKey = fmt.Sprintf("$%s", parts[1]) + tokenKey = "$" + parts[1] } else { secretName = common.ArgoCDSecretName tokenKey = key diff --git a/applicationset/services/pull_request/bitbucket_cloud.go b/applicationset/services/pull_request/bitbucket_cloud.go index 48083dcb407e3..2ee79d2cfabee 100644 --- a/applicationset/services/pull_request/bitbucket_cloud.go +++ b/applicationset/services/pull_request/bitbucket_cloud.go @@ -19,7 +19,7 @@ type BitbucketCloudPullRequest struct { ID int `json:"id"` Title string `json:"title"` Source BitbucketCloudPullRequestSource `json:"source"` - Author string `json:"author"` + Author BitbucketCloudPullRequestAuthor `json:"author"` } type BitbucketCloudPullRequestSource struct { @@ -35,6 +35,11 @@ type BitbucketCloudPullRequestSourceCommit struct { Hash string `json:"hash"` } +// Also have display_name and uuid, but don't plan to use them. +type BitbucketCloudPullRequestAuthor struct { + Nickname string `json:"nickname"` +} + type PullRequestResponse struct { Page int32 `json:"page"` Size int32 `json:"size"` @@ -134,7 +139,7 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error) Title: pull.Title, Branch: pull.Source.Branch.Name, HeadSHA: pull.Source.Commit.Hash, - Author: pull.Author, + Author: pull.Author.Nickname, }) } diff --git a/applicationset/services/pull_request/bitbucket_cloud_test.go b/applicationset/services/pull_request/bitbucket_cloud_test.go index 2e41c110bcd92..411f6148c85d6 100644 --- a/applicationset/services/pull_request/bitbucket_cloud_test.go +++ b/applicationset/services/pull_request/bitbucket_cloud_test.go @@ -38,7 +38,9 @@ func defaultHandlerCloud(t *testing.T) func(http.ResponseWriter, *http.Request) "hash": "1a8dd249c04a" } }, - "author": "testName" + "author": { + "nickname": "testName" + } } ] }`) @@ -155,7 +157,9 @@ func TestListPullRequestPaginationCloud(t *testing.T) { "hash": "1a8dd249c04a" } }, - "author": "testName" + "author": { + "nickname": "testName" + } }, { "id": 102, @@ -169,7 +173,9 @@ func TestListPullRequestPaginationCloud(t *testing.T) { "hash": "4cf807e67a6d" } }, - "author": "testName" + "author": { + "nickname": "testName" + } } ] }`, r.Host)) @@ -192,7 +198,9 @@ func TestListPullRequestPaginationCloud(t *testing.T) { "hash": "6344d9623e3b" } }, - "author": "testName" + "author": { + "nickname": "testName" + } } ] }`, r.Host)) @@ -340,7 +348,9 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { "hash": "1a8dd249c04a" } }, - "author": "testName" + "author": { + "nickname": "testName" + } }, { "id": 200, @@ -354,7 +364,9 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { "hash": "4cf807e67a6d" } }, - "author": "testName" + "author": { + "nickname": "testName" + } } ] }`, r.Host)) @@ -377,7 +389,9 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { "hash": "6344d9623e3b" } }, - "author": "testName" + "author": { + "nickname": "testName" + } } ] }`, r.Host)) diff --git a/applicationset/services/pull_request/github.go b/applicationset/services/pull_request/github.go index 07c41b247c7a8..1b3fc0a85764e 100644 --- a/applicationset/services/pull_request/github.go +++ b/applicationset/services/pull_request/github.go @@ -6,8 +6,8 @@ import ( "net/http" "os" - "github.com/aburan28/httpcache" - "github.com/google/go-github/v63/github" + "github.com/google/go-github/v66/github" + "golang.org/x/oauth2" ) type GithubService struct { diff --git a/applicationset/services/pull_request/github_test.go b/applicationset/services/pull_request/github_test.go index e223c52cbf40f..203f2a42e1c74 100644 --- a/applicationset/services/pull_request/github_test.go +++ b/applicationset/services/pull_request/github_test.go @@ -4,7 +4,7 @@ import ( "context" "testing" - "github.com/google/go-github/v63/github" + "github.com/google/go-github/v66/github" "github.com/stretchr/testify/require" ) diff --git a/applicationset/services/pull_request/gitlab.go b/applicationset/services/pull_request/gitlab.go index c4e49881a4393..8443847fce97a 100644 --- a/applicationset/services/pull_request/gitlab.go +++ b/applicationset/services/pull_request/gitlab.go @@ -7,7 +7,7 @@ import ( "os" "github.com/hashicorp/go-retryablehttp" - gitlab "github.com/xanzy/go-gitlab" + gitlab "gitlab.com/gitlab-org/api/client-go" "github.com/argoproj/argo-cd/v2/applicationset/utils" ) diff --git a/applicationset/services/scm_provider/gitea.go b/applicationset/services/scm_provider/gitea.go index 500aa0e981334..9f0650f2d64f8 100644 --- a/applicationset/services/scm_provider/gitea.go +++ b/applicationset/services/scm_provider/gitea.go @@ -131,10 +131,10 @@ func (g *GiteaProvider) RepoHasPath(ctx context.Context, repo *Repository, path if resp != nil && resp.StatusCode == http.StatusNotFound { return false, nil } - if fmt.Sprint(err) == "expect file, got directory" { - return true, nil - } if err != nil { + if err.Error() == "expect file, got directory" { + return true, nil + } return false, err } return true, nil diff --git a/applicationset/services/scm_provider/github.go b/applicationset/services/scm_provider/github.go index 4108b8a112b09..0b43386ada670 100644 --- a/applicationset/services/scm_provider/github.go +++ b/applicationset/services/scm_provider/github.go @@ -7,7 +7,7 @@ import ( "os" "github.com/aburan28/httpcache" - "github.com/google/go-github/v63/github" + "github.com/google/go-github/v66/github" ) type contextKey struct{} diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index 0acc1898bf382..c1f9016abf668 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -8,7 +8,7 @@ import ( pathpkg "path" "github.com/hashicorp/go-retryablehttp" - "github.com/xanzy/go-gitlab" + gitlab "gitlab.com/gitlab-org/api/client-go" "github.com/argoproj/argo-cd/v2/applicationset/utils" ) diff --git a/applicationset/utils/clusterUtils.go b/applicationset/utils/clusterUtils.go index 8c44dc1246be5..02fe8f6371a84 100644 --- a/applicationset/utils/clusterUtils.go +++ b/applicationset/utils/clusterUtils.go @@ -2,37 +2,17 @@ package utils import ( "context" - "encoding/json" "fmt" - "strconv" - "strings" "sync" - "time" - - log "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/argoproj/argo-cd/v2/common" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/db" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" - "k8s.io/utils/ptr" ) -// The contents of this file are from -// github.com/argoproj/argo-cd/util/db/cluster.go -// -// The main difference is that ListClusters(...) calls the kubeclient directly, -// via `g.clientset.CoreV1().Secrets`, rather than using the `db.listClusterSecrets()`` -// which appears to have a race condition on when it is called. -// -// I was reminded of this issue that I opened, which might be related: -// https://github.com/argoproj/argo-cd/issues/4755 -// -// I hope to upstream this change in some form, so that we do not need to worry about -// Argo CD changing the logic on us. - var ( localCluster = appv1.Cluster{ Name: "in-cluster", @@ -42,54 +22,6 @@ var ( initLocalCluster sync.Once ) -const ( - ArgoCDSecretTypeLabel = "argocd.argoproj.io/secret-type" - ArgoCDSecretTypeCluster = "cluster" -) - -// ValidateDestination checks: -// if we used destination name we infer the server url -// if we used both name and server then we return an invalid spec error -func ValidateDestination(ctx context.Context, dest *appv1.ApplicationDestination, clientset kubernetes.Interface, argoCDNamespace string) error { - if dest.Name != "" { - if dest.Server == "" { - server, err := getDestinationServer(ctx, dest.Name, clientset, argoCDNamespace) - if err != nil { - return fmt.Errorf("unable to find destination server: %w", err) - } - if server == "" { - return fmt.Errorf("application references destination cluster %s which does not exist", dest.Name) - } - dest.SetInferredServer(server) - } else if !dest.IsServerInferred() { - return fmt.Errorf("application destination can't have both name and server defined: %s %s", dest.Name, dest.Server) - } - } - return nil -} - -func getDestinationServer(ctx context.Context, clusterName string, clientset kubernetes.Interface, argoCDNamespace string) (string, error) { - // settingsMgr := settings.NewSettingsManager(context.TODO(), clientset, namespace) - // argoDB := db.NewDB(namespace, settingsMgr, clientset) - // clusterList, err := argoDB.ListClusters(ctx) - clusterList, err := ListClusters(ctx, clientset, argoCDNamespace) - if err != nil { - return "", err - } - var servers []string - for _, c := range clusterList.Items { - if c.Name == clusterName { - servers = append(servers, c.Server) - } - } - if len(servers) > 1 { - return "", fmt.Errorf("there are %d clusters with the same name: %v", len(servers), servers) - } else if len(servers) == 0 { - return "", fmt.Errorf("there are no clusters with this name: %s", clusterName) - } - return servers[0], nil -} - func ListClusters(ctx context.Context, clientset kubernetes.Interface, namespace string) (*appv1.ClusterList, error) { clusterSecretsList, err := clientset.CoreV1().Secrets(namespace).List(ctx, metav1.ListOptions{LabelSelector: common.LabelKeySecretType + "=" + common.LabelValueSecretTypeCluster}) @@ -109,11 +41,15 @@ func ListClusters(ctx context.Context, clientset kubernetes.Interface, namespace hasInClusterCredentials := false for i, clusterSecret := range clusterSecrets { // This line has changed from the original Argo CD code: now receives an error, and handles it - cluster, err := secretToCluster(&clusterSecret) + cluster, err := db.SecretToCluster(&clusterSecret) if err != nil || cluster == nil { return nil, fmt.Errorf("unable to convert cluster secret to cluster object '%s': %w", clusterSecret.Name, err) } + // db.SecretToCluster populates these, but they're not meant to be available to the caller. + cluster.Labels = nil + cluster.Annotations = nil + clusterList.Items[i] = *cluster if cluster.Server == appv1.KubernetesInternalAPIServerAddr { hasInClusterCredentials = true @@ -150,48 +86,3 @@ func getLocalCluster(clientset kubernetes.Interface) *appv1.Cluster { cluster.ConnectionState.ModifiedAt = &now return cluster } - -// secretToCluster converts a secret into a Cluster object -func secretToCluster(s *corev1.Secret) (*appv1.Cluster, error) { - var config appv1.ClusterConfig - if len(s.Data["config"]) > 0 { - if err := json.Unmarshal(s.Data["config"], &config); err != nil { - // This line has changed from the original Argo CD: now returns an error rather than panicing. - return nil, err - } - } - - var namespaces []string - for _, ns := range strings.Split(string(s.Data["namespaces"]), ",") { - if ns = strings.TrimSpace(ns); ns != "" { - namespaces = append(namespaces, ns) - } - } - var refreshRequestedAt *metav1.Time - if v, found := s.Annotations[appv1.AnnotationKeyRefresh]; found { - requestedAt, err := time.Parse(time.RFC3339, v) - if err != nil { - log.Warnf("Error while parsing date in cluster secret '%s': %v", s.Name, err) - } else { - refreshRequestedAt = &metav1.Time{Time: requestedAt} - } - } - var shard *int64 - if shardStr := s.Data["shard"]; shardStr != nil { - if val, err := strconv.Atoi(string(shardStr)); err != nil { - log.Warnf("Error while parsing shard in cluster secret '%s': %v", s.Name, err) - } else { - shard = ptr.To(int64(val)) - } - } - cluster := appv1.Cluster{ - ID: string(s.UID), - Server: strings.TrimRight(string(s.Data["server"]), "/"), - Name: string(s.Data["name"]), - Namespaces: namespaces, - Config: config, - RefreshRequestedAt: refreshRequestedAt, - Shard: shard, - } - return &cluster, nil -} diff --git a/applicationset/utils/clusterUtils_test.go b/applicationset/utils/clusterUtils_test.go deleted file mode 100644 index fdc316fbc428c..0000000000000 --- a/applicationset/utils/clusterUtils_test.go +++ /dev/null @@ -1,175 +0,0 @@ -package utils - -import ( - "context" - "fmt" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/kubernetes/fake" - kubetesting "k8s.io/client-go/testing" - - argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" -) - -const ( - fakeNamespace = "fake-ns" -) - -// From Argo CD util/db/cluster_test.go -func Test_secretToCluster(t *testing.T) { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "mycluster", - Namespace: fakeNamespace, - }, - Data: map[string][]byte{ - "name": []byte("test"), - "server": []byte("http://mycluster"), - "config": []byte("{\"username\":\"foo\", \"disableCompression\":true}"), - }, - } - cluster, err := secretToCluster(secret) - require.NoError(t, err) - assert.Equal(t, argoappv1.Cluster{ - Name: "test", - Server: "http://mycluster", - Config: argoappv1.ClusterConfig{ - Username: "foo", - DisableCompression: true, - }, - }, *cluster) -} - -// From Argo CD util/db/cluster_test.go -func Test_secretToCluster_NoConfig(t *testing.T) { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "mycluster", - Namespace: fakeNamespace, - }, - Data: map[string][]byte{ - "name": []byte("test"), - "server": []byte("http://mycluster"), - }, - } - cluster, err := secretToCluster(secret) - require.NoError(t, err) - assert.Equal(t, argoappv1.Cluster{ - Name: "test", - Server: "http://mycluster", - }, *cluster) -} - -func createClusterSecret(secretName string, clusterName string, clusterServer string) *corev1.Secret { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: secretName, - Namespace: fakeNamespace, - Labels: map[string]string{ - ArgoCDSecretTypeLabel: ArgoCDSecretTypeCluster, - }, - }, - Data: map[string][]byte{ - "name": []byte(clusterName), - "server": []byte(clusterServer), - "config": []byte("{\"username\":\"foo\",\"password\":\"foo\"}"), - }, - } - - return secret -} - -// From util/argo/argo_test.go -// (ported to use kubeclientset) -func TestValidateDestination(t *testing.T) { - t.Run("Validate destination with server url", func(t *testing.T) { - dest := argoappv1.ApplicationDestination{ - Server: "https://127.0.0.1:6443", - Namespace: "default", - } - - appCond := ValidateDestination(context.Background(), &dest, nil, fakeNamespace) - require.NoError(t, appCond) - assert.False(t, dest.IsServerInferred()) - }) - - t.Run("Validate destination with server name", func(t *testing.T) { - dest := argoappv1.ApplicationDestination{ - Name: "minikube", - } - - secret := createClusterSecret("my-secret", "minikube", "https://127.0.0.1:6443") - objects := []runtime.Object{} - objects = append(objects, secret) - kubeclientset := fake.NewSimpleClientset(objects...) - - appCond := ValidateDestination(context.Background(), &dest, kubeclientset, fakeNamespace) - require.NoError(t, appCond) - assert.Equal(t, "https://127.0.0.1:6443", dest.Server) - assert.True(t, dest.IsServerInferred()) - }) - - t.Run("Error when having both server url and name", func(t *testing.T) { - dest := argoappv1.ApplicationDestination{ - Server: "https://127.0.0.1:6443", - Name: "minikube", - Namespace: "default", - } - - err := ValidateDestination(context.Background(), &dest, nil, fakeNamespace) - assert.Equal(t, "application destination can't have both name and server defined: minikube https://127.0.0.1:6443", err.Error()) - assert.False(t, dest.IsServerInferred()) - }) - - t.Run("List clusters fails", func(t *testing.T) { - dest := argoappv1.ApplicationDestination{ - Name: "minikube", - } - kubeclientset := fake.NewSimpleClientset() - - kubeclientset.PrependReactor("list", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { - return true, nil, fmt.Errorf("an error occurred") - }) - - err := ValidateDestination(context.Background(), &dest, kubeclientset, fakeNamespace) - assert.Equal(t, "unable to find destination server: an error occurred", err.Error()) - assert.False(t, dest.IsServerInferred()) - }) - - t.Run("Destination cluster does not exist", func(t *testing.T) { - dest := argoappv1.ApplicationDestination{ - Name: "minikube", - } - - secret := createClusterSecret("dind", "dind", "https://127.0.0.1:6443") - objects := []runtime.Object{} - objects = append(objects, secret) - kubeclientset := fake.NewSimpleClientset(objects...) - - err := ValidateDestination(context.Background(), &dest, kubeclientset, fakeNamespace) - assert.Equal(t, "unable to find destination server: there are no clusters with this name: minikube", err.Error()) - assert.False(t, dest.IsServerInferred()) - }) - - t.Run("Validate too many clusters with the same name", func(t *testing.T) { - dest := argoappv1.ApplicationDestination{ - Name: "dind", - } - - secret := createClusterSecret("dind", "dind", "https://127.0.0.1:2443") - secret2 := createClusterSecret("dind2", "dind", "https://127.0.0.1:8443") - - objects := []runtime.Object{} - objects = append(objects, secret, secret2) - kubeclientset := fake.NewSimpleClientset(objects...) - - err := ValidateDestination(context.Background(), &dest, kubeclientset, fakeNamespace) - assert.Equal(t, "unable to find destination server: there are 2 clusters with the same name: [https://127.0.0.1:2443 https://127.0.0.1:8443]", err.Error()) - assert.False(t, dest.IsServerInferred()) - }) -} diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go index 5c78001a1deba..a886cba7c47ef 100644 --- a/applicationset/webhook/webhook.go +++ b/applicationset/webhook/webhook.go @@ -164,7 +164,7 @@ func (h *WebhookHandler) Handler(w http.ResponseWriter, r *http.Request) { case r.Header.Get("X-GitHub-Event") != "": payload, err = h.github.Parse(r, github.PushEvent, github.PullRequestEvent, github.PingEvent) case r.Header.Get("X-Gitlab-Event") != "": - payload, err = h.gitlab.Parse(r, gitlab.PushEvents, gitlab.TagEvents, gitlab.MergeRequestEvents) + payload, err = h.gitlab.Parse(r, gitlab.PushEvents, gitlab.TagEvents, gitlab.MergeRequestEvents, gitlab.SystemHookEvents) case r.Header.Get("X-Vss-Activityid") != "": payload, err = h.azuredevops.Parse(r, azuredevops.GitPushEventType, azuredevops.GitPullRequestCreatedEventType, azuredevops.GitPullRequestUpdatedEventType, azuredevops.GitPullRequestMergedEventType) default: @@ -179,7 +179,7 @@ func (h *WebhookHandler) Handler(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { status = http.StatusMethodNotAllowed } - http.Error(w, fmt.Sprintf("Webhook processing failed: %s", html.EscapeString(err.Error())), status) + http.Error(w, "Webhook processing failed: "+html.EscapeString(err.Error()), status) return } diff --git a/applicationset/webhook/webhook_test.go b/applicationset/webhook/webhook_test.go index 33a8d134ea76d..c8715e57776e0 100644 --- a/applicationset/webhook/webhook_test.go +++ b/applicationset/webhook/webhook_test.go @@ -103,6 +103,15 @@ func TestWebhookHandler(t *testing.T) { expectedStatusCode: http.StatusOK, expectedRefresh: true, }, + { + desc: "WebHook from a System Hook via Commit", + headerKey: "X-Gitlab-Event", + headerValue: "System Hook", + payloadFile: "gitlab-event.json", + effectedAppSets: []string{"git-gitlab", "plugin", "matrix-pull-request-github-plugin"}, + expectedStatusCode: http.StatusOK, + expectedRefresh: true, + }, { desc: "WebHook with an unknown event", headerKey: "X-Random-Event", diff --git a/assets/builtin-policy.csv b/assets/builtin-policy.csv index 81c8ca5092cb4..28f565260d88d 100644 --- a/assets/builtin-policy.csv +++ b/assets/builtin-policy.csv @@ -10,6 +10,7 @@ p, role:readonly, applications, get, */*, allow p, role:readonly, certificates, get, *, allow p, role:readonly, clusters, get, *, allow p, role:readonly, repositories, get, *, allow +p, role:readonly, write-repositories, get, *, allow p, role:readonly, projects, get, *, allow p, role:readonly, accounts, get, *, allow p, role:readonly, gpgkeys, get, *, allow @@ -34,6 +35,9 @@ p, role:admin, clusters, delete, *, allow p, role:admin, repositories, create, *, allow p, role:admin, repositories, update, *, allow p, role:admin, repositories, delete, *, allow +p, role:admin, write-repositories, create, *, allow +p, role:admin, write-repositories, update, *, allow +p, role:admin, write-repositories, delete, *, allow p, role:admin, projects, create, *, allow p, role:admin, projects, update, *, allow p, role:admin, projects, delete, *, allow diff --git a/assets/swagger.json b/assets/swagger.json index 157baf3b774a9..9436a6a6f4c08 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -1990,6 +1990,39 @@ } } }, + "/api/v1/applicationsets/generate": { + "post": { + "tags": [ + "ApplicationSetService" + ], + "summary": "Generate generates", + "operationId": "ApplicationSetService_Generate", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/applicationsetApplicationSetGenerateRequest" + } + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/applicationsetApplicationSetGenerateResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, "/api/v1/applicationsets/{name}": { "get": { "tags": [ @@ -3893,21 +3926,539 @@ "$ref": "#/definitions/runtimeError" } } - } - } - }, - "/api/v1/settings/plugins": { - "get": { - "tags": [ - "SettingsService" + } + } + }, + "/api/v1/settings/plugins": { + "get": { + "tags": [ + "SettingsService" + ], + "summary": "Get returns Argo CD plugins", + "operationId": "SettingsService_GetPlugins", + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/clusterSettingsPluginsResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, + "/api/v1/stream/applications": { + "get": { + "tags": [ + "ApplicationService" + ], + "summary": "Watch returns stream of application change events", + "operationId": "ApplicationService_Watch", + "parameters": [ + { + "type": "string", + "description": "the application's name.", + "name": "name", + "in": "query" + }, + { + "type": "string", + "description": "forces application reconciliation if set to 'hard'.", + "name": "refresh", + "in": "query" + }, + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "the project names to restrict returned list applications.", + "name": "projects", + "in": "query" + }, + { + "type": "string", + "description": "when specified with a watch call, shows changes that occur after that particular version of a resource.", + "name": "resourceVersion", + "in": "query" + }, + { + "type": "string", + "description": "the selector to restrict returned list to applications only with matched labels.", + "name": "selector", + "in": "query" + }, + { + "type": "string", + "description": "the repoURL to restrict returned list applications.", + "name": "repo", + "in": "query" + }, + { + "type": "string", + "description": "the application's namespace.", + "name": "appNamespace", + "in": "query" + }, + { + "type": "array", + "items": { + "type": "string" + }, + "collectionFormat": "multi", + "description": "the project names to restrict returned list applications (legacy name for backwards-compatibility).", + "name": "project", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.(streaming responses)", + "schema": { + "type": "object", + "title": "Stream result of v1alpha1ApplicationWatchEvent", + "properties": { + "error": { + "$ref": "#/definitions/runtimeStreamError" + }, + "result": { + "$ref": "#/definitions/v1alpha1ApplicationWatchEvent" + } + } + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, + "/api/v1/stream/applications/{applicationName}/resource-tree": { + "get": { + "tags": [ + "ApplicationService" + ], + "summary": "Watch returns stream of application resource tree", + "operationId": "ApplicationService_WatchResourceTree", + "parameters": [ + { + "type": "string", + "name": "applicationName", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "namespace", + "in": "query" + }, + { + "type": "string", + "name": "name", + "in": "query" + }, + { + "type": "string", + "name": "version", + "in": "query" + }, + { + "type": "string", + "name": "group", + "in": "query" + }, + { + "type": "string", + "name": "kind", + "in": "query" + }, + { + "type": "string", + "name": "appNamespace", + "in": "query" + }, + { + "type": "string", + "name": "project", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.(streaming responses)", + "schema": { + "type": "object", + "title": "Stream result of v1alpha1ApplicationTree", + "properties": { + "error": { + "$ref": "#/definitions/runtimeStreamError" + }, + "result": { + "$ref": "#/definitions/v1alpha1ApplicationTree" + } + } + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, + "/api/v1/write-repocreds": { + "get": { + "tags": [ + "RepoCredsService" + ], + "summary": "ListWriteRepositoryCredentials gets a list of all configured repository credential sets that have write access", + "operationId": "RepoCredsService_ListWriteRepositoryCredentials", + "parameters": [ + { + "type": "string", + "description": "Repo URL for query.", + "name": "url", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1alpha1RepoCredsList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + }, + "post": { + "tags": [ + "RepoCredsService" + ], + "summary": "CreateWriteRepositoryCredentials creates a new repository credential set with write access", + "operationId": "RepoCredsService_CreateWriteRepositoryCredentials", + "parameters": [ + { + "description": "Repository definition", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1alpha1RepoCreds" + } + }, + { + "type": "boolean", + "description": "Whether to create in upsert mode.", + "name": "upsert", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1alpha1RepoCreds" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, + "/api/v1/write-repocreds/{creds.url}": { + "put": { + "tags": [ + "RepoCredsService" + ], + "summary": "UpdateWriteRepositoryCredentials updates a repository credential set with write access", + "operationId": "RepoCredsService_UpdateWriteRepositoryCredentials", + "parameters": [ + { + "type": "string", + "description": "URL is the URL to which these credentials match", + "name": "creds.url", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1alpha1RepoCreds" + } + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1alpha1RepoCreds" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, + "/api/v1/write-repocreds/{url}": { + "delete": { + "tags": [ + "RepoCredsService" + ], + "summary": "DeleteWriteRepositoryCredentials deletes a repository credential set with write access from the configuration", + "operationId": "RepoCredsService_DeleteWriteRepositoryCredentials", + "parameters": [ + { + "type": "string", + "name": "url", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/repocredsRepoCredsResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, + "/api/v1/write-repositories": { + "get": { + "tags": [ + "RepositoryService" + ], + "summary": "ListWriteRepositories gets a list of all configured write repositories", + "operationId": "RepositoryService_ListWriteRepositories", + "parameters": [ + { + "type": "string", + "description": "Repo URL for query.", + "name": "repo", + "in": "query" + }, + { + "type": "boolean", + "description": "Whether to force a cache refresh on repo's connection state.", + "name": "forceRefresh", + "in": "query" + }, + { + "type": "string", + "description": "App project for query.", + "name": "appProject", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1alpha1RepositoryList" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + }, + "post": { + "tags": [ + "RepositoryService" + ], + "summary": "CreateWriteRepository creates a new write repository configuration", + "operationId": "RepositoryService_CreateWriteRepository", + "parameters": [ + { + "description": "Repository definition", + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1alpha1Repository" + } + }, + { + "type": "boolean", + "description": "Whether to create in upsert mode.", + "name": "upsert", + "in": "query" + }, + { + "type": "boolean", + "description": "Whether to operate on credential set instead of repository.", + "name": "credsOnly", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1alpha1Repository" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, + "/api/v1/write-repositories/{repo.repo}": { + "put": { + "tags": [ + "RepositoryService" + ], + "summary": "UpdateWriteRepository updates a write repository configuration", + "operationId": "RepositoryService_UpdateWriteRepository", + "parameters": [ + { + "type": "string", + "description": "Repo contains the URL to the remote repository", + "name": "repo.repo", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/v1alpha1Repository" + } + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1alpha1Repository" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, + "/api/v1/write-repositories/{repo}": { + "get": { + "tags": [ + "RepositoryService" + ], + "summary": "GetWrite returns a repository or its write credentials", + "operationId": "RepositoryService_GetWrite", + "parameters": [ + { + "type": "string", + "description": "Repo URL for query", + "name": "repo", + "in": "path", + "required": true + }, + { + "type": "boolean", + "description": "Whether to force a cache refresh on repo's connection state.", + "name": "forceRefresh", + "in": "query" + }, + { + "type": "string", + "description": "App project for query.", + "name": "appProject", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1alpha1Repository" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + }, + "delete": { + "tags": [ + "RepositoryService" + ], + "summary": "DeleteWriteRepository deletes a write repository from the configuration", + "operationId": "RepositoryService_DeleteWriteRepository", + "parameters": [ + { + "type": "string", + "description": "Repo URL for query", + "name": "repo", + "in": "path", + "required": true + }, + { + "type": "boolean", + "description": "Whether to force a cache refresh on repo's connection state.", + "name": "forceRefresh", + "in": "query" + }, + { + "type": "string", + "description": "App project for query.", + "name": "appProject", + "in": "query" + } ], - "summary": "Get returns Argo CD plugins", - "operationId": "SettingsService_GetPlugins", "responses": { "200": { "description": "A successful response.", "schema": { - "$ref": "#/definitions/clusterSettingsPluginsResponse" + "$ref": "#/definitions/repositoryRepoResponse" } }, "default": { @@ -3919,160 +4470,140 @@ } } }, - "/api/v1/stream/applications": { - "get": { + "/api/v1/write-repositories/{repo}/validate": { + "post": { "tags": [ - "ApplicationService" + "RepositoryService" ], - "summary": "Watch returns stream of application change events", - "operationId": "ApplicationService_Watch", + "summary": "ValidateWriteAccess validates write access to a repository with given parameters", + "operationId": "RepositoryService_ValidateWriteAccess", "parameters": [ { "type": "string", - "description": "the application's name.", - "name": "name", + "description": "The URL to the repo", + "name": "repo", + "in": "path", + "required": true + }, + { + "description": "The URL to the repo", + "name": "body", + "in": "body", + "required": true, + "schema": { + "type": "string" + } + }, + { + "type": "string", + "description": "Username for accessing repo.", + "name": "username", "in": "query" }, { "type": "string", - "description": "forces application reconciliation if set to 'hard'.", - "name": "refresh", + "description": "Password for accessing repo.", + "name": "password", "in": "query" }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "the project names to restrict returned list applications.", - "name": "projects", + "type": "string", + "description": "Private key data for accessing SSH repository.", + "name": "sshPrivateKey", + "in": "query" + }, + { + "type": "boolean", + "description": "Whether to skip certificate or host key validation.", + "name": "insecure", "in": "query" }, { "type": "string", - "description": "when specified with a watch call, shows changes that occur after that particular version of a resource.", - "name": "resourceVersion", + "description": "TLS client cert data for accessing HTTPS repository.", + "name": "tlsClientCertData", "in": "query" }, { "type": "string", - "description": "the selector to restrict returned list to applications only with matched labels.", - "name": "selector", + "description": "TLS client cert key for accessing HTTPS repository.", + "name": "tlsClientCertKey", "in": "query" }, { "type": "string", - "description": "the repoURL to restrict returned list applications.", - "name": "repo", + "description": "The type of the repo.", + "name": "type", "in": "query" }, { "type": "string", - "description": "the application's namespace.", - "name": "appNamespace", + "description": "The name of the repo.", + "name": "name", "in": "query" }, { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "the project names to restrict returned list applications (legacy name for backwards-compatibility).", - "name": "project", + "type": "boolean", + "description": "Whether helm-oci support should be enabled for this repo.", + "name": "enableOci", "in": "query" - } - ], - "responses": { - "200": { - "description": "A successful response.(streaming responses)", - "schema": { - "type": "object", - "title": "Stream result of v1alpha1ApplicationWatchEvent", - "properties": { - "error": { - "$ref": "#/definitions/runtimeStreamError" - }, - "result": { - "$ref": "#/definitions/v1alpha1ApplicationWatchEvent" - } - } - } }, - "default": { - "description": "An unexpected error response.", - "schema": { - "$ref": "#/definitions/runtimeError" - } - } - } - } - }, - "/api/v1/stream/applications/{applicationName}/resource-tree": { - "get": { - "tags": [ - "ApplicationService" - ], - "summary": "Watch returns stream of application resource tree", - "operationId": "ApplicationService_WatchResourceTree", - "parameters": [ { "type": "string", - "name": "applicationName", - "in": "path", - "required": true + "description": "Github App Private Key PEM data.", + "name": "githubAppPrivateKey", + "in": "query" }, { "type": "string", - "name": "namespace", + "format": "int64", + "description": "Github App ID of the app used to access the repo.", + "name": "githubAppID", "in": "query" }, { "type": "string", - "name": "name", + "format": "int64", + "description": "Github App Installation ID of the installed GitHub App.", + "name": "githubAppInstallationID", "in": "query" }, { "type": "string", - "name": "version", + "description": "Github App Enterprise base url if empty will default to https://api.github.com.", + "name": "githubAppEnterpriseBaseUrl", "in": "query" }, { "type": "string", - "name": "group", + "description": "HTTP/HTTPS proxy to access the repository.", + "name": "proxy", "in": "query" }, { "type": "string", - "name": "kind", + "description": "Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity.", + "name": "project", "in": "query" }, { "type": "string", - "name": "appNamespace", + "description": "Google Cloud Platform service account key.", + "name": "gcpServiceAccountKey", "in": "query" }, { - "type": "string", - "name": "project", + "type": "boolean", + "description": "Whether to force HTTP basic auth.", + "name": "forceHttpBasicAuth", "in": "query" } ], "responses": { "200": { - "description": "A successful response.(streaming responses)", + "description": "A successful response.", "schema": { - "type": "object", - "title": "Stream result of v1alpha1ApplicationTree", - "properties": { - "error": { - "$ref": "#/definitions/runtimeStreamError" - }, - "result": { - "$ref": "#/definitions/v1alpha1ApplicationTree" - } - } + "$ref": "#/definitions/repositoryRepoResponse" } }, "default": { @@ -4691,6 +5222,12 @@ "clusterSettings": { "type": "object", "properties": { + "additionalUrls": { + "type": "array", + "items": { + "type": "string" + } + }, "appLabelKey": { "type": "string" }, @@ -4719,6 +5256,9 @@ "help": { "$ref": "#/definitions/clusterHelp" }, + "hydratorEnabled": { + "type": "boolean" + }, "impersonationEnabled": { "type": "boolean" }, @@ -6624,6 +7164,10 @@ "type": "boolean", "title": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)" }, + "skipSchemaValidation": { + "type": "boolean", + "title": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)" + }, "skipTests": { "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", "type": "boolean" @@ -6847,6 +7391,9 @@ "source": { "$ref": "#/definitions/v1alpha1ApplicationSource" }, + "sourceHydrator": { + "$ref": "#/definitions/v1alpha1SourceHydrator" + }, "sources": { "type": "array", "title": "Sources is a reference to the location of the application's manifests or chart", @@ -6904,6 +7451,9 @@ "$ref": "#/definitions/applicationv1alpha1ResourceStatus" } }, + "sourceHydrator": { + "$ref": "#/definitions/v1alpha1SourceHydratorStatus" + }, "sourceType": { "type": "string", "title": "SourceType specifies the type of this application" @@ -7331,6 +7881,24 @@ } } }, + "v1alpha1DrySource": { + "description": "DrySource specifies a location for dry \"don't repeat yourself\" manifest source information.", + "type": "object", + "properties": { + "path": { + "type": "string", + "title": "Path is a directory path within the Git repository where the manifests are located" + }, + "repoURL": { + "type": "string", + "title": "RepoURL is the URL to the git repository that contains the application manifests" + }, + "targetRevision": { + "type": "string", + "title": "TargetRevision defines the revision of the source to hydrate" + } + } + }, "v1alpha1DuckTypeGenerator": { "description": "DuckType defines a generator to match against clusters registered with ArgoCD.", "type": "object", @@ -7501,6 +8069,9 @@ "type": "object", "title": "HealthStatus contains information about the currently observed health state of an application or resource", "properties": { + "lastTransitionTime": { + "$ref": "#/definitions/v1Time" + }, "message": { "type": "string", "title": "Message is a human-readable informational message describing the health status" @@ -7582,6 +8153,47 @@ } } }, + "v1alpha1HydrateOperation": { + "type": "object", + "title": "HydrateOperation contains information about the most recent hydrate operation", + "properties": { + "drySHA": { + "type": "string", + "title": "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation" + }, + "finishedAt": { + "$ref": "#/definitions/v1Time" + }, + "hydratedSHA": { + "type": "string", + "title": "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation" + }, + "message": { + "type": "string", + "title": "Message contains a message describing the current status of the hydrate operation" + }, + "phase": { + "type": "string", + "title": "Phase indicates the status of the hydrate operation" + }, + "sourceHydrator": { + "$ref": "#/definitions/v1alpha1SourceHydrator" + }, + "startedAt": { + "$ref": "#/definitions/v1Time" + } + } + }, + "v1alpha1HydrateTo": { + "description": "HydrateTo specifies a location to which hydrated manifests should be pushed as a \"staging area\" before being moved to\nthe SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator.", + "type": "object", + "properties": { + "targetBranch": { + "type": "string", + "title": "TargetBranch is the branch to which hydrated manifests should be committed" + } + } + }, "v1alpha1Info": { "type": "object", "properties": { @@ -9189,6 +9801,50 @@ } } }, + "v1alpha1SourceHydrator": { + "description": "SourceHydrator specifies a dry \"don't repeat yourself\" source for manifests, a sync source from which to sync\nhydrated manifests, and an optional hydrateTo location to act as a \"staging\" aread for hydrated manifests.", + "type": "object", + "properties": { + "drySource": { + "$ref": "#/definitions/v1alpha1DrySource" + }, + "hydrateTo": { + "$ref": "#/definitions/v1alpha1HydrateTo" + }, + "syncSource": { + "$ref": "#/definitions/v1alpha1SyncSource" + } + } + }, + "v1alpha1SourceHydratorStatus": { + "type": "object", + "title": "SourceHydratorStatus contains information about the current state of source hydration", + "properties": { + "currentOperation": { + "$ref": "#/definitions/v1alpha1HydrateOperation" + }, + "lastSuccessfulOperation": { + "$ref": "#/definitions/v1alpha1SuccessfulHydrateOperation" + } + } + }, + "v1alpha1SuccessfulHydrateOperation": { + "type": "object", + "title": "SuccessfulHydrateOperation contains information about the most recent successful hydrate operation", + "properties": { + "drySHA": { + "type": "string", + "title": "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation" + }, + "hydratedSHA": { + "type": "string", + "title": "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation" + }, + "sourceHydrator": { + "$ref": "#/definitions/v1alpha1SourceHydrator" + } + } + }, "v1alpha1SyncOperation": { "description": "SyncOperation contains details about a sync operation.", "type": "object", @@ -9348,6 +10004,20 @@ } } }, + "v1alpha1SyncSource": { + "description": "SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the\nassociated DrySource config in the SourceHydrator.", + "type": "object", + "properties": { + "path": { + "description": "Path is a directory path within the git repository where hydrated manifests should be committed to and synced\nfrom. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.", + "type": "string" + }, + "targetBranch": { + "type": "string", + "title": "TargetBranch is the branch to which hydrated manifests should be committed" + } + } + }, "v1alpha1SyncStatus": { "type": "object", "title": "SyncStatus contains information about the currently observed live and desired states of an application", diff --git a/cmd/argocd-application-controller/commands/argocd_application_controller.go b/cmd/argocd-application-controller/commands/argocd_application_controller.go index 0468e4fd473dc..ec364baf5b9b7 100644 --- a/cmd/argocd-application-controller/commands/argocd_application_controller.go +++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go @@ -6,6 +6,7 @@ import ( "math" "os" "os/signal" + "runtime/debug" "syscall" "time" @@ -18,6 +19,7 @@ import ( "k8s.io/client-go/tools/clientcmd" cmdutil "github.com/argoproj/argo-cd/v2/cmd/util" + commitclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/controller" "github.com/argoproj/argo-cd/v2/controller/sharding" @@ -57,10 +59,12 @@ func NewCommand() *cobra.Command { repoErrorGracePeriod int64 repoServerAddress string repoServerTimeoutSeconds int + commitServerAddress string selfHealTimeoutSeconds int selfHealBackoffTimeoutSeconds int selfHealBackoffFactor int selfHealBackoffCapSeconds int + syncTimeout int statusProcessors int operationProcessors int glogLevel int @@ -85,7 +89,8 @@ func NewCommand() *cobra.Command { ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts // argocd k8s event logging flag - enableK8sEvent []string + enableK8sEvent []string + hydratorEnabled bool ) command := cobra.Command{ Use: cliName, @@ -110,6 +115,13 @@ func NewCommand() *cobra.Command { cli.SetLogLevel(cmdutil.LogLevel) cli.SetGLogLevel(glogLevel) + // Recover from panic and log the error using the configured logger instead of the default. + defer func() { + if r := recover(); r != nil { + log.WithField("trace", string(debug.Stack())).Fatal("Recovered from panic: ", r) + } + }() + config, err := clientConfig.ClientConfig() errors.CheckError(err) errors.CheckError(v1alpha1.SetK8SConfigDefaults(config)) @@ -137,8 +149,8 @@ func NewCommand() *cobra.Command { // repository server, if strict TLS validation was requested. if !repoServerPlaintext && repoServerStrictTLS { pool, err := tls.LoadX509CertPool( - fmt.Sprintf("%s/controller/tls/tls.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), - fmt.Sprintf("%s/controller/tls/ca.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/controller/tls/tls.crt", + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/controller/tls/ca.crt", ) if err != nil { log.Fatalf("%v", err) @@ -148,6 +160,8 @@ func NewCommand() *cobra.Command { repoClientset := apiclient.NewRepoServerClientset(repoServerAddress, repoServerTimeoutSeconds, tlsConfig) + commitClientset := commitclient.NewCommitServerClientset(commitServerAddress) + cache, err := cacheSource() errors.CheckError(err) cache.Cache.SetClient(cacheutil.NewTwoLevelClient(cache.Cache.GetClient(), 10*time.Minute)) @@ -174,6 +188,7 @@ func NewCommand() *cobra.Command { kubeClient, appClient, repoClientset, + commitClientset, cache, kubectl, resyncDuration, @@ -181,6 +196,7 @@ func NewCommand() *cobra.Command { time.Duration(appResyncJitter)*time.Second, time.Duration(selfHealTimeoutSeconds)*time.Second, selfHealBackoff, + time.Duration(syncTimeout)*time.Second, time.Duration(repoErrorGracePeriod)*time.Second, metricsPort, metricsCacheExpiration, @@ -195,9 +211,10 @@ func NewCommand() *cobra.Command { enableDynamicClusterDistribution, ignoreNormalizerOpts, enableK8sEvent, + hydratorEnabled, ) errors.CheckError(err) - cacheutil.CollectMetrics(redisClient, appController.GetMetricsServer()) + cacheutil.CollectMetrics(redisClient, appController.GetMetricsServer(), nil) stats.RegisterStackDumper() stats.StartStatsTicker(10 * time.Minute) @@ -237,6 +254,7 @@ func NewCommand() *cobra.Command { command.Flags().Int64Var(&repoErrorGracePeriod, "repo-error-grace-period-seconds", int64(env.ParseDurationFromEnv("ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS", defaultAppResyncPeriod*time.Second, 0, math.MaxInt64).Seconds()), "Grace period in seconds for ignoring consecutive errors while communicating with repo server.") command.Flags().StringVar(&repoServerAddress, "repo-server", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER", common.DefaultRepoServerAddr), "Repo server address.") command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.") + command.Flags().StringVar(&commitServerAddress, "commit-server", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER", common.DefaultCommitServerAddr), "Commit server address.") command.Flags().IntVar(&statusProcessors, "status-processors", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS", 20, 0, math.MaxInt32), "Number of application status processors") command.Flags().IntVar(&operationProcessors, "operation-processors", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS", 10, 0, math.MaxInt32), "Number of application operation processors") command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") @@ -248,6 +266,7 @@ func NewCommand() *cobra.Command { command.Flags().IntVar(&selfHealBackoffTimeoutSeconds, "self-heal-backoff-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS", 2, 0, math.MaxInt32), "Specifies initial timeout of exponential backoff between self heal attempts") command.Flags().IntVar(&selfHealBackoffFactor, "self-heal-backoff-factor", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR", 3, 0, math.MaxInt32), "Specifies factor of exponential timeout between application self heal attempts") command.Flags().IntVar(&selfHealBackoffCapSeconds, "self-heal-backoff-cap-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS", 300, 0, math.MaxInt32), "Specifies max timeout of exponential backoff between application self heal attempts") + command.Flags().IntVar(&syncTimeout, "sync-timeout", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT", 0, 0, math.MaxInt32), "Specifies the timeout after which a sync would be terminated. 0 means no timeout (default 0).") command.Flags().Int64Var(&kubectlParallelismLimit, "kubectl-parallelism-limit", env.ParseInt64FromEnv("ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT", 20, 0, math.MaxInt64), "Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit.") command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Disable TLS on connections to repo server") command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server") @@ -274,7 +293,7 @@ func NewCommand() *cobra.Command { command.Flags().DurationVar(&ignoreNormalizerOpts.JQExecutionTimeout, "ignore-normalizer-jq-execution-timeout-seconds", env.ParseDurationFromEnv("ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT", 0*time.Second, 0, math.MaxInt64), "Set ignore normalizer JQ execution timeout") // argocd k8s event logging flag command.Flags().StringSliceVar(&enableK8sEvent, "enable-k8s-event", env.StringsFromEnv("ARGOCD_ENABLE_K8S_EVENT", argo.DefaultEnableEventList(), ","), "Enable ArgoCD to use k8s event. For disabling all events, set the value as `none`. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated)") - + command.Flags().BoolVar(&hydratorEnabled, "hydrator-enabled", env.ParseBoolFromEnv("ARGOCD_HYDRATOR_ENABLED", false), "Feature flag to enable Hydrator. Default (\"false\")") cacheSource = appstatecache.AddCacheFlagsToCmd(&command, cacheutil.Options{ OnClientCreated: func(client *redis.Client) { redisClient = client diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index a47aa7c611074..efa7789081824 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -5,6 +5,7 @@ import ( "math" "net/http" "os" + "runtime/debug" "time" "github.com/argoproj/pkg/stats" @@ -102,6 +103,13 @@ func NewCommand() *cobra.Command { ctrl.SetLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())) + // Recover from panic and log the error using the configured logger instead of the default. + defer func() { + if r := recover(); r != nil { + log.WithField("trace", string(debug.Stack())).Fatal("Recovered from panic: ", r) + } + }() + restConfig, err := clientConfig.ClientConfig() errors.CheckError(err) @@ -175,8 +183,8 @@ func NewCommand() *cobra.Command { if !repoServerPlaintext && repoServerStrictTLS { pool, err := tls.LoadX509CertPool( - fmt.Sprintf("%s/reposerver/tls/tls.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), - fmt.Sprintf("%s/reposerver/tls/ca.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/reposerver/tls/tls.crt", + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/reposerver/tls/ca.crt", ) errors.CheckError(err) tlsConfig.Certificates = pool diff --git a/cmd/argocd-cmp-server/commands/argocd_cmp_server.go b/cmd/argocd-cmp-server/commands/argocd_cmp_server.go index 197f52e01ade7..9d1894695f5af 100644 --- a/cmd/argocd-cmp-server/commands/argocd_cmp_server.go +++ b/cmd/argocd-cmp-server/commands/argocd_cmp_server.go @@ -1,6 +1,7 @@ package commands import ( + "runtime/debug" "time" "github.com/argoproj/pkg/stats" @@ -44,6 +45,13 @@ func NewCommand() *cobra.Command { cli.SetLogFormat(cmdutil.LogFormat) cli.SetLogLevel(cmdutil.LogLevel) + // Recover from panic and log the error using the configured logger instead of the default. + defer func() { + if r := recover(); r != nil { + log.WithField("trace", string(debug.Stack())).Fatal("Recovered from panic: ", r) + } + }() + config, err := plugin.ReadPluginConfig(configFilePath) errors.CheckError(err) diff --git a/cmd/argocd-commit-server/commands/argocd_commit_server.go b/cmd/argocd-commit-server/commands/argocd_commit_server.go new file mode 100644 index 0000000000000..5c07bc0c1469c --- /dev/null +++ b/cmd/argocd-commit-server/commands/argocd_commit_server.go @@ -0,0 +1,117 @@ +package commands + +import ( + "fmt" + "net" + "net/http" + "os" + "os/signal" + "sync" + "syscall" + + log "github.com/sirupsen/logrus" + "github.com/spf13/cobra" + "google.golang.org/grpc/health/grpc_health_v1" + + cmdutil "github.com/argoproj/argo-cd/v2/cmd/util" + "github.com/argoproj/argo-cd/v2/commitserver" + "github.com/argoproj/argo-cd/v2/commitserver/apiclient" + "github.com/argoproj/argo-cd/v2/commitserver/metrics" + "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/util/askpass" + "github.com/argoproj/argo-cd/v2/util/cli" + "github.com/argoproj/argo-cd/v2/util/env" + "github.com/argoproj/argo-cd/v2/util/errors" + "github.com/argoproj/argo-cd/v2/util/healthz" + ioutil "github.com/argoproj/argo-cd/v2/util/io" +) + +// NewCommand returns a new instance of an argocd-commit-server command +func NewCommand() *cobra.Command { + var ( + listenHost string + listenPort int + metricsPort int + metricsHost string + ) + command := &cobra.Command{ + Use: "argocd-commit-server", + Short: "Run Argo CD Commit Server", + Long: "Argo CD Commit Server is an internal service which commits and pushes hydrated manifests to git. This command runs Commit Server in the foreground.", + RunE: func(cmd *cobra.Command, args []string) error { + vers := common.GetVersion() + vers.LogStartupInfo( + "Argo CD Commit Server", + map[string]any{ + "port": listenPort, + }, + ) + + cli.SetLogFormat(cmdutil.LogFormat) + cli.SetLogLevel(cmdutil.LogLevel) + + metricsServer := metrics.NewMetricsServer() + http.Handle("/metrics", metricsServer.GetHandler()) + go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf("%s:%d", metricsHost, metricsPort), nil)) }() + + askPassServer := askpass.NewServer(askpass.CommitServerSocketPath) + go func() { errors.CheckError(askPassServer.Run()) }() + + server := commitserver.NewServer(askPassServer, metricsServer) + grpc := server.CreateGRPC() + + listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", listenHost, listenPort)) + errors.CheckError(err) + + healthz.ServeHealthCheck(http.DefaultServeMux, func(r *http.Request) error { + if val, ok := r.URL.Query()["full"]; ok && len(val) > 0 && val[0] == "true" { + // connect to itself to make sure commit server is able to serve connection + // used by liveness probe to auto restart commit server + conn, err := apiclient.NewConnection(fmt.Sprintf("localhost:%d", listenPort)) + if err != nil { + return err + } + defer ioutil.Close(conn) + client := grpc_health_v1.NewHealthClient(conn) + res, err := client.Check(r.Context(), &grpc_health_v1.HealthCheckRequest{}) + if err != nil { + return err + } + if res.Status != grpc_health_v1.HealthCheckResponse_SERVING { + return fmt.Errorf("grpc health check status is '%v'", res.Status) + } + return nil + } + return nil + }) + + // Graceful shutdown code adapted from here: https://gist.github.com/embano1/e0bf49d24f1cdd07cffad93097c04f0a + sigCh := make(chan os.Signal, 1) + signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM) + wg := sync.WaitGroup{} + wg.Add(1) + go func() { + s := <-sigCh + log.Printf("got signal %v, attempting graceful shutdown", s) + grpc.GracefulStop() + wg.Done() + }() + + log.Println("starting grpc server") + err = grpc.Serve(listener) + errors.CheckError(err) + wg.Wait() + log.Println("clean shutdown") + + return nil + }, + } + command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") + command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") + command.Flags().StringVar(&listenHost, "address", env.StringFromEnv("ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS", common.DefaultAddressCommitServer), "Listen on given address for incoming connections") + command.Flags().IntVar(&listenPort, "port", common.DefaultPortCommitServer, "Listen on given port for incoming connections") + command.Flags().StringVar(&metricsHost, "metrics-address", env.StringFromEnv("ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS", common.DefaultAddressCommitServerMetrics), "Listen on given address for metrics") + command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortCommitServerMetrics, "Start metrics server on given port") + + return command +} diff --git a/cmd/argocd-dex/commands/argocd_dex.go b/cmd/argocd-dex/commands/argocd_dex.go index 43efbbb050dd5..f674266738944 100644 --- a/cmd/argocd-dex/commands/argocd_dex.go +++ b/cmd/argocd-dex/commands/argocd_dex.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "os/exec" + "runtime/debug" "syscall" "github.com/argoproj/argo-cd/v2/common" @@ -66,6 +67,14 @@ func NewRunDexCommand() *cobra.Command { cli.SetLogFormat(cmdutil.LogFormat) cli.SetLogLevel(cmdutil.LogLevel) + + // Recover from panic and log the error using the configured logger instead of the default. + defer func() { + if r := recover(); r != nil { + log.WithField("trace", string(debug.Stack())).Fatal("Recovered from panic: ", r) + } + }() + _, err = exec.LookPath("dex") errors.CheckError(err) config, err := clientConfig.ClientConfig() diff --git a/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go b/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go index 0b9d05787a6e1..73673e977b883 100644 --- a/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go +++ b/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go @@ -9,7 +9,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" - "github.com/argoproj/argo-cd/v2/reposerver/askpass" + "github.com/argoproj/argo-cd/v2/util/askpass" "github.com/argoproj/argo-cd/v2/util/errors" grpc_util "github.com/argoproj/argo-cd/v2/util/grpc" "github.com/argoproj/argo-cd/v2/util/io" diff --git a/cmd/argocd-notification/commands/controller.go b/cmd/argocd-notification/commands/controller.go index 7245a0b75a667..152dab6a078f3 100644 --- a/cmd/argocd-notification/commands/controller.go +++ b/cmd/argocd-notification/commands/controller.go @@ -6,6 +6,7 @@ import ( "net/http" "os" "os/signal" + "runtime/debug" "strings" "sync" "syscall" @@ -115,14 +116,21 @@ func NewCommand() *cobra.Command { return fmt.Errorf("unknown log format '%s'", logFormat) } + // Recover from panic and log the error using the configured logger instead of the default. + defer func() { + if r := recover(); r != nil { + log.WithField("trace", string(debug.Stack())).Fatal("Recovered from panic: ", r) + } + }() + tlsConfig := apiclient.TLSConfiguration{ DisableTLS: argocdRepoServerPlaintext, StrictValidation: argocdRepoServerStrictTLS, } if !tlsConfig.DisableTLS && tlsConfig.StrictValidation { pool, err := tls.LoadX509CertPool( - fmt.Sprintf("%s/reposerver/tls/tls.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), - fmt.Sprintf("%s/reposerver/tls/ca.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/reposerver/tls/tls.crt", + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/reposerver/tls/ca.crt", ) if err != nil { return fmt.Errorf("failed to load repo-server certificate pool: %w", err) diff --git a/cmd/argocd-repo-server/commands/argocd_repo_server.go b/cmd/argocd-repo-server/commands/argocd_repo_server.go index f8bb868f0bd0f..19d9a2a1e4b12 100644 --- a/cmd/argocd-repo-server/commands/argocd_repo_server.go +++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go @@ -7,6 +7,7 @@ import ( "net/http" "os" "os/signal" + "runtime/debug" "sync" "syscall" "time" @@ -22,10 +23,10 @@ import ( "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/reposerver" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" - "github.com/argoproj/argo-cd/v2/reposerver/askpass" reposervercache "github.com/argoproj/argo-cd/v2/reposerver/cache" "github.com/argoproj/argo-cd/v2/reposerver/metrics" "github.com/argoproj/argo-cd/v2/reposerver/repository" + "github.com/argoproj/argo-cd/v2/util/askpass" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" "github.com/argoproj/argo-cd/v2/util/cli" "github.com/argoproj/argo-cd/v2/util/env" @@ -96,6 +97,13 @@ func NewCommand() *cobra.Command { cli.SetLogFormat(cmdutil.LogFormat) cli.SetLogLevel(cmdutil.LogLevel) + // Recover from panic and log the error using the configured logger instead of the default. + defer func() { + if r := recover(); r != nil { + log.WithField("trace", string(debug.Stack())).Fatal("Recovered from panic: ", r) + } + }() + if !disableTLS { var err error tlsConfigCustomizer, err = tlsConfigCustomizerSrc() @@ -122,7 +130,7 @@ func NewCommand() *cobra.Command { askPassServer := askpass.NewServer(askpass.SocketPath) metricsServer := metrics.NewMetricsServer() - cacheutil.CollectMetrics(redisClient, metricsServer) + cacheutil.CollectMetrics(redisClient, metricsServer, nil) server, err := reposerver.NewServer(metricsServer, cache, tlsConfigCustomizer, repository.RepoServerInitConstants{ ParallelismLimit: parallelismLimit, PauseGenerationAfterFailedGenerationAttempts: pauseGenerationAfterFailedGenerationAttempts, diff --git a/cmd/argocd-server/commands/argocd_server.go b/cmd/argocd-server/commands/argocd_server.go index d1e9cf05f98d5..403cfdae16633 100644 --- a/cmd/argocd-server/commands/argocd_server.go +++ b/cmd/argocd-server/commands/argocd_server.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "math" + "runtime/debug" "strings" "time" @@ -86,6 +87,7 @@ func NewCommand() *cobra.Command { applicationNamespaces []string enableProxyExtension bool webhookParallelism int + hydratorEnabled bool // ApplicationSet enableNewGitFileGlobbing bool @@ -119,6 +121,13 @@ func NewCommand() *cobra.Command { cli.SetLogLevel(cmdutil.LogLevel) cli.SetGLogLevel(glogLevel) + // Recover from panic and log the error using the configured logger instead of the default. + defer func() { + if r := recover(); r != nil { + log.WithField("trace", string(debug.Stack())).Fatal("Recovered from panic: ", r) + } + }() + config, err := clientConfig.ClientConfig() errors.CheckError(err) errors.CheckError(v1alpha1.SetK8SConfigDefaults(config)) @@ -155,13 +164,14 @@ func NewCommand() *cobra.Command { controllerClient, err := client.New(config, client.Options{Scheme: scheme}) errors.CheckError(err) controllerClient = client.NewDryRunClient(controllerClient) + controllerClient = client.NewNamespacedClient(controllerClient, namespace) // Load CA information to use for validating connections to the // repository server, if strict TLS validation was requested. if !repoServerPlaintext && repoServerStrictTLS { pool, err := tls.LoadX509CertPool( - fmt.Sprintf("%s/server/tls/tls.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), - fmt.Sprintf("%s/server/tls/ca.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/server/tls/tls.crt", + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/server/tls/ca.crt", ) if err != nil { log.Fatalf("%v", err) @@ -176,14 +186,14 @@ func NewCommand() *cobra.Command { if !dexServerPlaintext && dexServerStrictTLS { pool, err := tls.LoadX509CertPool( - fmt.Sprintf("%s/dex/tls/ca.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath) + "/dex/tls/ca.crt", ) if err != nil { log.Fatalf("%v", err) } dexTlsConfig.RootCAs = pool cert, err := tls.LoadX509Cert( - fmt.Sprintf("%s/dex/tls/tls.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath) + "/dex/tls/tls.crt", ) if err != nil { log.Fatalf("%v", err) @@ -234,6 +244,7 @@ func NewCommand() *cobra.Command { EnableProxyExtension: enableProxyExtension, WebhookParallelism: webhookParallelism, EnableK8sEvent: enableK8sEvent, + HydratorEnabled: hydratorEnabled, } appsetOpts := server.ApplicationSetOpts{ @@ -249,22 +260,25 @@ func NewCommand() *cobra.Command { stats.RegisterHeapDumper("memprofile") argocd := server.NewServer(ctx, argoCDOpts, appsetOpts) argocd.Init(ctx) - lns, err := argocd.Listen() - errors.CheckError(err) for { var closer func() - ctx, cancel := context.WithCancel(ctx) + serverCtx, cancel := context.WithCancel(ctx) + lns, err := argocd.Listen() + errors.CheckError(err) if otlpAddress != "" { - closer, err = traceutil.InitTracer(ctx, "argocd-server", otlpAddress, otlpInsecure, otlpHeaders, otlpAttrs) + closer, err = traceutil.InitTracer(serverCtx, "argocd-server", otlpAddress, otlpInsecure, otlpHeaders, otlpAttrs) if err != nil { log.Fatalf("failed to initialize tracing: %v", err) } } - argocd.Run(ctx, lns) - cancel() + argocd.Run(serverCtx, lns) if closer != nil { closer() } + cancel() + if argocd.TerminateRequested() { + break + } } }, Example: templates.Examples(` @@ -309,6 +323,7 @@ func NewCommand() *cobra.Command { command.Flags().BoolVar(&enableProxyExtension, "enable-proxy-extension", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_PROXY_EXTENSION", false), "Enable Proxy Extension feature") command.Flags().IntVar(&webhookParallelism, "webhook-parallelism-limit", env.ParseNumFromEnv("ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT", 50, 1, 1000), "Number of webhook requests processed concurrently") command.Flags().StringSliceVar(&enableK8sEvent, "enable-k8s-event", env.StringsFromEnv("ARGOCD_ENABLE_K8S_EVENT", argo.DefaultEnableEventList(), ","), "Enable ArgoCD to use k8s event. For disabling all events, set the value as `none`. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated)") + command.Flags().BoolVar(&hydratorEnabled, "hydrator-enabled", env.ParseBoolFromEnv("ARGOCD_HYDRATOR_ENABLED", false), "Feature flag to enable Hydrator. Default (\"false\")") // Flags related to the applicationSet component. command.Flags().StringVar(&scmRootCAPath, "appset-scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates") diff --git a/cmd/argocd/commands/account.go b/cmd/argocd/commands/account.go index 03fe9932ee23c..4307990f81528 100644 --- a/cmd/argocd/commands/account.go +++ b/cmd/argocd/commands/account.go @@ -358,7 +358,7 @@ func printAccountDetails(acc *accountpkg.Account) { expiresAt := time.Unix(t.ExpiresAt, 0) expiresAtFormatted = expiresAt.Format(time.RFC3339) if expiresAt.Before(time.Now()) { - expiresAtFormatted = fmt.Sprintf("%s (expired)", expiresAtFormatted) + expiresAtFormatted = expiresAtFormatted + " (expired)" } } diff --git a/cmd/argocd/commands/admin/app_test.go b/cmd/argocd/commands/admin/app_test.go index cadce3e857009..964d23ccab696 100644 --- a/cmd/argocd/commands/admin/app_test.go +++ b/cmd/argocd/commands/admin/app_test.go @@ -91,7 +91,7 @@ func TestGetReconcileResults_Refresh(t *testing.T) { appClientset := appfake.NewSimpleClientset(app, proj) deployment := test.NewDeployment() - kubeClientset := kubefake.NewSimpleClientset(deployment, &cm) + kubeClientset := kubefake.NewClientset(deployment, &cm) clusterCache := clustermocks.ClusterCache{} clusterCache.On("IsNamespaced", mock.Anything).Return(true, nil) clusterCache.On("GetGVKParser", mock.Anything).Return(nil) diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index 7841e5bab8c7b..034b650adfa10 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -617,7 +617,7 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command clientConfig := clientcmd.NewDefaultClientConfig(*cfgAccess, &overrides) conf, err := clientConfig.ClientConfig() errors.CheckError(err) - kubeClientset := fake.NewSimpleClientset() + kubeClientset := fake.NewClientset() var awsAuthConf *v1alpha1.AWSAuthConfig var execProviderConf *v1alpha1.ExecProviderConfig @@ -680,7 +680,7 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command command.PersistentFlags().StringVar(&pathOpts.LoadingRules.ExplicitPath, pathOpts.ExplicitFileFlag, pathOpts.LoadingRules.ExplicitPath, "use a particular kubeconfig file") command.Flags().StringVar(&bearerToken, "bearer-token", "", "Authentication token that should be used to access K8S API server") command.Flags().BoolVar(&generateToken, "generate-bearer-token", false, "Generate authentication token that should be used to access K8S API server") - command.Flags().StringVar(&clusterOpts.ServiceAccount, "service-account", "argocd-manager", fmt.Sprintf("System namespace service account to use for kubernetes resource management. If not set then default \"%s\" SA will be used", clusterauth.ArgoCDManagerServiceAccount)) + command.Flags().StringVar(&clusterOpts.ServiceAccount, "service-account", "argocd-manager", fmt.Sprintf("System namespace service account to use for kubernetes resource management. If not set then default %q SA will be used", clusterauth.ArgoCDManagerServiceAccount)) command.Flags().StringVar(&clusterOpts.SystemNamespace, "system-namespace", common.DefaultSystemNamespace, "Use different system namespace") command.Flags().StringVarP(&outputFormat, "output", "o", "yaml", "Output format. One of: json|yaml") command.Flags().StringArrayVar(&labels, "label", nil, "Set metadata labels (e.g. --label key=value)") diff --git a/cmd/argocd/commands/admin/generatespec_utils.go b/cmd/argocd/commands/admin/generatespec_utils.go index f9d902111a5d1..71d59c56da94d 100644 --- a/cmd/argocd/commands/admin/generatespec_utils.go +++ b/cmd/argocd/commands/admin/generatespec_utils.go @@ -23,7 +23,7 @@ func getOutWriter(inline bool, filePath string) (io.Writer, io.Closer, error) { return nil, nil, errors.New("The file path must be specified using flag '--file'") } - err := os.Rename(filePath, fmt.Sprintf("%s.back", filePath)) + err := os.Rename(filePath, filePath+".back") if err != nil { return nil, nil, err } diff --git a/cmd/argocd/commands/admin/generatespec_utils_test.go b/cmd/argocd/commands/admin/generatespec_utils_test.go index 9c5735df5838d..13d946d2c7478 100644 --- a/cmd/argocd/commands/admin/generatespec_utils_test.go +++ b/cmd/argocd/commands/admin/generatespec_utils_test.go @@ -2,7 +2,6 @@ package admin import ( "bytes" - "fmt" "os" "testing" @@ -25,7 +24,7 @@ func TestGetOutWriter_InlineOff(t *testing.T) { func TestGetOutWriter_InlineOn(t *testing.T) { tmpFile := t.TempDir() defer func() { - _ = os.Remove(fmt.Sprintf("%s.back", tmpFile)) + _ = os.Remove(tmpFile + ".back") }() out, closer, err := getOutWriter(true, tmpFile) @@ -33,7 +32,7 @@ func TestGetOutWriter_InlineOn(t *testing.T) { defer io.Close(closer) assert.Equal(t, tmpFile, out.(*os.File).Name()) - _, err = os.Stat(fmt.Sprintf("%s.back", tmpFile)) + _, err = os.Stat(tmpFile + ".back") require.NoError(t, err, "Back file must be created") } diff --git a/cmd/argocd/commands/admin/notifications.go b/cmd/argocd/commands/admin/notifications.go index 32ae589270938..0442e5b5f02f0 100644 --- a/cmd/argocd/commands/admin/notifications.go +++ b/cmd/argocd/commands/admin/notifications.go @@ -1,7 +1,6 @@ package admin import ( - "fmt" "log" "k8s.io/apimachinery/pkg/runtime/schema" @@ -51,8 +50,8 @@ func NewNotificationsCommand() *cobra.Command { } if !tlsConfig.DisableTLS && tlsConfig.StrictValidation { pool, err := tls.LoadX509CertPool( - fmt.Sprintf("%s/reposerver/tls/tls.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), - fmt.Sprintf("%s/reposerver/tls/ca.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/reposerver/tls/tls.crt", + env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)+"/reposerver/tls/ca.crt", ) if err != nil { log.Fatalf("Failed to load tls certs: %v", err) diff --git a/cmd/argocd/commands/admin/project.go b/cmd/argocd/commands/admin/project.go index 9ba14ab80d961..3570afbb1a61d 100644 --- a/cmd/argocd/commands/admin/project.go +++ b/cmd/argocd/commands/admin/project.go @@ -50,13 +50,13 @@ func NewGenProjectSpecCommand() *cobra.Command { Short: "Generate declarative config for a project", Example: templates.Examples(` # Generate a YAML configuration for a project named "myproject" - argocd admin projects generate-spec myproject + argocd admin proj generate-spec myproject # Generate a JSON configuration for a project named "anotherproject" and specify an output file - argocd admin projects generate-spec anotherproject --output json --file config.json + argocd admin proj generate-spec anotherproject --output json --file config.json # Generate a YAML configuration for a project named "someproject" and write it back to the input file - argocd admin projects generate-spec someproject --inline + argocd admin proj generate-spec someproject --inline `), Run: func(c *cobra.Command, args []string) { @@ -155,10 +155,10 @@ func NewUpdatePolicyRuleCommand() *cobra.Command { Use: "update-role-policy PROJECT_GLOB MODIFICATION ACTION", Short: "Implement bulk project role update. Useful to back-fill existing project policies or remove obsolete actions.", Example: ` # Add policy that allows executing any action (action/*) to roles which name matches to *deployer* in all projects - argocd admin projects update-role-policy '*' set 'action/*' --role '*deployer*' --resource applications --scope '*' --permission allow + argocd admin proj update-role-policy '*' set 'action/*' --role '*deployer*' --resource applications --scope '*' --permission allow # Remove policy that which manages running (action/*) from all roles which name matches *deployer* in all projects - argocd admin projects update-role-policy '*' remove override --role '*deployer*' + argocd admin proj update-role-policy '*' remove override --role '*deployer*' `, Run: func(c *cobra.Command, args []string) { ctx := c.Context() diff --git a/cmd/argocd/commands/admin/repo.go b/cmd/argocd/commands/admin/repo.go index ea55b341b486c..84933ab0c0cc5 100644 --- a/cmd/argocd/commands/admin/repo.go +++ b/cmd/argocd/commands/admin/repo.go @@ -150,7 +150,7 @@ func NewGenRepoSpecCommand() *cobra.Command { }, }, } - kubeClientset := fake.NewSimpleClientset(argoCDCM) + kubeClientset := fake.NewClientset(argoCDCM) settingsMgr := settings.NewSettingsManager(ctx, kubeClientset, ArgoCDNamespace) argoDB := db.NewDB(ArgoCDNamespace, settingsMgr, kubeClientset) diff --git a/cmd/argocd/commands/admin/settings.go b/cmd/argocd/commands/admin/settings.go index 689653cd3930b..78fac6ca2246d 100644 --- a/cmd/argocd/commands/admin/settings.go +++ b/cmd/argocd/commands/admin/settings.go @@ -119,7 +119,7 @@ func (opts *settingsOpts) createSettingsManager(ctx context.Context) (*settings. } } setSettingsMeta(argocdSecret) - clientset := fake.NewSimpleClientset(argocdSecret, argocdCM) + clientset := fake.NewClientset(argocdSecret, argocdCM) manager := settings.NewSettingsManager(ctx, clientset, "default") errors.CheckError(manager.ResyncInformers()) @@ -211,7 +211,7 @@ var validatorsByGroup = map[string]settingValidator{ } var summary string if ssoProvider != "" { - summary = fmt.Sprintf("%s is configured", ssoProvider) + summary = ssoProvider + " is configured" if general.URL == "" { summary = summary + " ('url' field is missing)" } diff --git a/cmd/argocd/commands/admin/settings_rbac_test.go b/cmd/argocd/commands/admin/settings_rbac_test.go index 9fe9ab6953a68..7e052ea2c1f8d 100644 --- a/cmd/argocd/commands/admin/settings_rbac_test.go +++ b/cmd/argocd/commands/admin/settings_rbac_test.go @@ -147,7 +147,7 @@ func Test_PolicyFromK8s(t *testing.T) { ctx := context.Background() require.NoError(t, err) - kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ + kubeclientset := fake.NewClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "argocd-rbac-cm", Namespace: "argocd", @@ -280,7 +280,7 @@ p, role:user, logs, get, .*/.*, allow p, role:user, exec, create, .*/.*, allow ` - kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ + kubeclientset := fake.NewClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "argocd-rbac-cm", Namespace: "argocd", diff --git a/cmd/argocd/commands/admin/settings_test.go b/cmd/argocd/commands/admin/settings_test.go index ac19104a5960f..1f9af47540e6c 100644 --- a/cmd/argocd/commands/admin/settings_test.go +++ b/cmd/argocd/commands/admin/settings_test.go @@ -3,7 +3,6 @@ package admin import ( "bytes" "context" - "fmt" "io" "os" "testing" @@ -45,7 +44,7 @@ func captureStdout(callback func()) (string, error) { func newSettingsManager(data map[string]string) *settings.SettingsManager { ctx := context.Background() - clientset := fake.NewSimpleClientset(&v1.ConfigMap{ + clientset := fake.NewClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: "default", Name: common.ArgoCDConfigMapName, @@ -270,7 +269,7 @@ func TestValidateSettingsCommand_NoErrors(t *testing.T) { require.NoError(t, err) for k := range validatorsByGroup { - assert.Contains(t, out, fmt.Sprintf("✅ %s", k)) + assert.Contains(t, out, "✅ "+k) } } diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index ecdaf26bd6b2b..50230e0bb354b 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -112,6 +112,7 @@ type watchOpts struct { suspended bool degraded bool delete bool + hydrated bool } // NewApplicationCreateCommand returns a new instance of an `argocd app create` command @@ -669,9 +670,9 @@ func printAppSummaryTable(app *argoappv1.Application, appURL string, windows *ar syncStatusStr := string(app.Status.Sync.Status) switch app.Status.Sync.Status { case argoappv1.SyncStatusCodeSynced: - syncStatusStr += fmt.Sprintf(" to %s", app.Spec.GetSource().TargetRevision) + syncStatusStr += " to " + app.Spec.GetSource().TargetRevision case argoappv1.SyncStatusCodeOutOfSync: - syncStatusStr += fmt.Sprintf(" from %s", app.Spec.GetSource().TargetRevision) + syncStatusStr += " from " + app.Spec.GetSource().TargetRevision } if !git.IsCommitSHA(app.Spec.GetSource().TargetRevision) && !git.IsTruncatedCommitSHA(app.Spec.GetSource().TargetRevision) && len(app.Status.Sync.Revision) > 7 { syncStatusStr += fmt.Sprintf(" (%s)", app.Status.Sync.Revision[0:7]) @@ -1883,6 +1884,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co command.Flags().BoolVar(&watch.suspended, "suspended", false, "Wait for suspended") command.Flags().BoolVar(&watch.degraded, "degraded", false, "Wait for degraded") command.Flags().BoolVar(&watch.delete, "delete", false, "Wait for delete") + command.Flags().BoolVar(&watch.hydrated, "hydrated", false, "Wait for hydration operations") command.Flags().StringVarP(&selector, "selector", "l", "", "Wait for apps by label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints.") command.Flags().StringArrayVar(&resources, "resource", []string{}, fmt.Sprintf("Sync only specific resources as GROUP%[1]sKIND%[1]sNAME or %[2]sGROUP%[1]sKIND%[1]sNAME. Fields may be blank and '*' can be used. This option may be specified repeatedly", resourceFieldDelimiter, resourceExcludeIndicator)) command.Flags().BoolVar(&watch.operation, "operation", false, "Wait for pending operations") @@ -2052,7 +2054,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co if len(list.Items) == 0 { errMsg := "No matching apps found for filter:" if selector != "" { - errMsg += fmt.Sprintf(" selector %s", selector) + errMsg += " selector " + selector } if len(projects) != 0 { errMsg += fmt.Sprintf(" projects %v", projects) @@ -2450,7 +2452,7 @@ func groupResourceStates(app *argoappv1.Application, selectedResources []*argoap } // check if resource health, sync and operation statuses matches watch options -func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string, operationStatus *argoappv1.Operation) bool { +func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string, operationStatus *argoappv1.Operation, hydrationFinished bool) bool { if watch.delete { return false } @@ -2480,7 +2482,8 @@ func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string synced := !watch.sync || syncStatus == string(argoappv1.SyncStatusCodeSynced) operational := !watch.operation || operationStatus == nil - return synced && healthCheckPassed && operational + hydrated := !watch.hydrated || hydrationFinished + return synced && healthCheckPassed && operational && hydrated } // resourceParentChild gets the latest state of the app and the latest state of the app's resource tree and then @@ -2644,13 +2647,15 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client, } } + hydrationFinished := app.Status.SourceHydrator.CurrentOperation != nil && app.Status.SourceHydrator.CurrentOperation.Phase == argoappv1.HydrateOperationPhaseHydrated && app.Status.SourceHydrator.CurrentOperation.SourceHydrator.DeepEquals(app.Status.SourceHydrator.LastSuccessfulOperation.SourceHydrator) && app.Status.SourceHydrator.CurrentOperation.DrySHA == app.Status.SourceHydrator.LastSuccessfulOperation.DrySHA + var selectedResourcesAreReady bool // If selected resources are included, wait only on those resources, otherwise wait on the application as a whole. if len(selectedResources) > 0 { selectedResourcesAreReady = true for _, state := range getResourceStates(app, selectedResources) { - resourceIsReady := checkResourceStatus(watch, state.Health, state.Status, appEvent.Application.Operation) + resourceIsReady := checkResourceStatus(watch, state.Health, state.Status, appEvent.Application.Operation, hydrationFinished) if !resourceIsReady { selectedResourcesAreReady = false break @@ -2658,7 +2663,7 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client, } } else { // Wait on the application as a whole - selectedResourcesAreReady = checkResourceStatus(watch, string(app.Status.Health.Status), string(app.Status.Sync.Status), appEvent.Application.Operation) + selectedResourcesAreReady = checkResourceStatus(watch, string(app.Status.Health.Status), string(app.Status.Sync.Status), appEvent.Application.Operation, hydrationFinished) } if selectedResourcesAreReady && (!operationInProgress || !watch.operation) { @@ -3144,7 +3149,7 @@ func NewApplicationEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co appData, err = yaml.JSONToYAML(appData) errors.CheckError(err) - cli.InteractiveEdit(fmt.Sprintf("%s-*-edit.yaml", appName), appData, func(input []byte) error { + cli.InteractiveEdit(appName+"-*-edit.yaml", appData, func(input []byte) error { input, err = yaml.YAMLToJSON(input) if err != nil { return fmt.Errorf("error converting YAML to JSON: %w", err) diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go index fa557030e6d1d..57aede02a5b49 100644 --- a/cmd/argocd/commands/app_test.go +++ b/cmd/argocd/commands/app_test.go @@ -1705,7 +1705,7 @@ func TestCheckResourceStatus(t *testing.T) { suspended: true, health: true, degraded: true, - }, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.True(t, res) }) t.Run("Degraded, Suspended and health status failed", func(t *testing.T) { @@ -1713,57 +1713,57 @@ func TestCheckResourceStatus(t *testing.T) { suspended: true, health: true, degraded: true, - }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.False(t, res) }) t.Run("Suspended and health status passed", func(t *testing.T) { res := checkResourceStatus(watchOpts{ suspended: true, health: true, - }, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.True(t, res) }) t.Run("Suspended and health status failed", func(t *testing.T) { res := checkResourceStatus(watchOpts{ suspended: true, health: true, - }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.False(t, res) }) t.Run("Suspended passed", func(t *testing.T) { res := checkResourceStatus(watchOpts{ suspended: true, health: false, - }, string(health.HealthStatusSuspended), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusSuspended), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.True(t, res) }) t.Run("Suspended failed", func(t *testing.T) { res := checkResourceStatus(watchOpts{ suspended: true, health: false, - }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.False(t, res) }) t.Run("Health passed", func(t *testing.T) { res := checkResourceStatus(watchOpts{ suspended: false, health: true, - }, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusHealthy), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.True(t, res) }) t.Run("Health failed", func(t *testing.T) { res := checkResourceStatus(watchOpts{ suspended: false, health: true, - }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.False(t, res) }) t.Run("Synced passed", func(t *testing.T) { - res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.True(t, res) }) t.Run("Synced failed", func(t *testing.T) { - res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeOutOfSync), &v1alpha1.Operation{}) + res := checkResourceStatus(watchOpts{}, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeOutOfSync), &v1alpha1.Operation{}, true) assert.True(t, res) }) t.Run("Degraded passed", func(t *testing.T) { @@ -1771,7 +1771,7 @@ func TestCheckResourceStatus(t *testing.T) { suspended: false, health: false, degraded: true, - }, string(health.HealthStatusDegraded), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusDegraded), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.True(t, res) }) t.Run("Degraded failed", func(t *testing.T) { @@ -1779,7 +1779,7 @@ func TestCheckResourceStatus(t *testing.T) { suspended: false, health: false, degraded: true, - }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}) + }, string(health.HealthStatusProgressing), string(v1alpha1.SyncStatusCodeSynced), &v1alpha1.Operation{}, true) assert.False(t, res) }) } diff --git a/cmd/argocd/commands/applicationset.go b/cmd/argocd/commands/applicationset.go index 9d8a71e0b1212..3dcc905182258 100644 --- a/cmd/argocd/commands/applicationset.go +++ b/cmd/argocd/commands/applicationset.go @@ -93,7 +93,6 @@ func NewApplicationSetGetCommand(clientOpts *argocdclient.ClientOptions) *cobra. errors.CheckError(err) case "wide", "": printAppSetSummaryTable(appSet) - if len(appSet.Status.Conditions) > 0 { fmt.Println() w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) @@ -435,7 +434,6 @@ func getServerForAppSet(appSet *arogappsetv1.ApplicationSet) string { } func printAppSetSummaryTable(appSet *arogappsetv1.ApplicationSet) { - source := appSet.Spec.Template.Spec.GetSource() fmt.Printf(printOpFmtStr, "Name:", appSet.QualifiedName()) fmt.Printf(printOpFmtStr, "Project:", appSet.Spec.Template.Spec.GetProject()) fmt.Printf(printOpFmtStr, "Server:", getServerForAppSet(appSet)) @@ -445,7 +443,17 @@ func printAppSetSummaryTable(appSet *arogappsetv1.ApplicationSet) { } else { fmt.Println("Sources:") } - printAppSourceDetails(&source) + + // if no source has been defined, print the default value for a source + if len(appSet.Spec.Template.Spec.GetSources()) == 0 { + src := appSet.Spec.Template.Spec.GetSource() + printAppSourceDetails(&src) + } else { + // otherwise range over the sources and print each source details + for _, source := range appSet.Spec.Template.Spec.GetSources() { + printAppSourceDetails(&source) + } + } var ( syncPolicyStr string diff --git a/cmd/argocd/commands/applicationset_test.go b/cmd/argocd/commands/applicationset_test.go index dd293ba57b415..fd6f07b5d7d77 100644 --- a/cmd/argocd/commands/applicationset_test.go +++ b/cmd/argocd/commands/applicationset_test.go @@ -145,6 +145,26 @@ func TestPrintAppSetSummaryTable(t *testing.T) { }, }, } + appsetSpecSource := baseAppSet.DeepCopy() + appsetSpecSource.Spec.Template.Spec.Source = &v1alpha1.ApplicationSource{ + RepoURL: "test1", + TargetRevision: "master1", + Path: "/test1", + } + + appsetSpecSources := baseAppSet.DeepCopy() + appsetSpecSources.Spec.Template.Spec.Sources = v1alpha1.ApplicationSources{ + { + RepoURL: "test1", + TargetRevision: "master1", + Path: "/test1", + }, + { + RepoURL: "test2", + TargetRevision: "master2", + Path: "/test2", + }, + } appsetSpecSyncPolicy := baseAppSet.DeepCopy() appsetSpecSyncPolicy.Spec.SyncPolicy = &v1alpha1.ApplicationSetSyncPolicy{ @@ -210,6 +230,37 @@ Source: - Repo: Target: SyncPolicy: Automated +`, + }, + { + name: "appset with a single source", + appSet: appsetSpecSource, + expectedOutput: `Name: app-name +Project: default +Server: +Namespace: +Source: +- Repo: test1 + Target: master1 + Path: /test1 +SyncPolicy: +`, + }, + { + name: "appset with a multiple sources", + appSet: appsetSpecSources, + expectedOutput: `Name: app-name +Project: default +Server: +Namespace: +Sources: +- Repo: test1 + Target: master1 + Path: /test1 +- Repo: test2 + Target: master2 + Path: /test2 +SyncPolicy: `, }, } { diff --git a/cmd/argocd/commands/cluster.go b/cmd/argocd/commands/cluster.go index 9d71af3a5ce3c..da8447c7f9c02 100644 --- a/cmd/argocd/commands/cluster.go +++ b/cmd/argocd/commands/cluster.go @@ -88,7 +88,7 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie ) command := &cobra.Command{ Use: "add CONTEXT", - Short: fmt.Sprintf("%s cluster add CONTEXT", cliName), + Short: cliName + " cluster add CONTEXT", Run: func(c *cobra.Command, args []string) { ctx := c.Context() @@ -192,7 +192,7 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie } command.PersistentFlags().StringVar(&pathOpts.LoadingRules.ExplicitPath, pathOpts.ExplicitFileFlag, pathOpts.LoadingRules.ExplicitPath, "use a particular kubeconfig file") command.Flags().BoolVar(&clusterOpts.Upsert, "upsert", false, "Override an existing cluster with the same name even if the spec differs") - command.Flags().StringVar(&clusterOpts.ServiceAccount, "service-account", "", fmt.Sprintf("System namespace service account to use for kubernetes resource management. If not set then default \"%s\" SA will be created", clusterauth.ArgoCDManagerServiceAccount)) + command.Flags().StringVar(&clusterOpts.ServiceAccount, "service-account", "", fmt.Sprintf("System namespace service account to use for kubernetes resource management. If not set then default %q SA will be created", clusterauth.ArgoCDManagerServiceAccount)) command.Flags().StringVar(&clusterOpts.SystemNamespace, "system-namespace", common.DefaultSystemNamespace, "Use different system namespace") command.Flags().BoolVarP(&skipConfirmation, "yes", "y", false, "Skip explicit confirmation") command.Flags().StringArrayVar(&labels, "label", nil, "Set metadata labels (e.g. --label key=value)") @@ -541,7 +541,7 @@ argocd cluster list -o server func NewClusterRotateAuthCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { command := &cobra.Command{ Use: "rotate-auth SERVER/NAME", - Short: fmt.Sprintf("%s cluster rotate-auth SERVER/NAME", cliName), + Short: cliName + " cluster rotate-auth SERVER/NAME", Example: `argocd cluster rotate-auth https://12.34.567.89 argocd cluster rotate-auth cluster-name`, Run: func(c *cobra.Command, args []string) { diff --git a/cmd/argocd/commands/headless/headless.go b/cmd/argocd/commands/headless/headless.go index 0e1d7953b8226..c8d69b441d9f5 100644 --- a/cmd/argocd/commands/headless/headless.go +++ b/cmd/argocd/commands/headless/headless.go @@ -14,7 +14,8 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/pflag" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" + metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" runtimeUtil "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/dynamic" @@ -128,7 +129,7 @@ func (c *forwardRepoClientset) NewRepoServerClient() (io.Closer, repoapiclient.R } repoServerName := c.repoServerName repoServererviceLabelSelector := common.LabelKeyComponentRepoServer + "=" + common.LabelValueComponentRepoServer - repoServerServices, err := c.kubeClientset.CoreV1().Services(c.namespace).List(context.Background(), v1.ListOptions{LabelSelector: repoServererviceLabelSelector}) + repoServerServices, err := c.kubeClientset.CoreV1().Services(c.namespace).List(context.Background(), metaV1.ListOptions{LabelSelector: repoServererviceLabelSelector}) if err != nil { c.err = err return @@ -211,7 +212,7 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti address = ptr.To("localhost") } if port == nil || *port == 0 { - addr := fmt.Sprintf("%s:0", *address) + addr := *address + ":0" ln, err := net.Listen("tcp", addr) if err != nil { return fmt.Errorf("failed to listen on %q: %w", addr, err) @@ -243,6 +244,10 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti if err != nil { return fmt.Errorf("error adding argo resources to scheme: %w", err) } + err = corev1.AddToScheme(scheme) + if err != nil { + return fmt.Errorf("error adding corev1 resources to scheme: %w", err) + } controllerClientset, err := client.New(restConfig, client.Options{ Scheme: scheme, }) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index b3dc9498d6b84..2eaa156414c10 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -1077,7 +1077,7 @@ func NewProjectEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman projData, err = yaml.JSONToYAML(projData) errors.CheckError(err) - cli.InteractiveEdit(fmt.Sprintf("%s-*-edit.yaml", projName), projData, func(input []byte) error { + cli.InteractiveEdit(projName+"-*-edit.yaml", projData, func(input []byte) error { input, err = yaml.YAMLToJSON(input) if err != nil { return fmt.Errorf("error converting YAML to JSON: %w", err) diff --git a/cmd/argocd/commands/repocreds.go b/cmd/argocd/commands/repocreds.go index 215895d5fcc13..c25b0b2ab2e9b 100644 --- a/cmd/argocd/commands/repocreds.go +++ b/cmd/argocd/commands/repocreds.go @@ -25,7 +25,7 @@ import ( func NewRepoCredsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { command := &cobra.Command{ Use: "repocreds", - Short: "Manage repository connection parameters", + Short: "Manage credential templates for repositories", Example: templates.Examples(` # Add credentials with user/pass authentication to use for all repositories under the specified URL argocd repocreds add URL --username USERNAME --password PASSWORD diff --git a/cmd/main.go b/cmd/main.go index fcf771cc1512c..92eb27049c9fc 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -11,6 +11,7 @@ import ( appcontroller "github.com/argoproj/argo-cd/v2/cmd/argocd-application-controller/commands" applicationset "github.com/argoproj/argo-cd/v2/cmd/argocd-applicationset-controller/commands" cmpserver "github.com/argoproj/argo-cd/v2/cmd/argocd-cmp-server/commands" + commitserver "github.com/argoproj/argo-cd/v2/cmd/argocd-commit-server/commands" dex "github.com/argoproj/argo-cd/v2/cmd/argocd-dex/commands" gitaskpass "github.com/argoproj/argo-cd/v2/cmd/argocd-git-ask-pass/commands" k8sauth "github.com/argoproj/argo-cd/v2/cmd/argocd-k8s-auth/commands" @@ -46,6 +47,8 @@ func main() { case "argocd-cmp-server": command = cmpserver.NewCommand() isCLI = true + case "argocd-commit-server": + command = commitserver.NewCommand() case "argocd-dex": command = dex.NewCommand() case "argocd-notifications": diff --git a/cmd/util/app.go b/cmd/util/app.go index f53b808f8a938..e66c03f4e9374 100644 --- a/cmd/util/app.go +++ b/cmd/util/app.go @@ -50,6 +50,7 @@ type AppOptions struct { helmVersion string helmPassCredentials bool helmSkipCrds bool + helmSkipSchemaValidation bool helmSkipTests bool helmNamespace string helmKubeVersion string @@ -90,6 +91,12 @@ type AppOptions struct { retryBackoffFactor int64 ref string SourceName string + drySourceRepo string + drySourceRevision string + drySourcePath string + syncSourceBranch string + syncSourcePath string + hydrateToBranch string } // SetAutoMaxProcs sets the GOMAXPROCS value based on the binary name. @@ -111,6 +118,12 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) { command.Flags().StringVar(&opts.chart, "helm-chart", "", "Helm Chart name") command.Flags().StringVar(&opts.env, "env", "", "Application environment to monitor") command.Flags().StringVar(&opts.revision, "revision", "", "The tracking source branch, tag, commit or Helm chart version the application will sync to") + command.Flags().StringVar(&opts.drySourceRepo, "dry-source-repo", "", "Repository URL of the app dry source") + command.Flags().StringVar(&opts.drySourceRevision, "dry-source-revision", "", "Revision of the app dry source") + command.Flags().StringVar(&opts.drySourcePath, "dry-source-path", "", "Path in repository to the app directory for the dry source") + command.Flags().StringVar(&opts.syncSourceBranch, "sync-source-branch", "", "The branch from which the app will sync") + command.Flags().StringVar(&opts.syncSourcePath, "sync-source-path", "", "The path in the repository from which the app will sync") + command.Flags().StringVar(&opts.hydrateToBranch, "hydrate-to-branch", "", "The branch to hydrate the app to") command.Flags().IntVar(&opts.revisionHistoryLimit, "revision-history-limit", argoappv1.RevisionHistoryLimit, "How many items to keep in revision history") command.Flags().StringVar(&opts.destServer, "dest-server", "", "K8s cluster URL (e.g. https://kubernetes.default.svc)") command.Flags().StringVar(&opts.destName, "dest-name", "", "K8s cluster Name (e.g. minikube)") @@ -126,6 +139,7 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) { command.Flags().StringArrayVar(&opts.helmSetStrings, "helm-set-string", []string{}, "Helm set STRING values on the command line (can be repeated to set several values: --helm-set-string key1=val1 --helm-set-string key2=val2)") command.Flags().StringArrayVar(&opts.helmSetFiles, "helm-set-file", []string{}, "Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2)") command.Flags().BoolVar(&opts.helmSkipCrds, "helm-skip-crds", false, "Skip helm crd installation step") + command.Flags().BoolVar(&opts.helmSkipSchemaValidation, "helm-skip-schema-validation", false, "Skip helm schema validation step") command.Flags().BoolVar(&opts.helmSkipTests, "helm-skip-tests", false, "Skip helm test manifests installation step") command.Flags().StringVar(&opts.helmNamespace, "helm-namespace", "", "Helm namespace to use when running helm template. If not set, use app.spec.destination.namespace") command.Flags().StringVar(&opts.helmKubeVersion, "helm-kube-version", "", "Helm kube-version to use when running helm template. If not set, use the kube version from the destination cluster") @@ -173,21 +187,27 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap if flags == nil { return visited } - source := spec.GetSourcePtrByPosition(sourcePosition) - if source == nil { - source = &argoappv1.ApplicationSource{} - } - source, visited = ConstructSource(source, *appOpts, flags) - if spec.HasMultipleSources() { - if sourcePosition == 0 { - spec.Sources[sourcePosition] = *source - } else if sourcePosition > 0 { - spec.Sources[sourcePosition-1] = *source + var h *argoappv1.SourceHydrator + h, hasHydratorFlag := constructSourceHydrator(spec.SourceHydrator, *appOpts, flags) + if hasHydratorFlag { + spec.SourceHydrator = h + } else { + source := spec.GetSourcePtrByPosition(sourcePosition) + if source == nil { + source = &argoappv1.ApplicationSource{} + } + source, visited = ConstructSource(source, *appOpts, flags) + if spec.HasMultipleSources() { + if sourcePosition == 0 { + spec.Sources[sourcePosition] = *source + } else if sourcePosition > 0 { + spec.Sources[sourcePosition-1] = *source + } else { + spec.Sources = append(spec.Sources, *source) + } } else { - spec.Sources = append(spec.Sources, *source) + spec.Source = source } - } else { - spec.Source = source } flags.Visit(func(f *pflag.Flag) { visited++ @@ -377,6 +397,7 @@ type helmOpts struct { helmSetFiles []string passCredentials bool skipCrds bool + skipSchemaValidation bool skipTests bool namespace string kubeVersion string @@ -411,6 +432,9 @@ func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) { if opts.skipCrds { src.Helm.SkipCrds = opts.skipCrds } + if opts.skipSchemaValidation { + src.Helm.SkipSchemaValidation = opts.skipSchemaValidation + } if opts.skipTests { src.Helm.SkipTests = opts.skipTests } @@ -586,9 +610,7 @@ func constructAppsBaseOnName(appName string, labels, annotations, args []string, Name: appName, Namespace: appNs, }, - Spec: argoappv1.ApplicationSpec{ - Source: &argoappv1.ApplicationSource{}, - }, + Spec: argoappv1.ApplicationSpec{}, } SetAppSpecOptions(flags, &app.Spec, &appOpts, 0) SetParameterOverrides(app, appOpts.Parameters, 0) @@ -681,6 +703,8 @@ func ConstructSource(source *argoappv1.ApplicationSource, appOpts AppOptions, fl setHelmOpt(source, helmOpts{helmSetFiles: appOpts.helmSetFiles}) case "helm-skip-crds": setHelmOpt(source, helmOpts{skipCrds: appOpts.helmSkipCrds}) + case "helm-skip-schema-validation": + setHelmOpt(source, helmOpts{skipSchemaValidation: appOpts.helmSkipSchemaValidation}) case "helm-skip-tests": setHelmOpt(source, helmOpts{skipTests: appOpts.helmSkipTests}) case "helm-namespace": @@ -760,6 +784,47 @@ func ConstructSource(source *argoappv1.ApplicationSource, appOpts AppOptions, fl return source, visited } +// constructSourceHydrator constructs a source hydrator from the command line flags. It returns the modified source +// hydrator and a boolean indicating if any hydrator flags were set. We return instead of just modifying the source +// hydrator in place because the given hydrator `h` might be nil. In that case, we need to create a new source hydrator +// and return it. +func constructSourceHydrator(h *argoappv1.SourceHydrator, appOpts AppOptions, flags *pflag.FlagSet) (*argoappv1.SourceHydrator, bool) { + hasHydratorFlag := false + ensureNotNil := func(notEmpty bool) { + hasHydratorFlag = true + if notEmpty && h == nil { + h = &argoappv1.SourceHydrator{} + } + } + flags.Visit(func(f *pflag.Flag) { + switch f.Name { + case "dry-source-repo": + ensureNotNil(appOpts.drySourceRepo != "") + h.DrySource.RepoURL = appOpts.drySourceRepo + case "dry-source-path": + ensureNotNil(appOpts.drySourcePath != "") + h.DrySource.Path = appOpts.drySourcePath + case "dry-source-revision": + ensureNotNil(appOpts.drySourceRevision != "") + h.DrySource.TargetRevision = appOpts.drySourceRevision + case "sync-source-branch": + ensureNotNil(appOpts.syncSourceBranch != "") + h.SyncSource.TargetBranch = appOpts.syncSourceBranch + case "sync-source-path": + ensureNotNil(appOpts.syncSourcePath != "") + h.SyncSource.Path = appOpts.syncSourcePath + case "hydrate-to-branch": + ensureNotNil(appOpts.hydrateToBranch != "") + if appOpts.hydrateToBranch == "" { + h.HydrateTo = nil + } else { + h.HydrateTo = &argoappv1.HydrateTo{TargetBranch: appOpts.hydrateToBranch} + } + } + }) + return h, hasHydratorFlag +} + func mergeLabels(app *argoappv1.Application, labels []string) { mapLabels, err := label.Parse(labels) errors.CheckError(err) diff --git a/cmd/util/app_test.go b/cmd/util/app_test.go index f9967d6d0cae8..46b411503366b 100644 --- a/cmd/util/app_test.go +++ b/cmd/util/app_test.go @@ -66,6 +66,11 @@ func Test_setHelmOpt(t *testing.T) { setHelmOpt(&src, helmOpts{skipCrds: true}) assert.True(t, src.Helm.SkipCrds) }) + t.Run("HelmSkipSchemaValidation", func(t *testing.T) { + src := v1alpha1.ApplicationSource{} + setHelmOpt(&src, helmOpts{skipSchemaValidation: true}) + assert.True(t, src.Helm.SkipSchemaValidation) + }) t.Run("HelmSkipTests", func(t *testing.T) { src := v1alpha1.ApplicationSource{} setHelmOpt(&src, helmOpts{skipTests: true}) @@ -290,6 +295,28 @@ func Test_setAppSpecOptions(t *testing.T) { require.NoError(t, f.SetFlag("helm-api-versions", "v2")) assert.Equal(t, []string{"v1", "v2"}, f.spec.Source.Helm.APIVersions) }) + t.Run("source hydrator", func(t *testing.T) { + require.NoError(t, f.SetFlag("dry-source-repo", "https://github.com/argoproj/argocd-example-apps")) + assert.Equal(t, "https://github.com/argoproj/argocd-example-apps", f.spec.SourceHydrator.DrySource.RepoURL) + + require.NoError(t, f.SetFlag("dry-source-path", "apps")) + assert.Equal(t, "apps", f.spec.SourceHydrator.DrySource.Path) + + require.NoError(t, f.SetFlag("dry-source-revision", "HEAD")) + assert.Equal(t, "HEAD", f.spec.SourceHydrator.DrySource.TargetRevision) + + require.NoError(t, f.SetFlag("sync-source-branch", "env/test")) + assert.Equal(t, "env/test", f.spec.SourceHydrator.SyncSource.TargetBranch) + + require.NoError(t, f.SetFlag("sync-source-path", "apps")) + assert.Equal(t, "apps", f.spec.SourceHydrator.SyncSource.Path) + + require.NoError(t, f.SetFlag("hydrate-to-branch", "env/test-next")) + assert.Equal(t, "env/test-next", f.spec.SourceHydrator.HydrateTo.TargetBranch) + + require.NoError(t, f.SetFlag("hydrate-to-branch", "")) + assert.Nil(t, f.spec.SourceHydrator.HydrateTo) + }) } func newMultiSourceAppOptionsFixture() *appOptionsFixture { diff --git a/cmd/util/cluster_test.go b/cmd/util/cluster_test.go index 3f8db89cda581..12ed3fe5cc3ad 100644 --- a/cmd/util/cluster_test.go +++ b/cmd/util/cluster_test.go @@ -162,7 +162,7 @@ func TestGetKubePublicEndpoint(t *testing.T) { if tc.clusterInfo != nil { objects = append(objects, tc.clusterInfo) } - clientset := fake.NewSimpleClientset(objects...) + clientset := fake.NewClientset(objects...) endpoint, err := GetKubePublicEndpoint(clientset) if tc.expectError { require.Error(t, err) diff --git a/cmd/util/repo.go b/cmd/util/repo.go index 6b822c6309f70..d87d42836725f 100644 --- a/cmd/util/repo.go +++ b/cmd/util/repo.go @@ -45,7 +45,7 @@ func AddRepoFlags(command *cobra.Command, opts *RepoOptions) { command.Flags().StringVar(&opts.GithubAppPrivateKeyPath, "github-app-private-key-path", "", "private key of the GitHub Application") command.Flags().StringVar(&opts.GitHubAppEnterpriseBaseURL, "github-app-enterprise-base-url", "", "base url to use when using GitHub Enterprise (e.g. https://ghe.example.com/api/v3") command.Flags().StringVar(&opts.Proxy, "proxy", "", "use proxy to access repository") - command.Flags().StringVar(&opts.Proxy, "no-proxy", "", "don't access these targets via proxy") + command.Flags().StringVar(&opts.NoProxy, "no-proxy", "", "don't access these targets via proxy") command.Flags().StringVar(&opts.GCPServiceAccountKeyPath, "gcp-service-account-key-path", "", "service account key for the Google Cloud Platform") command.Flags().BoolVar(&opts.ForceHttpBasicAuth, "force-http-basic-auth", false, "whether to force use of basic auth when connecting repository via HTTP") } diff --git a/commitserver/apiclient/clientset.go b/commitserver/apiclient/clientset.go new file mode 100644 index 0000000000000..795766e54e3db --- /dev/null +++ b/commitserver/apiclient/clientset.go @@ -0,0 +1,49 @@ +package apiclient + +import ( + "fmt" + + log "github.com/sirupsen/logrus" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + + "github.com/argoproj/argo-cd/v2/util/io" +) + +// Clientset represents commit server api clients +type Clientset interface { + NewCommitServerClient() (io.Closer, CommitServiceClient, error) +} + +type clientSet struct { + address string +} + +// NewCommitServerClient creates new instance of commit server client +func (c *clientSet) NewCommitServerClient() (io.Closer, CommitServiceClient, error) { + conn, err := NewConnection(c.address) + if err != nil { + return nil, nil, fmt.Errorf("failed to open a new connection to commit server: %w", err) + } + return conn, NewCommitServiceClient(conn), nil +} + +// NewConnection creates new connection to commit server +func NewConnection(address string) (*grpc.ClientConn, error) { + var opts []grpc.DialOption + opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials())) + + // TODO: switch to grpc.NewClient. + // nolint:staticcheck + conn, err := grpc.Dial(address, opts...) + if err != nil { + log.Errorf("Unable to connect to commit service with address %s", address) + return nil, err + } + return conn, nil +} + +// NewCommitServerClientset creates new instance of commit server Clientset +func NewCommitServerClientset(address string) Clientset { + return &clientSet{address: address} +} diff --git a/commitserver/apiclient/commit.pb.go b/commitserver/apiclient/commit.pb.go new file mode 100644 index 0000000000000..3e371575827ac --- /dev/null +++ b/commitserver/apiclient/commit.pb.go @@ -0,0 +1,1382 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: commitserver/commit/commit.proto + +package apiclient + +import ( + context "context" + fmt "fmt" + v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + proto "github.com/gogo/protobuf/proto" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + io "io" + math "math" + math_bits "math/bits" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +// CommitHydratedManifestsRequest is the request to commit hydrated manifests to a repository. +type CommitHydratedManifestsRequest struct { + // Repo contains repository information including, at minimum, the URL of the repository. Generally it will contain + // repo credentials. + Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` + // SyncBranch is the branch Argo CD syncs from, i.e. the hydrated branch. + SyncBranch string `protobuf:"bytes,2,opt,name=syncBranch,proto3" json:"syncBranch,omitempty"` + // TargetBranch is the branch Argo CD is committing to, i.e. the branch that will be updated. + TargetBranch string `protobuf:"bytes,3,opt,name=targetBranch,proto3" json:"targetBranch,omitempty"` + // DrySha is the commit SHA from the dry branch, i.e. pre-rendered manifest branch. + DrySha string `protobuf:"bytes,4,opt,name=drySha,proto3" json:"drySha,omitempty"` + // CommitMessage is the commit message to use when committing changes. + CommitMessage string `protobuf:"bytes,5,opt,name=commitMessage,proto3" json:"commitMessage,omitempty"` + // Paths contains the paths to write hydrated manifests to, along with the manifests and commands to execute. + Paths []*PathDetails `protobuf:"bytes,6,rep,name=paths,proto3" json:"paths,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *CommitHydratedManifestsRequest) Reset() { *m = CommitHydratedManifestsRequest{} } +func (m *CommitHydratedManifestsRequest) String() string { return proto.CompactTextString(m) } +func (*CommitHydratedManifestsRequest) ProtoMessage() {} +func (*CommitHydratedManifestsRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_cf3a3abbc35e3069, []int{0} +} +func (m *CommitHydratedManifestsRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CommitHydratedManifestsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_CommitHydratedManifestsRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *CommitHydratedManifestsRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_CommitHydratedManifestsRequest.Merge(m, src) +} +func (m *CommitHydratedManifestsRequest) XXX_Size() int { + return m.Size() +} +func (m *CommitHydratedManifestsRequest) XXX_DiscardUnknown() { + xxx_messageInfo_CommitHydratedManifestsRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_CommitHydratedManifestsRequest proto.InternalMessageInfo + +func (m *CommitHydratedManifestsRequest) GetRepo() *v1alpha1.Repository { + if m != nil { + return m.Repo + } + return nil +} + +func (m *CommitHydratedManifestsRequest) GetSyncBranch() string { + if m != nil { + return m.SyncBranch + } + return "" +} + +func (m *CommitHydratedManifestsRequest) GetTargetBranch() string { + if m != nil { + return m.TargetBranch + } + return "" +} + +func (m *CommitHydratedManifestsRequest) GetDrySha() string { + if m != nil { + return m.DrySha + } + return "" +} + +func (m *CommitHydratedManifestsRequest) GetCommitMessage() string { + if m != nil { + return m.CommitMessage + } + return "" +} + +func (m *CommitHydratedManifestsRequest) GetPaths() []*PathDetails { + if m != nil { + return m.Paths + } + return nil +} + +// PathDetails holds information about hydrated manifests to be written to a particular path in the hydrated manifests +// commit. +type PathDetails struct { + // Path is the path to write the hydrated manifests to. + Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` + // Manifests contains the manifests to write to the path. + Manifests []*HydratedManifestDetails `protobuf:"bytes,2,rep,name=manifests,proto3" json:"manifests,omitempty"` + // Commands contains the commands executed when hydrating the manifests. + Commands []string `protobuf:"bytes,3,rep,name=commands,proto3" json:"commands,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *PathDetails) Reset() { *m = PathDetails{} } +func (m *PathDetails) String() string { return proto.CompactTextString(m) } +func (*PathDetails) ProtoMessage() {} +func (*PathDetails) Descriptor() ([]byte, []int) { + return fileDescriptor_cf3a3abbc35e3069, []int{1} +} +func (m *PathDetails) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PathDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_PathDetails.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *PathDetails) XXX_Merge(src proto.Message) { + xxx_messageInfo_PathDetails.Merge(m, src) +} +func (m *PathDetails) XXX_Size() int { + return m.Size() +} +func (m *PathDetails) XXX_DiscardUnknown() { + xxx_messageInfo_PathDetails.DiscardUnknown(m) +} + +var xxx_messageInfo_PathDetails proto.InternalMessageInfo + +func (m *PathDetails) GetPath() string { + if m != nil { + return m.Path + } + return "" +} + +func (m *PathDetails) GetManifests() []*HydratedManifestDetails { + if m != nil { + return m.Manifests + } + return nil +} + +func (m *PathDetails) GetCommands() []string { + if m != nil { + return m.Commands + } + return nil +} + +// ManifestDetails contains the hydrated manifests. +type HydratedManifestDetails struct { + // ManifestJSON is the hydrated manifest as JSON. + ManifestJSON string `protobuf:"bytes,1,opt,name=manifestJSON,proto3" json:"manifestJSON,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *HydratedManifestDetails) Reset() { *m = HydratedManifestDetails{} } +func (m *HydratedManifestDetails) String() string { return proto.CompactTextString(m) } +func (*HydratedManifestDetails) ProtoMessage() {} +func (*HydratedManifestDetails) Descriptor() ([]byte, []int) { + return fileDescriptor_cf3a3abbc35e3069, []int{2} +} +func (m *HydratedManifestDetails) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *HydratedManifestDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_HydratedManifestDetails.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *HydratedManifestDetails) XXX_Merge(src proto.Message) { + xxx_messageInfo_HydratedManifestDetails.Merge(m, src) +} +func (m *HydratedManifestDetails) XXX_Size() int { + return m.Size() +} +func (m *HydratedManifestDetails) XXX_DiscardUnknown() { + xxx_messageInfo_HydratedManifestDetails.DiscardUnknown(m) +} + +var xxx_messageInfo_HydratedManifestDetails proto.InternalMessageInfo + +func (m *HydratedManifestDetails) GetManifestJSON() string { + if m != nil { + return m.ManifestJSON + } + return "" +} + +// ManifestsResponse is the response to the ManifestsRequest. +type CommitHydratedManifestsResponse struct { + // HydratedSha is the commit SHA of the hydrated manifests commit. + HydratedSha string `protobuf:"bytes,1,opt,name=hydratedSha,proto3" json:"hydratedSha,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *CommitHydratedManifestsResponse) Reset() { *m = CommitHydratedManifestsResponse{} } +func (m *CommitHydratedManifestsResponse) String() string { return proto.CompactTextString(m) } +func (*CommitHydratedManifestsResponse) ProtoMessage() {} +func (*CommitHydratedManifestsResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_cf3a3abbc35e3069, []int{3} +} +func (m *CommitHydratedManifestsResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *CommitHydratedManifestsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_CommitHydratedManifestsResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *CommitHydratedManifestsResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_CommitHydratedManifestsResponse.Merge(m, src) +} +func (m *CommitHydratedManifestsResponse) XXX_Size() int { + return m.Size() +} +func (m *CommitHydratedManifestsResponse) XXX_DiscardUnknown() { + xxx_messageInfo_CommitHydratedManifestsResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_CommitHydratedManifestsResponse proto.InternalMessageInfo + +func (m *CommitHydratedManifestsResponse) GetHydratedSha() string { + if m != nil { + return m.HydratedSha + } + return "" +} + +func init() { + proto.RegisterType((*CommitHydratedManifestsRequest)(nil), "CommitHydratedManifestsRequest") + proto.RegisterType((*PathDetails)(nil), "PathDetails") + proto.RegisterType((*HydratedManifestDetails)(nil), "HydratedManifestDetails") + proto.RegisterType((*CommitHydratedManifestsResponse)(nil), "CommitHydratedManifestsResponse") +} + +func init() { proto.RegisterFile("commitserver/commit/commit.proto", fileDescriptor_cf3a3abbc35e3069) } + +var fileDescriptor_cf3a3abbc35e3069 = []byte{ + // 446 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x93, 0xc1, 0x6e, 0xd3, 0x40, + 0x10, 0x86, 0xe5, 0x24, 0x8d, 0xc8, 0xa4, 0xbd, 0xec, 0x81, 0x5a, 0x39, 0xb8, 0x96, 0xc5, 0x21, + 0x17, 0xd6, 0xaa, 0x11, 0xdc, 0xb8, 0x34, 0x1c, 0x2a, 0x44, 0x01, 0x39, 0x37, 0x54, 0x09, 0x6d, + 0xd7, 0x83, 0xbd, 0x34, 0xf6, 0x2e, 0xbb, 0x1b, 0x4b, 0x79, 0x1f, 0x1e, 0x86, 0x23, 0x8f, 0x80, + 0xf2, 0x24, 0xc8, 0x6b, 0x9b, 0xc6, 0x48, 0x69, 0x4f, 0x9e, 0xf9, 0x67, 0xf4, 0xcd, 0xe8, 0xf7, + 0x2c, 0x84, 0x5c, 0x96, 0xa5, 0xb0, 0x06, 0x75, 0x8d, 0x3a, 0x6e, 0x93, 0xee, 0x43, 0x95, 0x96, + 0x56, 0x2e, 0x3e, 0xe4, 0xc2, 0x16, 0xdb, 0x3b, 0xca, 0x65, 0x19, 0x33, 0x9d, 0x4b, 0xa5, 0xe5, + 0x77, 0x17, 0xbc, 0xe4, 0x59, 0x5c, 0x27, 0xb1, 0xba, 0xcf, 0x63, 0xa6, 0x84, 0x89, 0x99, 0x52, + 0x1b, 0xc1, 0x99, 0x15, 0xb2, 0x8a, 0xeb, 0x4b, 0xb6, 0x51, 0x05, 0xbb, 0x8c, 0x73, 0xac, 0x50, + 0x33, 0x8b, 0x59, 0x4b, 0x8b, 0x7e, 0x8e, 0x20, 0x58, 0x39, 0xfc, 0xf5, 0x2e, 0x73, 0x85, 0x1b, + 0x56, 0x89, 0x6f, 0x68, 0xac, 0x49, 0xf1, 0xc7, 0x16, 0x8d, 0x25, 0xb7, 0x30, 0xd1, 0xa8, 0xa4, + 0xef, 0x85, 0xde, 0x72, 0x9e, 0x5c, 0xd3, 0x87, 0xf9, 0xb4, 0x9f, 0xef, 0x82, 0xaf, 0x3c, 0xa3, + 0x75, 0x42, 0xd5, 0x7d, 0x4e, 0x9b, 0xf9, 0xf4, 0x60, 0x3e, 0xed, 0xe7, 0xd3, 0x14, 0x95, 0x34, + 0xc2, 0x4a, 0xbd, 0x4b, 0x1d, 0x95, 0x04, 0x00, 0x66, 0x57, 0xf1, 0x2b, 0xcd, 0x2a, 0x5e, 0xf8, + 0xa3, 0xd0, 0x5b, 0xce, 0xd2, 0x03, 0x85, 0x44, 0x70, 0x6a, 0x99, 0xce, 0xd1, 0x76, 0x1d, 0x63, + 0xd7, 0x31, 0xd0, 0xc8, 0x73, 0x98, 0x66, 0x7a, 0xb7, 0x2e, 0x98, 0x3f, 0x71, 0xd5, 0x2e, 0x23, + 0x2f, 0xe0, 0xac, 0xb5, 0xee, 0x06, 0x8d, 0x61, 0x39, 0xfa, 0x27, 0xae, 0x3c, 0x14, 0x49, 0x04, + 0x27, 0x8a, 0xd9, 0xc2, 0xf8, 0xd3, 0x70, 0xbc, 0x9c, 0x27, 0xa7, 0xf4, 0x33, 0xb3, 0xc5, 0x3b, + 0xb4, 0x4c, 0x6c, 0x4c, 0xda, 0x96, 0xa2, 0x2d, 0xcc, 0x0f, 0x54, 0x42, 0x60, 0xd2, 0xe8, 0xce, + 0x92, 0x59, 0xea, 0x62, 0xf2, 0x06, 0x66, 0x65, 0x6f, 0x9d, 0x3f, 0x72, 0x28, 0x9f, 0xfe, 0x6f, + 0x6a, 0x8f, 0x7d, 0x68, 0x25, 0x0b, 0x78, 0xd6, 0xec, 0xc3, 0xaa, 0xcc, 0xf8, 0xe3, 0x70, 0xbc, + 0x9c, 0xa5, 0xff, 0xf2, 0xe8, 0x2d, 0x9c, 0x1f, 0x21, 0x34, 0xbe, 0xf4, 0x8c, 0xf7, 0xeb, 0x4f, + 0x1f, 0xbb, 0x55, 0x06, 0x5a, 0xb4, 0x82, 0x8b, 0xa3, 0xff, 0xd6, 0x28, 0x59, 0x19, 0x24, 0x21, + 0xcc, 0x8b, 0xae, 0xd8, 0xf8, 0xd7, 0x52, 0x0e, 0xa5, 0xa4, 0x84, 0xb3, 0x16, 0xb2, 0x46, 0x5d, + 0x0b, 0x8e, 0xe4, 0x16, 0xce, 0x8f, 0x50, 0xc9, 0x05, 0x7d, 0xfc, 0x96, 0x16, 0x21, 0x7d, 0x62, + 0xa1, 0xab, 0xd5, 0xaf, 0x7d, 0xe0, 0xfd, 0xde, 0x07, 0xde, 0x9f, 0x7d, 0xe0, 0x7d, 0x79, 0xfd, + 0xc4, 0xb1, 0x0f, 0x5e, 0x0b, 0x53, 0x82, 0x6f, 0x04, 0x56, 0xf6, 0x6e, 0xea, 0x8e, 0xfb, 0xd5, + 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x89, 0xb8, 0xdf, 0x48, 0x4e, 0x03, 0x00, 0x00, +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConn + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion4 + +// CommitServiceClient is the client API for CommitService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type CommitServiceClient interface { + // Commit commits hydrated manifests to a repository. + CommitHydratedManifests(ctx context.Context, in *CommitHydratedManifestsRequest, opts ...grpc.CallOption) (*CommitHydratedManifestsResponse, error) +} + +type commitServiceClient struct { + cc *grpc.ClientConn +} + +func NewCommitServiceClient(cc *grpc.ClientConn) CommitServiceClient { + return &commitServiceClient{cc} +} + +func (c *commitServiceClient) CommitHydratedManifests(ctx context.Context, in *CommitHydratedManifestsRequest, opts ...grpc.CallOption) (*CommitHydratedManifestsResponse, error) { + out := new(CommitHydratedManifestsResponse) + err := c.cc.Invoke(ctx, "/CommitService/CommitHydratedManifests", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CommitServiceServer is the server API for CommitService service. +type CommitServiceServer interface { + // Commit commits hydrated manifests to a repository. + CommitHydratedManifests(context.Context, *CommitHydratedManifestsRequest) (*CommitHydratedManifestsResponse, error) +} + +// UnimplementedCommitServiceServer can be embedded to have forward compatible implementations. +type UnimplementedCommitServiceServer struct { +} + +func (*UnimplementedCommitServiceServer) CommitHydratedManifests(ctx context.Context, req *CommitHydratedManifestsRequest) (*CommitHydratedManifestsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CommitHydratedManifests not implemented") +} + +func RegisterCommitServiceServer(s *grpc.Server, srv CommitServiceServer) { + s.RegisterService(&_CommitService_serviceDesc, srv) +} + +func _CommitService_CommitHydratedManifests_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CommitHydratedManifestsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CommitServiceServer).CommitHydratedManifests(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/CommitService/CommitHydratedManifests", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CommitServiceServer).CommitHydratedManifests(ctx, req.(*CommitHydratedManifestsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _CommitService_serviceDesc = grpc.ServiceDesc{ + ServiceName: "CommitService", + HandlerType: (*CommitServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "CommitHydratedManifests", + Handler: _CommitService_CommitHydratedManifests_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "commitserver/commit/commit.proto", +} + +func (m *CommitHydratedManifestsRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CommitHydratedManifestsRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CommitHydratedManifestsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Paths) > 0 { + for iNdEx := len(m.Paths) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Paths[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintCommit(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x32 + } + } + if len(m.CommitMessage) > 0 { + i -= len(m.CommitMessage) + copy(dAtA[i:], m.CommitMessage) + i = encodeVarintCommit(dAtA, i, uint64(len(m.CommitMessage))) + i-- + dAtA[i] = 0x2a + } + if len(m.DrySha) > 0 { + i -= len(m.DrySha) + copy(dAtA[i:], m.DrySha) + i = encodeVarintCommit(dAtA, i, uint64(len(m.DrySha))) + i-- + dAtA[i] = 0x22 + } + if len(m.TargetBranch) > 0 { + i -= len(m.TargetBranch) + copy(dAtA[i:], m.TargetBranch) + i = encodeVarintCommit(dAtA, i, uint64(len(m.TargetBranch))) + i-- + dAtA[i] = 0x1a + } + if len(m.SyncBranch) > 0 { + i -= len(m.SyncBranch) + copy(dAtA[i:], m.SyncBranch) + i = encodeVarintCommit(dAtA, i, uint64(len(m.SyncBranch))) + i-- + dAtA[i] = 0x12 + } + if m.Repo != nil { + { + size, err := m.Repo.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintCommit(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *PathDetails) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PathDetails) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PathDetails) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.Commands) > 0 { + for iNdEx := len(m.Commands) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Commands[iNdEx]) + copy(dAtA[i:], m.Commands[iNdEx]) + i = encodeVarintCommit(dAtA, i, uint64(len(m.Commands[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + if len(m.Manifests) > 0 { + for iNdEx := len(m.Manifests) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Manifests[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintCommit(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + if len(m.Path) > 0 { + i -= len(m.Path) + copy(dAtA[i:], m.Path) + i = encodeVarintCommit(dAtA, i, uint64(len(m.Path))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *HydratedManifestDetails) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *HydratedManifestDetails) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *HydratedManifestDetails) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.ManifestJSON) > 0 { + i -= len(m.ManifestJSON) + copy(dAtA[i:], m.ManifestJSON) + i = encodeVarintCommit(dAtA, i, uint64(len(m.ManifestJSON))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *CommitHydratedManifestsResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CommitHydratedManifestsResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *CommitHydratedManifestsResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.HydratedSha) > 0 { + i -= len(m.HydratedSha) + copy(dAtA[i:], m.HydratedSha) + i = encodeVarintCommit(dAtA, i, uint64(len(m.HydratedSha))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func encodeVarintCommit(dAtA []byte, offset int, v uint64) int { + offset -= sovCommit(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *CommitHydratedManifestsRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Repo != nil { + l = m.Repo.Size() + n += 1 + l + sovCommit(uint64(l)) + } + l = len(m.SyncBranch) + if l > 0 { + n += 1 + l + sovCommit(uint64(l)) + } + l = len(m.TargetBranch) + if l > 0 { + n += 1 + l + sovCommit(uint64(l)) + } + l = len(m.DrySha) + if l > 0 { + n += 1 + l + sovCommit(uint64(l)) + } + l = len(m.CommitMessage) + if l > 0 { + n += 1 + l + sovCommit(uint64(l)) + } + if len(m.Paths) > 0 { + for _, e := range m.Paths { + l = e.Size() + n += 1 + l + sovCommit(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *PathDetails) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Path) + if l > 0 { + n += 1 + l + sovCommit(uint64(l)) + } + if len(m.Manifests) > 0 { + for _, e := range m.Manifests { + l = e.Size() + n += 1 + l + sovCommit(uint64(l)) + } + } + if len(m.Commands) > 0 { + for _, s := range m.Commands { + l = len(s) + n += 1 + l + sovCommit(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *HydratedManifestDetails) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.ManifestJSON) + if l > 0 { + n += 1 + l + sovCommit(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *CommitHydratedManifestsResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.HydratedSha) + if l > 0 { + n += 1 + l + sovCommit(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func sovCommit(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozCommit(x uint64) (n int) { + return sovCommit(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *CommitHydratedManifestsRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CommitHydratedManifestsRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CommitHydratedManifestsRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Repo", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Repo == nil { + m.Repo = &v1alpha1.Repository{} + } + if err := m.Repo.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SyncBranch", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SyncBranch = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TargetBranch", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TargetBranch = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DrySha", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DrySha = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CommitMessage", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CommitMessage = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Paths", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Paths = append(m.Paths, &PathDetails{}) + if err := m.Paths[len(m.Paths)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipCommit(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommit + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PathDetails) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PathDetails: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PathDetails: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Path = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Manifests", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Manifests = append(m.Manifests, &HydratedManifestDetails{}) + if err := m.Manifests[len(m.Manifests)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Commands", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Commands = append(m.Commands, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipCommit(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommit + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *HydratedManifestDetails) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: HydratedManifestDetails: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: HydratedManifestDetails: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ManifestJSON", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ManifestJSON = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipCommit(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommit + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *CommitHydratedManifestsResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CommitHydratedManifestsResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CommitHydratedManifestsResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field HydratedSha", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCommit + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCommit + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthCommit + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.HydratedSha = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipCommit(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthCommit + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipCommit(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowCommit + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowCommit + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowCommit + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthCommit + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupCommit + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthCommit + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthCommit = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowCommit = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupCommit = fmt.Errorf("proto: unexpected end of group") +) diff --git a/commitserver/apiclient/mocks/Clientset.go b/commitserver/apiclient/mocks/Clientset.go new file mode 100644 index 0000000000000..bb51a52c9a623 --- /dev/null +++ b/commitserver/apiclient/mocks/Clientset.go @@ -0,0 +1,68 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import ( + apiclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient" + io "github.com/argoproj/argo-cd/v2/util/io" + + mock "github.com/stretchr/testify/mock" +) + +// Clientset is an autogenerated mock type for the Clientset type +type Clientset struct { + mock.Mock +} + +// NewCommitServerClient provides a mock function with given fields: +func (_m *Clientset) NewCommitServerClient() (io.Closer, apiclient.CommitServiceClient, error) { + ret := _m.Called() + + if len(ret) == 0 { + panic("no return value specified for NewCommitServerClient") + } + + var r0 io.Closer + var r1 apiclient.CommitServiceClient + var r2 error + if rf, ok := ret.Get(0).(func() (io.Closer, apiclient.CommitServiceClient, error)); ok { + return rf() + } + if rf, ok := ret.Get(0).(func() io.Closer); ok { + r0 = rf() + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(io.Closer) + } + } + + if rf, ok := ret.Get(1).(func() apiclient.CommitServiceClient); ok { + r1 = rf() + } else { + if ret.Get(1) != nil { + r1 = ret.Get(1).(apiclient.CommitServiceClient) + } + } + + if rf, ok := ret.Get(2).(func() error); ok { + r2 = rf() + } else { + r2 = ret.Error(2) + } + + return r0, r1, r2 +} + +// NewClientset creates a new instance of Clientset. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClientset(t interface { + mock.TestingT + Cleanup(func()) +}) *Clientset { + mock := &Clientset{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/commitserver/apiclient/mocks/CommitServiceClient.go b/commitserver/apiclient/mocks/CommitServiceClient.go new file mode 100644 index 0000000000000..d122aa1a710c1 --- /dev/null +++ b/commitserver/apiclient/mocks/CommitServiceClient.go @@ -0,0 +1,69 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import ( + context "context" + + apiclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient" + + grpc "google.golang.org/grpc" + + mock "github.com/stretchr/testify/mock" +) + +// CommitServiceClient is an autogenerated mock type for the CommitServiceClient type +type CommitServiceClient struct { + mock.Mock +} + +// CommitHydratedManifests provides a mock function with given fields: ctx, in, opts +func (_m *CommitServiceClient) CommitHydratedManifests(ctx context.Context, in *apiclient.CommitHydratedManifestsRequest, opts ...grpc.CallOption) (*apiclient.CommitHydratedManifestsResponse, error) { + _va := make([]interface{}, len(opts)) + for _i := range opts { + _va[_i] = opts[_i] + } + var _ca []interface{} + _ca = append(_ca, ctx, in) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for CommitHydratedManifests") + } + + var r0 *apiclient.CommitHydratedManifestsResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *apiclient.CommitHydratedManifestsRequest, ...grpc.CallOption) (*apiclient.CommitHydratedManifestsResponse, error)); ok { + return rf(ctx, in, opts...) + } + if rf, ok := ret.Get(0).(func(context.Context, *apiclient.CommitHydratedManifestsRequest, ...grpc.CallOption) *apiclient.CommitHydratedManifestsResponse); ok { + r0 = rf(ctx, in, opts...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*apiclient.CommitHydratedManifestsResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *apiclient.CommitHydratedManifestsRequest, ...grpc.CallOption) error); ok { + r1 = rf(ctx, in, opts...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewCommitServiceClient creates a new instance of CommitServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewCommitServiceClient(t interface { + mock.TestingT + Cleanup(func()) +}) *CommitServiceClient { + mock := &CommitServiceClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/commitserver/commit/commit.go b/commitserver/commit/commit.go new file mode 100644 index 0000000000000..0a40b3a7d6042 --- /dev/null +++ b/commitserver/commit/commit.go @@ -0,0 +1,225 @@ +package commit + +import ( + "context" + "fmt" + "os" + "time" + + log "github.com/sirupsen/logrus" + + "github.com/argoproj/argo-cd/v2/commitserver/apiclient" + "github.com/argoproj/argo-cd/v2/commitserver/metrics" + "github.com/argoproj/argo-cd/v2/util/git" + "github.com/argoproj/argo-cd/v2/util/io/files" +) + +// Service is the service that handles commit requests. +type Service struct { + gitCredsStore git.CredsStore + metricsServer *metrics.Server + repoClientFactory RepoClientFactory +} + +// NewService returns a new instance of the commit service. +func NewService(gitCredsStore git.CredsStore, metricsServer *metrics.Server) *Service { + return &Service{ + gitCredsStore: gitCredsStore, + metricsServer: metricsServer, + repoClientFactory: NewRepoClientFactory(gitCredsStore, metricsServer), + } +} + +// CommitHydratedManifests handles a commit request. It clones the repository, checks out the sync branch, checks out +// the target branch, clears the repository contents, writes the manifests to the repository, commits the changes, and +// pushes the changes. It returns the hydrated revision SHA and an error if one occurred. +func (s *Service) CommitHydratedManifests(ctx context.Context, r *apiclient.CommitHydratedManifestsRequest) (*apiclient.CommitHydratedManifestsResponse, error) { + // This method is intentionally short. It's a wrapper around handleCommitRequest that adds metrics and logging. + // Keep logic here minimal and put most of the logic in handleCommitRequest. + startTime := time.Now() + + // We validate for a nil repo in handleCommitRequest, but we need to check for a nil repo here to get the repo URL + // for metrics. + var repoURL string + if r.Repo != nil { + repoURL = r.Repo.Repo + } + + var err error + s.metricsServer.IncPendingCommitRequest(repoURL) + defer func() { + s.metricsServer.DecPendingCommitRequest(repoURL) + commitResponseType := metrics.CommitResponseTypeSuccess + if err != nil { + commitResponseType = metrics.CommitResponseTypeFailure + } + s.metricsServer.IncCommitRequest(repoURL, commitResponseType) + s.metricsServer.ObserveCommitRequestDuration(repoURL, commitResponseType, time.Since(startTime)) + }() + + logCtx := log.WithFields(log.Fields{"branch": r.TargetBranch, "drySHA": r.DrySha}) + + out, sha, err := s.handleCommitRequest(logCtx, r) + if err != nil { + logCtx.WithError(err).WithField("output", out).Error("failed to handle commit request") + + // No need to wrap this error, sufficient context is build in handleCommitRequest. + return &apiclient.CommitHydratedManifestsResponse{}, err + } + + logCtx.Info("Successfully handled commit request") + return &apiclient.CommitHydratedManifestsResponse{ + HydratedSha: sha, + }, nil +} + +// handleCommitRequest handles the commit request. It clones the repository, checks out the sync branch, checks out the +// target branch, clears the repository contents, writes the manifests to the repository, commits the changes, and pushes +// the changes. It returns the output of the git commands and an error if one occurred. +func (s *Service) handleCommitRequest(logCtx *log.Entry, r *apiclient.CommitHydratedManifestsRequest) (string, string, error) { + if r.Repo == nil { + return "", "", fmt.Errorf("repo is required") + } + if r.Repo.Repo == "" { + return "", "", fmt.Errorf("repo URL is required") + } + if r.TargetBranch == "" { + return "", "", fmt.Errorf("target branch is required") + } + if r.SyncBranch == "" { + return "", "", fmt.Errorf("sync branch is required") + } + + logCtx = logCtx.WithField("repo", r.Repo.Repo) + logCtx.Debug("Initiating git client") + gitClient, dirPath, cleanup, err := s.initGitClient(logCtx, r) + if err != nil { + return "", "", fmt.Errorf("failed to init git client: %w", err) + } + defer cleanup() + + logCtx.Debugf("Checking out sync branch %s", r.SyncBranch) + var out string + out, err = gitClient.CheckoutOrOrphan(r.SyncBranch, false) + if err != nil { + return out, "", fmt.Errorf("failed to checkout sync branch: %w", err) + } + + logCtx.Debugf("Checking out target branch %s", r.TargetBranch) + out, err = gitClient.CheckoutOrNew(r.TargetBranch, r.SyncBranch, false) + if err != nil { + return out, "", fmt.Errorf("failed to checkout target branch: %w", err) + } + + logCtx.Debug("Clearing repo contents") + out, err = gitClient.RemoveContents() + if err != nil { + return out, "", fmt.Errorf("failed to clear repo: %w", err) + } + + logCtx.Debug("Writing manifests") + err = WriteForPaths(dirPath, r.Repo.Repo, r.DrySha, r.Paths) + if err != nil { + return "", "", fmt.Errorf("failed to write manifests: %w", err) + } + + logCtx.Debug("Committing and pushing changes") + out, err = gitClient.CommitAndPush(r.TargetBranch, r.CommitMessage) + if err != nil { + return out, "", fmt.Errorf("failed to commit and push: %w", err) + } + + logCtx.Debug("Getting commit SHA") + sha, err := gitClient.CommitSHA() + if err != nil { + return "", "", fmt.Errorf("failed to get commit SHA: %w", err) + } + + return "", sha, nil +} + +// initGitClient initializes a git client for the given repository and returns the client, the path to the directory where +// the repository is cloned, a cleanup function that should be called when the directory is no longer needed, and an error +// if one occurred. +func (s *Service) initGitClient(logCtx *log.Entry, r *apiclient.CommitHydratedManifestsRequest) (git.Client, string, func(), error) { + dirPath, err := files.CreateTempDir("/tmp/_commit-service") + if err != nil { + return nil, "", nil, fmt.Errorf("failed to create temp dir: %w", err) + } + // Call cleanupOrLog in this function if an error occurs to ensure the temp dir is cleaned up. + cleanupOrLog := func() { + err := os.RemoveAll(dirPath) + if err != nil { + logCtx.WithError(err).Error("failed to cleanup temp dir") + } + } + + gitClient, err := s.repoClientFactory.NewClient(r.Repo, dirPath) + if err != nil { + cleanupOrLog() + return nil, "", nil, fmt.Errorf("failed to create git client: %w", err) + } + + logCtx.Debugf("Initializing repo %s", r.Repo.Repo) + err = gitClient.Init() + if err != nil { + cleanupOrLog() + return nil, "", nil, fmt.Errorf("failed to init git client: %w", err) + } + + logCtx.Debugf("Fetching repo %s", r.Repo.Repo) + err = gitClient.Fetch("") + if err != nil { + cleanupOrLog() + return nil, "", nil, fmt.Errorf("failed to clone repo: %w", err) + } + + // FIXME: make it work for GHE + //logCtx.Debugf("Getting user info for repo credentials") + //gitCreds := r.Repo.GetGitCreds(s.gitCredsStore) + //startTime := time.Now() + //authorName, authorEmail, err := gitCreds.GetUserInfo(ctx) + //s.metricsServer.ObserveUserInfoRequestDuration(r.Repo.Repo, getCredentialType(r.Repo), time.Since(startTime)) + //if err != nil { + // cleanupOrLog() + // return nil, "", nil, fmt.Errorf("failed to get github app info: %w", err) + //} + var authorName, authorEmail string + + if authorName == "" { + authorName = "Argo CD" + } + if authorEmail == "" { + logCtx.Warnf("Author email not available, using 'argo-cd@example.com'.") + authorEmail = "argo-cd@example.com" + } + + logCtx.Debugf("Setting author %s <%s>", authorName, authorEmail) + _, err = gitClient.SetAuthor(authorName, authorEmail) + if err != nil { + cleanupOrLog() + return nil, "", nil, fmt.Errorf("failed to set author: %w", err) + } + + return gitClient, dirPath, cleanupOrLog, nil +} + +type hydratorMetadataFile struct { + RepoURL string `json:"repoURL"` + DrySHA string `json:"drySha"` + Commands []string `json:"commands"` +} + +// TODO: make this configurable via ConfigMap. +var manifestHydrationReadmeTemplate = ` +# Manifest Hydration + +To hydrate the manifests in this repository, run the following commands: + +` + "```shell\n" + ` +git clone {{ .RepoURL }} +# cd into the cloned directory +git checkout {{ .DrySHA }} +{{ range $command := .Commands -}} +{{ $command }} +{{ end -}}` + "```" diff --git a/commitserver/commit/commit.proto b/commitserver/commit/commit.proto new file mode 100644 index 0000000000000..fdf8b23c0d00e --- /dev/null +++ b/commitserver/commit/commit.proto @@ -0,0 +1,50 @@ +syntax = "proto3"; +option go_package = "github.com/argoproj/argo-cd/v2/commitserver/apiclient"; + +import "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1/generated.proto"; + +// CommitHydratedManifestsRequest is the request to commit hydrated manifests to a repository. +message CommitHydratedManifestsRequest { + // Repo contains repository information including, at minimum, the URL of the repository. Generally it will contain + // repo credentials. + github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository repo = 1; + // SyncBranch is the branch Argo CD syncs from, i.e. the hydrated branch. + string syncBranch = 2; + // TargetBranch is the branch Argo CD is committing to, i.e. the branch that will be updated. + string targetBranch = 3; + // DrySha is the commit SHA from the dry branch, i.e. pre-rendered manifest branch. + string drySha = 4; + // CommitMessage is the commit message to use when committing changes. + string commitMessage = 5; + // Paths contains the paths to write hydrated manifests to, along with the manifests and commands to execute. + repeated PathDetails paths = 6; +} + +// PathDetails holds information about hydrated manifests to be written to a particular path in the hydrated manifests +// commit. +message PathDetails { + // Path is the path to write the hydrated manifests to. + string path = 1; + // Manifests contains the manifests to write to the path. + repeated HydratedManifestDetails manifests = 2; + // Commands contains the commands executed when hydrating the manifests. + repeated string commands = 3; +} + +// ManifestDetails contains the hydrated manifests. +message HydratedManifestDetails { + // ManifestJSON is the hydrated manifest as JSON. + string manifestJSON = 1; +} + +// ManifestsResponse is the response to the ManifestsRequest. +message CommitHydratedManifestsResponse { + // HydratedSha is the commit SHA of the hydrated manifests commit. + string hydratedSha = 1; +} + +// CommitService is the service for committing hydrated manifests to a repository. +service CommitService { + // Commit commits hydrated manifests to a repository. + rpc CommitHydratedManifests (CommitHydratedManifestsRequest) returns (CommitHydratedManifestsResponse); +} diff --git a/commitserver/commit/commit_test.go b/commitserver/commit/commit_test.go new file mode 100644 index 0000000000000..77bb9b53482a2 --- /dev/null +++ b/commitserver/commit/commit_test.go @@ -0,0 +1,125 @@ +package commit + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + + "github.com/argoproj/argo-cd/v2/commitserver/apiclient" + "github.com/argoproj/argo-cd/v2/commitserver/commit/mocks" + "github.com/argoproj/argo-cd/v2/commitserver/metrics" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/git" + gitmocks "github.com/argoproj/argo-cd/v2/util/git/mocks" +) + +func Test_CommitHydratedManifests(t *testing.T) { + t.Parallel() + + validRequest := &apiclient.CommitHydratedManifestsRequest{ + Repo: &v1alpha1.Repository{ + Repo: "https://github.com/argoproj/argocd-example-apps.git", + }, + TargetBranch: "main", + SyncBranch: "env/test", + CommitMessage: "test commit message", + } + + t.Run("missing repo", func(t *testing.T) { + t.Parallel() + + service, _ := newServiceWithMocks(t) + request := &apiclient.CommitHydratedManifestsRequest{} + _, err := service.CommitHydratedManifests(context.Background(), request) + require.Error(t, err) + assert.ErrorContains(t, err, "repo is required") + }) + + t.Run("missing repo URL", func(t *testing.T) { + t.Parallel() + + service, _ := newServiceWithMocks(t) + request := &apiclient.CommitHydratedManifestsRequest{ + Repo: &v1alpha1.Repository{}, + } + _, err := service.CommitHydratedManifests(context.Background(), request) + require.Error(t, err) + assert.ErrorContains(t, err, "repo URL is required") + }) + + t.Run("missing target branch", func(t *testing.T) { + t.Parallel() + + service, _ := newServiceWithMocks(t) + request := &apiclient.CommitHydratedManifestsRequest{ + Repo: &v1alpha1.Repository{ + Repo: "https://github.com/argoproj/argocd-example-apps.git", + }, + } + _, err := service.CommitHydratedManifests(context.Background(), request) + require.Error(t, err) + assert.ErrorContains(t, err, "target branch is required") + }) + + t.Run("missing sync branch", func(t *testing.T) { + t.Parallel() + + service, _ := newServiceWithMocks(t) + request := &apiclient.CommitHydratedManifestsRequest{ + Repo: &v1alpha1.Repository{ + Repo: "https://github.com/argoproj/argocd-example-apps.git", + }, + TargetBranch: "main", + } + _, err := service.CommitHydratedManifests(context.Background(), request) + require.Error(t, err) + assert.ErrorContains(t, err, "sync branch is required") + }) + + t.Run("failed to create git client", func(t *testing.T) { + t.Parallel() + + service, mockRepoClientFactory := newServiceWithMocks(t) + mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(nil, assert.AnError).Once() + + _, err := service.CommitHydratedManifests(context.Background(), validRequest) + require.Error(t, err) + assert.ErrorIs(t, err, assert.AnError) + }) + + t.Run("happy path", func(t *testing.T) { + t.Parallel() + + service, mockRepoClientFactory := newServiceWithMocks(t) + mockGitClient := gitmocks.NewClient(t) + mockGitClient.On("Init").Return(nil).Once() + mockGitClient.On("Fetch", mock.Anything).Return(nil).Once() + mockGitClient.On("SetAuthor", "Argo CD", "argo-cd@example.com").Return("", nil).Once() + mockGitClient.On("CheckoutOrOrphan", "env/test", false).Return("", nil).Once() + mockGitClient.On("CheckoutOrNew", "main", "env/test", false).Return("", nil).Once() + mockGitClient.On("RemoveContents").Return("", nil).Once() + mockGitClient.On("CommitAndPush", "main", "test commit message").Return("", nil).Once() + mockGitClient.On("CommitSHA").Return("it-worked!", nil).Once() + mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(mockGitClient, nil).Once() + + resp, err := service.CommitHydratedManifests(context.Background(), validRequest) + require.NoError(t, err) + require.NotNil(t, resp) + assert.Equal(t, "it-worked!", resp.HydratedSha) + }) +} + +func newServiceWithMocks(t *testing.T) (*Service, *mocks.RepoClientFactory) { + t.Helper() + + metricsServer := metrics.NewMetricsServer() + mockCredsStore := git.NoopCredsStore{} + service := NewService(mockCredsStore, metricsServer) + mockRepoClientFactory := mocks.NewRepoClientFactory(t) + service.repoClientFactory = mockRepoClientFactory + + return service, mockRepoClientFactory +} diff --git a/commitserver/commit/credentialtypehelper.go b/commitserver/commit/credentialtypehelper.go new file mode 100644 index 0000000000000..eda3b8040d497 --- /dev/null +++ b/commitserver/commit/credentialtypehelper.go @@ -0,0 +1,23 @@ +package commit + +import "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + +// getCredentialType returns the type of credential used by the repository. +func getCredentialType(repo *v1alpha1.Repository) string { + if repo == nil { + return "" + } + if repo.Password != "" { + return "https" + } + if repo.SSHPrivateKey != "" { + return "ssh" + } + if repo.GithubAppPrivateKey != "" && repo.GithubAppId != 0 && repo.GithubAppInstallationId != 0 { + return "github-app" + } + if repo.GCPServiceAccountKey != "" { + return "cloud-source-repositories" + } + return "" +} diff --git a/commitserver/commit/credentialtypehelper_test.go b/commitserver/commit/credentialtypehelper_test.go new file mode 100644 index 0000000000000..45a013410c20d --- /dev/null +++ b/commitserver/commit/credentialtypehelper_test.go @@ -0,0 +1,62 @@ +package commit + +import ( + "testing" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +func TestRepository_GetCredentialType(t *testing.T) { + tests := []struct { + name string + repo *v1alpha1.Repository + want string + }{ + { + name: "Empty Repository", + repo: nil, + want: "", + }, + { + name: "HTTPS Repository", + repo: &v1alpha1.Repository{ + Repo: "foo", + Password: "some-password", + }, + want: "https", + }, + { + name: "SSH Repository", + repo: &v1alpha1.Repository{ + Repo: "foo", + SSHPrivateKey: "some-key", + }, + want: "ssh", + }, + { + name: "GitHub App Repository", + repo: &v1alpha1.Repository{ + Repo: "foo", + GithubAppPrivateKey: "some-key", + GithubAppId: 1, + GithubAppInstallationId: 1, + }, + want: "github-app", + }, + { + name: "Google Cloud Repository", + repo: &v1alpha1.Repository{ + Repo: "foo", + GCPServiceAccountKey: "some-key", + }, + want: "cloud-source-repositories", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := getCredentialType(tt.repo); got != tt.want { + t.Errorf("Repository.GetCredentialType() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/commitserver/commit/hydratorhelper.go b/commitserver/commit/hydratorhelper.go new file mode 100644 index 0000000000000..a4fbeb591b53c --- /dev/null +++ b/commitserver/commit/hydratorhelper.go @@ -0,0 +1,145 @@ +package commit + +import ( + "encoding/json" + "fmt" + "os" + "path" + "text/template" + + log "github.com/sirupsen/logrus" + "gopkg.in/yaml.v3" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + "github.com/argoproj/argo-cd/v2/commitserver/apiclient" + "github.com/argoproj/argo-cd/v2/util/io/files" +) + +// WriteForPaths writes the manifests, hydrator.metadata, and README.md files for each path in the provided paths. It +// also writes a root-level hydrator.metadata file containing the repo URL and dry SHA. +func WriteForPaths(rootPath string, repoUrl string, drySha string, paths []*apiclient.PathDetails) error { + // Write the top-level readme. + err := writeMetadata(rootPath, hydratorMetadataFile{DrySHA: drySha, RepoURL: repoUrl}) + if err != nil { + return fmt.Errorf("failed to write top-level hydrator metadata: %w", err) + } + + for _, p := range paths { + hydratePath := p.Path + if hydratePath == "." { + hydratePath = "" + } + + var fullHydratePath string + fullHydratePath, err = files.SecureMkdirAll(rootPath, hydratePath, os.ModePerm) + if err != nil { + return fmt.Errorf("failed to create path: %w", err) + } + + // Write the manifests + err = writeManifests(fullHydratePath, p.Manifests) + if err != nil { + return fmt.Errorf("failed to write manifests: %w", err) + } + + // Write hydrator.metadata containing information about the hydration process. + hydratorMetadata := hydratorMetadataFile{ + Commands: p.Commands, + DrySHA: drySha, + RepoURL: repoUrl, + } + err = writeMetadata(fullHydratePath, hydratorMetadata) + if err != nil { + return fmt.Errorf("failed to write hydrator metadata: %w", err) + } + + // Write README + err = writeReadme(fullHydratePath, hydratorMetadata) + if err != nil { + return fmt.Errorf("failed to write readme: %w", err) + } + } + return nil +} + +// writeMetadata writes the metadata to the hydrator.metadata file. +func writeMetadata(dirPath string, metadata hydratorMetadataFile) error { + hydratorMetadataJson, err := json.MarshalIndent(metadata, "", " ") + if err != nil { + return fmt.Errorf("failed to marshal hydrator metadata: %w", err) + } + // No need to use SecureJoin here, as the path is already sanitized. + hydratorMetadataPath := path.Join(dirPath, "hydrator.metadata") + err = os.WriteFile(hydratorMetadataPath, hydratorMetadataJson, os.ModePerm) + if err != nil { + return fmt.Errorf("failed to write hydrator metadata: %w", err) + } + return nil +} + +// writeReadme writes the readme to the README.md file. +func writeReadme(dirPath string, metadata hydratorMetadataFile) error { + readmeTemplate := template.New("readme") + readmeTemplate, err := readmeTemplate.Parse(manifestHydrationReadmeTemplate) + if err != nil { + return fmt.Errorf("failed to parse readme template: %w", err) + } + // Create writer to template into + // No need to use SecureJoin here, as the path is already sanitized. + readmePath := path.Join(dirPath, "README.md") + readmeFile, err := os.Create(readmePath) + if err != nil && !os.IsExist(err) { + return fmt.Errorf("failed to create README file: %w", err) + } + err = readmeTemplate.Execute(readmeFile, metadata) + closeErr := readmeFile.Close() + if closeErr != nil { + log.WithError(closeErr).Error("failed to close README file") + } + if err != nil { + return fmt.Errorf("failed to execute readme template: %w", err) + } + return nil +} + +// writeManifests writes the manifests to the manifest.yaml file, truncating the file if it exists and appending the +// manifests in the order they are provided. +func writeManifests(dirPath string, manifests []*apiclient.HydratedManifestDetails) error { + // If the file exists, truncate it. + // No need to use SecureJoin here, as the path is already sanitized. + manifestPath := path.Join(dirPath, "manifest.yaml") + + file, err := os.OpenFile(manifestPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm) + if err != nil { + return fmt.Errorf("failed to open manifest file: %w", err) + } + defer func() { + err := file.Close() + if err != nil { + log.WithError(err).Error("failed to close file") + } + }() + + enc := yaml.NewEncoder(file) + defer func() { + err := enc.Close() + if err != nil { + log.WithError(err).Error("failed to close yaml encoder") + } + }() + enc.SetIndent(2) + + for _, m := range manifests { + obj := &unstructured.Unstructured{} + err = json.Unmarshal([]byte(m.ManifestJSON), obj) + if err != nil { + return fmt.Errorf("failed to unmarshal manifest: %w", err) + } + err = enc.Encode(&obj.Object) + if err != nil { + return fmt.Errorf("failed to encode manifest: %w", err) + } + } + + return nil +} diff --git a/commitserver/commit/hydratorhelper_test.go b/commitserver/commit/hydratorhelper_test.go new file mode 100644 index 0000000000000..51e8adf0c69a5 --- /dev/null +++ b/commitserver/commit/hydratorhelper_test.go @@ -0,0 +1,135 @@ +package commit + +import ( + "encoding/json" + "os" + "path" + "testing" + + securejoin "github.com/cyphar/filepath-securejoin" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/argoproj/argo-cd/v2/commitserver/apiclient" +) + +func TestWriteForPaths(t *testing.T) { + dir := t.TempDir() + + repoUrl := "https://github.com/example/repo" + drySha := "abc123" + paths := []*apiclient.PathDetails{ + { + Path: "path1", + Manifests: []*apiclient.HydratedManifestDetails{ + {ManifestJSON: `{"kind":"Pod","apiVersion":"v1"}`}, + }, + Commands: []string{"command1", "command2"}, + }, + { + Path: "path2", + Manifests: []*apiclient.HydratedManifestDetails{ + {ManifestJSON: `{"kind":"Service","apiVersion":"v1"}`}, + }, + Commands: []string{"command3"}, + }, + } + + err := WriteForPaths(dir, repoUrl, drySha, paths) + require.NoError(t, err) + + // Check if the top-level hydrator.metadata exists and contains the repo URL and dry SHA + topMetadataPath := path.Join(dir, "hydrator.metadata") + topMetadataBytes, err := os.ReadFile(topMetadataPath) + require.NoError(t, err) + + var topMetadata hydratorMetadataFile + err = json.Unmarshal(topMetadataBytes, &topMetadata) + require.NoError(t, err) + assert.Equal(t, repoUrl, topMetadata.RepoURL) + assert.Equal(t, drySha, topMetadata.DrySHA) + + for _, p := range paths { + fullHydratePath, err := securejoin.SecureJoin(dir, p.Path) + require.NoError(t, err) + + // Check if each path directory exists + assert.DirExists(t, fullHydratePath) + + // Check if each path contains a hydrator.metadata file and contains the repo URL + metadataPath := path.Join(fullHydratePath, "hydrator.metadata") + metadataBytes, err := os.ReadFile(metadataPath) + require.NoError(t, err) + + var readMetadata hydratorMetadataFile + err = json.Unmarshal(metadataBytes, &readMetadata) + require.NoError(t, err) + assert.Equal(t, repoUrl, readMetadata.RepoURL) + + // Check if each path contains a README.md file and contains the repo URL + readmePath := path.Join(fullHydratePath, "README.md") + readmeBytes, err := os.ReadFile(readmePath) + require.NoError(t, err) + assert.Contains(t, string(readmeBytes), repoUrl) + + // Check if each path contains a manifest.yaml file and contains the word Pod + manifestPath := path.Join(fullHydratePath, "manifest.yaml") + manifestBytes, err := os.ReadFile(manifestPath) + require.NoError(t, err) + assert.Contains(t, string(manifestBytes), "kind") + } +} + +func TestWriteMetadata(t *testing.T) { + dir := t.TempDir() + + metadata := hydratorMetadataFile{ + RepoURL: "https://github.com/example/repo", + DrySHA: "abc123", + } + + err := writeMetadata(dir, metadata) + require.NoError(t, err) + + metadataPath := path.Join(dir, "hydrator.metadata") + metadataBytes, err := os.ReadFile(metadataPath) + require.NoError(t, err) + + var readMetadata hydratorMetadataFile + err = json.Unmarshal(metadataBytes, &readMetadata) + require.NoError(t, err) + assert.Equal(t, metadata, readMetadata) +} + +func TestWriteReadme(t *testing.T) { + dir := t.TempDir() + + metadata := hydratorMetadataFile{ + RepoURL: "https://github.com/example/repo", + DrySHA: "abc123", + } + + err := writeReadme(dir, metadata) + require.NoError(t, err) + + readmePath := path.Join(dir, "README.md") + readmeBytes, err := os.ReadFile(readmePath) + require.NoError(t, err) + assert.Contains(t, string(readmeBytes), metadata.RepoURL) +} + +func TestWriteManifests(t *testing.T) { + dir := t.TempDir() + + manifests := []*apiclient.HydratedManifestDetails{ + {ManifestJSON: `{"kind":"Pod","apiVersion":"v1"}`}, + } + + err := writeManifests(dir, manifests) + require.NoError(t, err) + + manifestPath := path.Join(dir, "manifest.yaml") + manifestBytes, err := os.ReadFile(manifestPath) + require.NoError(t, err) + assert.Contains(t, string(manifestBytes), "kind") +} diff --git a/commitserver/commit/mocks/RepoClientFactory.go b/commitserver/commit/mocks/RepoClientFactory.go new file mode 100644 index 0000000000000..020c78fdf5f85 --- /dev/null +++ b/commitserver/commit/mocks/RepoClientFactory.go @@ -0,0 +1,59 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +package mocks + +import ( + git "github.com/argoproj/argo-cd/v2/util/git" + mock "github.com/stretchr/testify/mock" + + v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +// RepoClientFactory is an autogenerated mock type for the RepoClientFactory type +type RepoClientFactory struct { + mock.Mock +} + +// NewClient provides a mock function with given fields: repo, rootPath +func (_m *RepoClientFactory) NewClient(repo *v1alpha1.Repository, rootPath string) (git.Client, error) { + ret := _m.Called(repo, rootPath) + + if len(ret) == 0 { + panic("no return value specified for NewClient") + } + + var r0 git.Client + var r1 error + if rf, ok := ret.Get(0).(func(*v1alpha1.Repository, string) (git.Client, error)); ok { + return rf(repo, rootPath) + } + if rf, ok := ret.Get(0).(func(*v1alpha1.Repository, string) git.Client); ok { + r0 = rf(repo, rootPath) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(git.Client) + } + } + + if rf, ok := ret.Get(1).(func(*v1alpha1.Repository, string) error); ok { + r1 = rf(repo, rootPath) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewRepoClientFactory creates a new instance of RepoClientFactory. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewRepoClientFactory(t interface { + mock.TestingT + Cleanup(func()) +}) *RepoClientFactory { + mock := &RepoClientFactory{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/commitserver/commit/repo_client_factory.go b/commitserver/commit/repo_client_factory.go new file mode 100644 index 0000000000000..f0f3b5c75dbd8 --- /dev/null +++ b/commitserver/commit/repo_client_factory.go @@ -0,0 +1,32 @@ +package commit + +import ( + "github.com/argoproj/argo-cd/v2/commitserver/metrics" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/git" +) + +// RepoClientFactory is a factory for creating git clients for a repository. +type RepoClientFactory interface { + NewClient(repo *v1alpha1.Repository, rootPath string) (git.Client, error) +} + +type repoClientFactory struct { + gitCredsStore git.CredsStore + metricsServer *metrics.Server +} + +// NewRepoClientFactory returns a new instance of the repo client factory. +func NewRepoClientFactory(gitCredsStore git.CredsStore, metricsServer *metrics.Server) RepoClientFactory { + return &repoClientFactory{ + gitCredsStore: gitCredsStore, + metricsServer: metricsServer, + } +} + +// NewClient creates a new git client for the repository. +func (r *repoClientFactory) NewClient(repo *v1alpha1.Repository, rootPath string) (git.Client, error) { + gitCreds := repo.GetGitCreds(r.gitCredsStore) + opts := git.WithEventHandlers(metrics.NewGitClientEventHandlers(r.metricsServer)) + return git.NewClientExt(repo.Repo, rootPath, gitCreds, repo.IsInsecure(), repo.IsLFSEnabled(), repo.Proxy, repo.NoProxy, opts) +} diff --git a/commitserver/metrics/githandlers.go b/commitserver/metrics/githandlers.go new file mode 100644 index 0000000000000..4a960ebd54f34 --- /dev/null +++ b/commitserver/metrics/githandlers.go @@ -0,0 +1,34 @@ +package metrics + +import ( + "time" + + "github.com/argoproj/argo-cd/v2/util/git" +) + +// NewGitClientEventHandlers creates event handlers that update Git related metrics +func NewGitClientEventHandlers(metricsServer *Server) git.EventHandlers { + return git.EventHandlers{ + OnFetch: func(repo string) func() { + startTime := time.Now() + metricsServer.IncGitRequest(repo, GitRequestTypeFetch) + return func() { + metricsServer.ObserveGitRequestDuration(repo, GitRequestTypeFetch, time.Since(startTime)) + } + }, + OnLsRemote: func(repo string) func() { + startTime := time.Now() + metricsServer.IncGitRequest(repo, GitRequestTypeLsRemote) + return func() { + metricsServer.ObserveGitRequestDuration(repo, GitRequestTypeLsRemote, time.Since(startTime)) + } + }, + OnPush: func(repo string) func() { + startTime := time.Now() + metricsServer.IncGitRequest(repo, GitRequestTypePush) + return func() { + metricsServer.ObserveGitRequestDuration(repo, GitRequestTypePush, time.Since(startTime)) + } + }, + } +} diff --git a/commitserver/metrics/metrics.go b/commitserver/metrics/metrics.go new file mode 100644 index 0000000000000..5505add8783b5 --- /dev/null +++ b/commitserver/metrics/metrics.go @@ -0,0 +1,157 @@ +package metrics + +import ( + "net/http" + "time" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/collectors" + "github.com/prometheus/client_golang/prometheus/promhttp" +) + +// Server is a prometheus server which collects application metrics. +type Server struct { + handler http.Handler + commitPendingRequestsGauge *prometheus.GaugeVec + gitRequestCounter *prometheus.CounterVec + gitRequestHistogram *prometheus.HistogramVec + commitRequestHistogram *prometheus.HistogramVec + userInfoRequestHistogram *prometheus.HistogramVec + commitRequestCounter *prometheus.CounterVec +} + +// GitRequestType is the type of git request +type GitRequestType string + +const ( + // GitRequestTypeLsRemote is a request to list remote refs + GitRequestTypeLsRemote = "ls-remote" + // GitRequestTypeFetch is a request to fetch from remote + GitRequestTypeFetch = "fetch" + // GitRequestTypePush is a request to push to remote + GitRequestTypePush = "push" +) + +// CommitResponseType is the type of response for a commit request +type CommitResponseType string + +const ( + // CommitResponseTypeSuccess is a successful commit request + CommitResponseTypeSuccess CommitResponseType = "success" + // CommitResponseTypeFailure is a failed commit request + CommitResponseTypeFailure CommitResponseType = "failure" +) + +// NewMetricsServer returns a new prometheus server which collects application metrics. +func NewMetricsServer() *Server { + registry := prometheus.NewRegistry() + registry.MustRegister(collectors.NewProcessCollector(collectors.ProcessCollectorOpts{})) + registry.MustRegister(collectors.NewGoCollector()) + + commitPendingRequestsGauge := prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "argocd_commitserver_commit_pending_request_total", + Help: "Number of pending commit requests", + }, + []string{"repo"}, + ) + registry.MustRegister(commitPendingRequestsGauge) + + gitRequestCounter := prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "argocd_commitserver_git_request_total", + Help: "Number of git requests performed by repo server", + }, + []string{"repo", "request_type"}, + ) + registry.MustRegister(gitRequestCounter) + + gitRequestHistogram := prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "argocd_commitserver_git_request_duration_seconds", + Help: "Git requests duration seconds.", + Buckets: []float64{0.1, 0.25, .5, 1, 2, 4, 10, 20}, + }, + []string{"repo", "request_type"}, + ) + registry.MustRegister(gitRequestHistogram) + + commitRequestHistogram := prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "argocd_commitserver_commit_request_duration_seconds", + Help: "Commit request duration seconds.", + Buckets: []float64{0.1, 0.25, .5, 1, 2, 4, 10, 20}, + }, + []string{"repo", "response_type"}, + ) + registry.MustRegister(commitRequestHistogram) + + userInfoRequestHistogram := prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "argocd_commitserver_userinfo_request_duration_seconds", + Help: "Userinfo request duration seconds.", + Buckets: []float64{0.1, 0.25, .5, 1, 2, 4, 10, 20}, + }, + []string{"repo", "credential_type"}, + ) + registry.MustRegister(userInfoRequestHistogram) + + commitRequestCounter := prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "argocd_commitserver_commit_request_total", + Help: "Number of commit requests performed handled", + }, + []string{"repo", "response_type"}, + ) + registry.MustRegister(commitRequestCounter) + + return &Server{ + handler: promhttp.HandlerFor(registry, promhttp.HandlerOpts{}), + commitPendingRequestsGauge: commitPendingRequestsGauge, + gitRequestCounter: gitRequestCounter, + gitRequestHistogram: gitRequestHistogram, + commitRequestHistogram: commitRequestHistogram, + userInfoRequestHistogram: userInfoRequestHistogram, + commitRequestCounter: commitRequestCounter, + } +} + +// GetHandler returns the http.Handler for the prometheus server +func (m *Server) GetHandler() http.Handler { + return m.handler +} + +// IncPendingCommitRequest increments the pending commit requests gauge +func (m *Server) IncPendingCommitRequest(repo string) { + m.commitPendingRequestsGauge.WithLabelValues(repo).Inc() +} + +// DecPendingCommitRequest decrements the pending commit requests gauge +func (m *Server) DecPendingCommitRequest(repo string) { + m.commitPendingRequestsGauge.WithLabelValues(repo).Dec() +} + +// IncGitRequest increments the git requests counter +func (m *Server) IncGitRequest(repo string, requestType GitRequestType) { + m.gitRequestCounter.WithLabelValues(repo, string(requestType)).Inc() +} + +// ObserveGitRequestDuration observes the duration of a git request +func (m *Server) ObserveGitRequestDuration(repo string, requestType GitRequestType, duration time.Duration) { + m.gitRequestHistogram.WithLabelValues(repo, string(requestType)).Observe(duration.Seconds()) +} + +// ObserveCommitRequestDuration observes the duration of a commit request +func (m *Server) ObserveCommitRequestDuration(repo string, rt CommitResponseType, duration time.Duration) { + m.commitRequestHistogram.WithLabelValues(repo, string(rt)).Observe(duration.Seconds()) +} + +// ObserveUserInfoRequestDuration observes the duration of a userinfo request +func (m *Server) ObserveUserInfoRequestDuration(repo string, credentialType string, duration time.Duration) { + m.userInfoRequestHistogram.WithLabelValues(repo, credentialType).Observe(duration.Seconds()) +} + +// IncCommitRequest increments the commit request counter +func (m *Server) IncCommitRequest(repo string, rt CommitResponseType) { + m.commitRequestCounter.WithLabelValues(repo, string(rt)).Inc() +} diff --git a/commitserver/server.go b/commitserver/server.go new file mode 100644 index 0000000000000..5e5b63324ca17 --- /dev/null +++ b/commitserver/server.go @@ -0,0 +1,38 @@ +package commitserver + +import ( + "google.golang.org/grpc" + "google.golang.org/grpc/health" + "google.golang.org/grpc/health/grpc_health_v1" + + "github.com/argoproj/argo-cd/v2/commitserver/apiclient" + "github.com/argoproj/argo-cd/v2/commitserver/commit" + "github.com/argoproj/argo-cd/v2/commitserver/metrics" + versionpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/version" + "github.com/argoproj/argo-cd/v2/server/version" + "github.com/argoproj/argo-cd/v2/util/git" +) + +// ArgoCDCommitServer is the server that handles commit requests. +type ArgoCDCommitServer struct { + commitService *commit.Service +} + +// NewServer returns a new instance of the commit server. +func NewServer(gitCredsStore git.CredsStore, metricsServer *metrics.Server) *ArgoCDCommitServer { + return &ArgoCDCommitServer{commitService: commit.NewService(gitCredsStore, metricsServer)} +} + +// CreateGRPC creates a new gRPC server. +func (a *ArgoCDCommitServer) CreateGRPC() *grpc.Server { + server := grpc.NewServer() + versionpkg.RegisterVersionServiceServer(server, version.NewServer(nil, func() (bool, error) { + return true, nil + })) + apiclient.RegisterCommitServiceServer(server, a.commitService) + + healthService := health.NewServer() + grpc_health_v1.RegisterHealthServer(server, healthService) + + return server +} diff --git a/common/common.go b/common/common.go index d2e47aa5b1607..386a2ab91c8a8 100644 --- a/common/common.go +++ b/common/common.go @@ -2,13 +2,13 @@ package common import ( "context" + "errors" "fmt" "os" "path/filepath" "strconv" "time" - "github.com/pkg/errors" "github.com/redis/go-redis/v9" "github.com/sirupsen/logrus" "google.golang.org/grpc/codes" @@ -26,6 +26,8 @@ const ( const ( // DefaultRepoServerAddr is the gRPC address of the Argo CD repo server DefaultRepoServerAddr = "argocd-repo-server:8081" + // DefaultCommitServerAddr is the gRPC address of the Argo CD commit server + DefaultCommitServerAddr = "argocd-commit-server:8086" // DefaultDexServerAddr is the HTTP address of the Dex OIDC server, which we run a reverse proxy against DefaultDexServerAddr = "argocd-dex-server:5556" // DefaultRedisAddr is the default redis address @@ -62,15 +64,19 @@ const ( DefaultPortArgoCDMetrics = 8082 DefaultPortArgoCDAPIServerMetrics = 8083 DefaultPortRepoServerMetrics = 8084 + DefaultPortCommitServer = 8086 + DefaultPortCommitServerMetrics = 8087 ) // DefaultAddressAPIServer for ArgoCD components const ( - DefaultAddressAdminDashboard = "localhost" - DefaultAddressAPIServer = "0.0.0.0" - DefaultAddressAPIServerMetrics = "0.0.0.0" - DefaultAddressRepoServer = "0.0.0.0" - DefaultAddressRepoServerMetrics = "0.0.0.0" + DefaultAddressAdminDashboard = "localhost" + DefaultAddressAPIServer = "0.0.0.0" + DefaultAddressAPIServerMetrics = "0.0.0.0" + DefaultAddressRepoServer = "0.0.0.0" + DefaultAddressRepoServerMetrics = "0.0.0.0" + DefaultAddressCommitServer = "0.0.0.0" + DefaultAddressCommitServerMetrics = "0.0.0.0" ) // Default paths on the pod's file system @@ -175,6 +181,8 @@ const ( LabelValueSecretTypeRepository = "repository" // LabelValueSecretTypeRepoCreds indicates a secret type of repository credentials LabelValueSecretTypeRepoCreds = "repo-creds" + // LabelValueSecretTypeRepositoryWrite indicates a secret type of repository credentials for writing + LabelValueSecretTypeRepositoryWrite = "repository-write" // LabelValueSecretTypeSCMCreds indicates a secret type of SCM credentials LabelValueSecretTypeSCMCreds = "scm-creds" @@ -185,6 +193,10 @@ const ( // AnnotationCompareOptions is a comma-separated list of options for comparison AnnotationCompareOptions = "argocd.argoproj.io/compare-options" + // AnnotationIgnoreHealthCheck when set on an Application's immediate child indicates that its health check + // can be disregarded. + AnnotationIgnoreHealthCheck = "argocd.argoproj.io/ignore-healthcheck" + // AnnotationKeyManagedBy is annotation name which indicates that k8s resource is managed by an application. AnnotationKeyManagedBy = "managed-by" // AnnotationValueManagedByArgoCD is a 'managed-by' annotation value for resources managed by Argo CD diff --git a/common/common_test.go b/common/common_test.go index 88df43cd1b3e9..7ceb42f5e8605 100644 --- a/common/common_test.go +++ b/common/common_test.go @@ -72,7 +72,7 @@ func TestSetOptionalRedisPasswordFromKubeConfig(t *testing.T) { name: "Secret does not exist", namespace: "default", expectedPassword: "", - expectedErr: fmt.Sprintf("failed to get secret default/%s", RedisInitialCredentials), + expectedErr: "failed to get secret default/" + RedisInitialCredentials, secret: nil, }, { @@ -92,7 +92,7 @@ func TestSetOptionalRedisPasswordFromKubeConfig(t *testing.T) { t.Parallel() var ( ctx = context.TODO() - kubeClient = kubefake.NewSimpleClientset() + kubeClient = kubefake.NewClientset() redisOptions = &redis.Options{} ) if tc.secret != nil { diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 5a48f1d41cb09..a9c44facb6586 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -42,8 +42,10 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/client-go/util/workqueue" + commitclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient" "github.com/argoproj/argo-cd/v2/common" statecache "github.com/argoproj/argo-cd/v2/controller/cache" + "github.com/argoproj/argo-cd/v2/controller/hydrator" "github.com/argoproj/argo-cd/v2/controller/metrics" "github.com/argoproj/argo-cd/v2/controller/sharding" "github.com/argoproj/argo-cd/v2/pkg/apis/application" @@ -121,6 +123,8 @@ type ApplicationController struct { appComparisonTypeRefreshQueue workqueue.TypedRateLimitingInterface[string] appOperationQueue workqueue.TypedRateLimitingInterface[string] projectRefreshQueue workqueue.TypedRateLimitingInterface[string] + appHydrateQueue workqueue.TypedRateLimitingInterface[string] + hydrationQueue workqueue.TypedRateLimitingInterface[hydrator.HydrationQueueKey] appInformer cache.SharedIndexInformer appLister applisters.ApplicationLister projInformer cache.SharedIndexInformer @@ -131,6 +135,7 @@ type ApplicationController struct { statusRefreshJitter time.Duration selfHealTimeout time.Duration selfHealBackOff *wait.Backoff + syncTimeout time.Duration db db.ArgoDB settingsMgr *settings_util.SettingsManager refreshRequestedApps map[string]CompareWith @@ -145,6 +150,8 @@ type ApplicationController struct { // dynamicClusterDistributionEnabled if disabled deploymentInformer is never initialized dynamicClusterDistributionEnabled bool deploymentInformer informerv1.DeploymentInformer + + hydrator *hydrator.Hydrator } // NewApplicationController creates new instance of ApplicationController. @@ -154,6 +161,7 @@ func NewApplicationController( kubeClientset kubernetes.Interface, applicationClientset appclientset.Interface, repoClientset apiclient.Clientset, + commitClientset commitclient.Clientset, argoCache *appstatecache.Cache, kubectl kube.Kubectl, appResyncPeriod time.Duration, @@ -161,6 +169,7 @@ func NewApplicationController( appResyncJitter time.Duration, selfHealTimeout time.Duration, selfHealBackoff *wait.Backoff, + syncTimeout time.Duration, repoErrorGracePeriod time.Duration, metricsPort int, metricsCacheExpiration time.Duration, @@ -175,6 +184,7 @@ func NewApplicationController( dynamicClusterDistributionEnabled bool, ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts, enableK8sEvent []string, + hydratorEnabled bool, ) (*ApplicationController, error) { log.Infof("appResyncPeriod=%v, appHardResyncPeriod=%v, appResyncJitter=%v", appResyncPeriod, appHardResyncPeriod, appResyncJitter) db := db.NewDB(namespace, settingsMgr, kubeClientset) @@ -188,10 +198,12 @@ func NewApplicationController( kubeClientset: kubeClientset, kubectl: kubectl, applicationClientset: applicationClientset, - appRefreshQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "app_reconciliation_queue"}), - appOperationQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "app_operation_processing_queue"}), - projectRefreshQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "project_reconciliation_queue"}), - appComparisonTypeRefreshQueue: workqueue.NewTypedRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter(rateLimiterConfig)), + appRefreshQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[string](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "app_reconciliation_queue"}), + appOperationQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[string](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "app_operation_processing_queue"}), + projectRefreshQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[string](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "project_reconciliation_queue"}), + appComparisonTypeRefreshQueue: workqueue.NewTypedRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter[string](rateLimiterConfig)), + appHydrateQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[string](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "app_hydration_queue"}), + hydrationQueue: workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[hydrator.HydrationQueueKey](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[hydrator.HydrationQueueKey]{Name: "manifest_hydration_queue"}), db: db, statusRefreshTimeout: appResyncPeriod, statusHardRefreshTimeout: appHardResyncPeriod, @@ -202,12 +214,16 @@ func NewApplicationController( settingsMgr: settingsMgr, selfHealTimeout: selfHealTimeout, selfHealBackOff: selfHealBackoff, + syncTimeout: syncTimeout, clusterSharding: clusterSharding, projByNameCache: sync.Map{}, applicationNamespaces: applicationNamespaces, dynamicClusterDistributionEnabled: dynamicClusterDistributionEnabled, ignoreNormalizerOpts: ignoreNormalizerOpts, } + if hydratorEnabled { + ctrl.hydrator = hydrator.NewHydrator(&ctrl, appResyncPeriod, commitClientset) + } if kubectlParallelismLimit > 0 { ctrl.kubectlSemaphore = semaphore.NewWeighted(kubectlParallelismLimit) } @@ -377,7 +393,11 @@ func (projCache *appProjCache) GetAppProject(ctx context.Context) (*appv1.AppPro // getAppProj gets the AppProject for the given Application app. func (ctrl *ApplicationController) getAppProj(app *appv1.Application) (*appv1.AppProject, error) { - projCache, _ := ctrl.projByNameCache.LoadOrStore(app.Spec.GetProject(), ctrl.newAppProjCache(app.Spec.GetProject())) + projCache, _ := ctrl.projByNameCache.Load(app.Spec.GetProject()) + if projCache == nil { + projCache = ctrl.newAppProjCache(app.Spec.GetProject()) + ctrl.projByNameCache.Store(app.Spec.GetProject(), projCache) + } proj, err := projCache.(*appProjCache).GetAppProject(context.TODO()) if err != nil { if apierr.IsNotFound(err) { @@ -838,6 +858,8 @@ func (ctrl *ApplicationController) Run(ctx context.Context, statusProcessors int defer ctrl.appComparisonTypeRefreshQueue.ShutDown() defer ctrl.appOperationQueue.ShutDown() defer ctrl.projectRefreshQueue.ShutDown() + defer ctrl.appHydrateQueue.ShutDown() + defer ctrl.hydrationQueue.ShutDown() ctrl.metricsServer.RegisterClustersInfoSource(ctx, ctrl.stateCache) ctrl.RegisterClusterSecretUpdater(ctx) @@ -896,6 +918,19 @@ func (ctrl *ApplicationController) Run(ctx context.Context, statusProcessors int for ctrl.processProjectQueueItem() { } }, time.Second, ctx.Done()) + + if ctrl.hydrator != nil { + go wait.Until(func() { + for ctrl.processAppHydrateQueueItem() { + } + }, time.Second, ctx.Done()) + + go wait.Until(func() { + for ctrl.processHydrationQueueItem() { + } + }, time.Second, ctx.Done()) + } + <-ctx.Done() } @@ -1373,12 +1408,21 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli // Get rid of sync results and null out previous operation completion time state.SyncResult = nil } + } else if ctrl.syncTimeout != time.Duration(0) && time.Now().After(state.StartedAt.Add(ctrl.syncTimeout)) && !terminating { + state.Phase = synccommon.OperationTerminating + state.Message = "operation is terminating due to timeout" + ctrl.setOperationState(app, state) + logCtx.Infof("Terminating in-progress operation due to timeout. Started at: %v, timeout: %v", state.StartedAt, ctrl.syncTimeout) } else { logCtx.Infof("Resuming in-progress operation. phase: %s, message: %s", state.Phase, state.Message) } } else { state = &appv1.OperationState{Phase: synccommon.OperationRunning, Operation: *app.Operation, StartedAt: metav1.Now()} ctrl.setOperationState(app, state) + if ctrl.syncTimeout != time.Duration(0) { + // Schedule a check during which the timeout would be checked. + ctrl.appOperationQueue.AddAfter(ctrl.toAppKey(app.QualifiedName()), ctrl.syncTimeout) + } logCtx.Infof("Initialized new operation: %v", *app.Operation) } ts.AddCheckpoint("initial_operation_stage_ms") @@ -1630,9 +1674,11 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo project, hasErrors := ctrl.refreshAppConditions(app) ts.AddCheckpoint("refresh_app_conditions_ms") + now := metav1.Now() if hasErrors { app.Status.Sync.Status = appv1.SyncStatusCodeUnknown app.Status.Health.Status = health.HealthStatusUnknown + app.Status.Health.LastTransitionTime = &now patchMs = ctrl.persistAppStatus(origApp, &app.Status) if err := ctrl.cache.SetAppResourcesTree(app.InstanceName(ctrl.namespace), &appv1.ApplicationTree{}); err != nil { @@ -1676,7 +1722,6 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo revisions = append(revisions, revision) sources = append(sources, app.Spec.GetSource()) } - now := metav1.Now() compareResult, err := ctrl.appStateManager.CompareAppState(app, project, revisions, sources, refreshType == appv1.RefreshTypeHard, @@ -1757,6 +1802,68 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo return } +func (ctrl *ApplicationController) processAppHydrateQueueItem() (processNext bool) { + appKey, shutdown := ctrl.appHydrateQueue.Get() + if shutdown { + processNext = false + return + } + processNext = true + defer func() { + if r := recover(); r != nil { + log.Errorf("Recovered from panic: %+v\n%s", r, debug.Stack()) + } + ctrl.appHydrateQueue.Done(appKey) + }() + obj, exists, err := ctrl.appInformer.GetIndexer().GetByKey(appKey) + if err != nil { + log.Errorf("Failed to get application '%s' from informer index: %+v", appKey, err) + return + } + if !exists { + // This happens after app was deleted, but the work queue still had an entry for it. + return + } + origApp, ok := obj.(*appv1.Application) + if !ok { + log.Warnf("Key '%s' in index is not an application", appKey) + return + } + + ctrl.hydrator.ProcessAppHydrateQueueItem(origApp) + + getAppLog(origApp).Debug("Successfully processed app hydrate queue item") + return +} + +func (ctrl *ApplicationController) processHydrationQueueItem() (processNext bool) { + hydrationKey, shutdown := ctrl.hydrationQueue.Get() + if shutdown { + processNext = false + return + } + processNext = true + defer func() { + if r := recover(); r != nil { + log.Errorf("Recovered from panic: %+v\n%s", r, debug.Stack()) + } + ctrl.hydrationQueue.Done(hydrationKey) + }() + + logCtx := log.WithFields(log.Fields{ + "sourceRepoURL": hydrationKey.SourceRepoURL, + "sourceTargetRevision": hydrationKey.SourceTargetRevision, + "destinationBranch": hydrationKey.DestinationBranch, + }) + + logCtx.Debug("Processing hydration queue item") + + ctrl.hydrator.ProcessHydrationQueueItem(hydrationKey) + + logCtx.Debug("Successfully processed hydration queue item") + return +} + func resourceStatusKey(res appv1.ResourceStatus) string { return strings.Join([]string{res.Group, res.Kind, res.Namespace, res.Name}, "/") } @@ -1765,7 +1872,8 @@ func currentSourceEqualsSyncedSource(app *appv1.Application) bool { if app.Spec.HasMultipleSources() { return app.Spec.Sources.Equals(app.Status.Sync.ComparedTo.Sources) } - return app.Spec.Source.Equals(&app.Status.Sync.ComparedTo.Source) + source := app.Spec.GetSource() + return source.Equals(&app.Status.Sync.ComparedTo.Source) } // needRefreshAppStatus answers if application status needs to be refreshed. @@ -1901,6 +2009,7 @@ func (ctrl *ApplicationController) persistAppStatus(orig *appv1.Application, new newAnnotations[k] = v } delete(newAnnotations, appv1.AnnotationKeyRefresh) + delete(newAnnotations, appv1.AnnotationKeyHydrate) } patch, modified, err := createMergePatch( &appv1.Application{ObjectMeta: metav1.ObjectMeta{Annotations: orig.GetAnnotations()}, Status: orig.Status}, @@ -2080,7 +2189,7 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } // alreadyAttemptedSync returns whether the most recent sync was performed against the -// commitSHA and with the same app source config which are currently set in the app +// commitSHA and with the same app source config which are currently set in the app. func alreadyAttemptedSync(app *appv1.Application, commitSHA string, commitSHAsMS []string, hasMultipleSources bool, revisionUpdated bool) (bool, synccommon.OperationPhase) { if app.Status.OperationState == nil || app.Status.OperationState.Operation.Sync == nil || app.Status.OperationState.SyncResult == nil { return false, "" @@ -2105,24 +2214,8 @@ func alreadyAttemptedSync(app *appv1.Application, commitSHA string, commitSHAsMS } if hasMultipleSources { - // Ignore differences in target revision, since we already just verified commitSHAs are equal, - // and we do not want to trigger auto-sync due to things like HEAD != master - specSources := app.Spec.Sources.DeepCopy() - syncSources := app.Status.OperationState.SyncResult.Sources.DeepCopy() - for _, source := range specSources { - source.TargetRevision = "" - } - for _, source := range syncSources { - source.TargetRevision = "" - } return reflect.DeepEqual(app.Spec.Sources, app.Status.OperationState.SyncResult.Sources), app.Status.OperationState.Phase } else { - // Ignore differences in target revision, since we already just verified commitSHAs are equal, - // and we do not want to trigger auto-sync due to things like HEAD != master - specSource := app.Spec.Source.DeepCopy() - specSource.TargetRevision = "" - syncResSource := app.Status.OperationState.SyncResult.Source.DeepCopy() - syncResSource.TargetRevision = "" return reflect.DeepEqual(app.Spec.GetSource(), app.Status.OperationState.SyncResult.Source), app.Status.OperationState.Phase } } @@ -2143,7 +2236,8 @@ func (ctrl *ApplicationController) shouldSelfHeal(app *appv1.Application) (bool, backOff := *ctrl.selfHealBackOff backOff.Steps = int(app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount) var delay time.Duration - for backOff.Steps > 0 { + steps := backOff.Steps + for i := 0; i < steps; i++ { delay = backOff.Step() } if app.Status.OperationState.FinishedAt == nil { @@ -2324,6 +2418,9 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar if !newOK || (delay != nil && *delay != time.Duration(0)) { ctrl.appOperationQueue.AddRateLimited(key) } + if ctrl.hydrator != nil { + ctrl.appHydrateQueue.AddRateLimited(newApp.QualifiedName()) + } ctrl.clusterSharding.UpdateApp(newApp) }, DeleteFunc: func(obj interface{}) { diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index cf2c14c7e0447..8c4c3b4d88341 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -9,10 +9,12 @@ import ( "time" clustercache "github.com/argoproj/gitops-engine/pkg/cache" + "github.com/argoproj/gitops-engine/pkg/health" "github.com/argoproj/gitops-engine/pkg/utils/kube/kubetest" "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/rest" "k8s.io/utils/ptr" @@ -26,6 +28,7 @@ import ( "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" + v1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" apierr "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -39,6 +42,7 @@ import ( dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" + mockcommitclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient/mocks" mockstatecache "github.com/argoproj/argo-cd/v2/controller/cache/mocks" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" @@ -90,6 +94,10 @@ func (m *MockKubectl) DeleteResource(ctx context.Context, config *rest.Config, g } func newFakeController(data *fakeData, repoErr error) *ApplicationController { + return newFakeControllerWithResync(data, time.Minute, repoErr) +} + +func newFakeControllerWithResync(data *fakeData, appResyncPeriod time.Duration, repoErr error) *ApplicationController { var clust corev1.Secret err := yaml.Unmarshal([]byte(fakeCluster), &clust) if err != nil { @@ -119,6 +127,8 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { mockRepoClientset := mockrepoclient.Clientset{RepoServerServiceClient: &mockRepoClient} + mockCommitClientset := mockcommitclient.Clientset{} + secret := corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "argocd-secret", @@ -141,7 +151,7 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { } runtimeObjs := []runtime.Object{&clust, &secret, &cm} runtimeObjs = append(runtimeObjs, data.additionalObjs...) - kubeClient := fake.NewSimpleClientset(runtimeObjs...) + kubeClient := fake.NewClientset(runtimeObjs...) settingsMgr := settings.NewSettingsManager(context.Background(), kubeClient, test.FakeArgoCDNamespace) kubectl := &MockKubectl{Kubectl: &kubetest.MockKubectlCmd{}} ctrl, err := NewApplicationController( @@ -150,16 +160,18 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { kubeClient, appclientset.NewSimpleClientset(data.apps...), &mockRepoClientset, + &mockCommitClientset, appstatecache.NewCache( cacheutil.NewCache(cacheutil.NewInMemoryCache(1*time.Minute)), 1*time.Minute, ), kubectl, - time.Minute, + appResyncPeriod, time.Hour, time.Second, time.Minute, nil, + 0, time.Second*10, common.DefaultPortArgoCDMetrics, data.metricsCacheExpiration, @@ -174,6 +186,7 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { false, normalizers.IgnoreNormalizerOpts{}, testEnableEventList, + false, ) db := &dbmocks.ArgoDB{} db.On("GetApplicationControllerReplicas").Return(1) @@ -492,10 +505,23 @@ func newFakeApp() *v1alpha1.Application { return createFakeApp(fakeApp) } +func newFakeAppWithHealthAndTime(status health.HealthStatusCode, timestamp metav1.Time) *v1alpha1.Application { + return createFakeAppWithHealthAndTime(fakeApp, status, timestamp) +} + func newFakeMultiSourceApp() *v1alpha1.Application { return createFakeApp(fakeMultiSourceApp) } +func createFakeAppWithHealthAndTime(testApp string, status health.HealthStatusCode, timestamp metav1.Time) *v1alpha1.Application { + app := createFakeApp(testApp) + app.Status.Health = v1alpha1.HealthStatus{ + Status: status, + LastTransitionTime: ×tamp, + } + return app +} + func newFakeAppWithDestMismatch() *v1alpha1.Application { return createFakeApp(fakeAppWithDestMismatch) } @@ -1669,6 +1695,211 @@ func TestUpdateReconciledAt(t *testing.T) { }) } +func TestUpdateHealthStatusTransitionTime(t *testing.T) { + deployment := kube.MustToUnstructured(&v1.Deployment{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apps/v1", + Kind: "Deployment", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + Namespace: "default", + }, + }) + testCases := []struct { + name string + app *v1alpha1.Application + configMapData map[string]string + expectedStatus health.HealthStatusCode + }{ + { + name: "Degraded to Missing", + app: newFakeAppWithHealthAndTime(health.HealthStatusDegraded, testTimestamp), + configMapData: map[string]string{ + "resource.customizations": ` +apps/Deployment: + health.lua: | + hs = {} + hs.status = "Missing" + hs.message = "" + return hs`, + }, + expectedStatus: health.HealthStatusMissing, + }, + { + name: "Missing to Progressing", + app: newFakeAppWithHealthAndTime(health.HealthStatusMissing, testTimestamp), + configMapData: map[string]string{ + "resource.customizations": ` +apps/Deployment: + health.lua: | + hs = {} + hs.status = "Progressing" + hs.message = "" + return hs`, + }, + expectedStatus: health.HealthStatusProgressing, + }, + { + name: "Progressing to Healthy", + app: newFakeAppWithHealthAndTime(health.HealthStatusProgressing, testTimestamp), + configMapData: map[string]string{ + "resource.customizations": ` +apps/Deployment: + health.lua: | + hs = {} + hs.status = "Healthy" + hs.message = "" + return hs`, + }, + expectedStatus: health.HealthStatusHealthy, + }, + { + name: "Healthy to Degraded", + app: newFakeAppWithHealthAndTime(health.HealthStatusHealthy, testTimestamp), + configMapData: map[string]string{ + "resource.customizations": ` +apps/Deployment: + health.lua: | + hs = {} + hs.status = "Degraded" + hs.message = "" + return hs`, + }, + expectedStatus: health.HealthStatusDegraded, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + ctrl := newFakeController(&fakeData{ + apps: []runtime.Object{tc.app, &defaultProj}, + manifestResponse: &apiclient.ManifestResponse{ + Manifests: []string{}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "abc123", + }, + managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{ + kube.GetResourceKey(deployment): deployment, + }, + configMapData: tc.configMapData, + }, nil) + + ctrl.processAppRefreshQueueItem() + apps, err := ctrl.appLister.List(labels.Everything()) + require.NoError(t, err) + assert.NotEmpty(t, apps) + assert.Equal(t, tc.expectedStatus, apps[0].Status.Health.Status) + assert.NotEqual(t, testTimestamp, *apps[0].Status.Health.LastTransitionTime) + }) + } +} + +func TestUpdateHealthStatusProgression(t *testing.T) { + app := newFakeAppWithHealthAndTime(health.HealthStatusDegraded, testTimestamp) + deployment := kube.MustToUnstructured(&v1.Deployment{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apps/v1", + Kind: "Deployment", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + Namespace: "default", + }, + Status: v1.DeploymentStatus{ + ObservedGeneration: 0, + }, + }) + configMapData := map[string]string{ + "resource.customizations": ` +apps/Deployment: + health.lua: | + hs = {} + hs.status = "" + hs.message = "" + + if obj.metadata ~= nil then + if obj.metadata.labels ~= nil then + current_status = obj.metadata.labels["status"] + if current_status == "Degraded" then + hs.status = "Missing" + elseif current_status == "Missing" then + hs.status = "Progressing" + elseif current_status == "Progressing" then + hs.status = "Healthy" + elseif current_status == "Healthy" then + hs.status = "Degraded" + end + end + end + + return hs`, + } + ctrl := newFakeControllerWithResync(&fakeData{ + apps: []runtime.Object{app, &defaultProj}, + manifestResponse: &apiclient.ManifestResponse{ + Manifests: []string{}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "abc123", + }, + managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{ + kube.GetResourceKey(deployment): deployment, + }, + configMapData: configMapData, + manifestResponses: []*apiclient.ManifestResponse{ + {}, + {}, + {}, + {}, + }, + }, time.Millisecond*10, nil) + + testCases := []struct { + name string + initialStatus string + expectedStatus health.HealthStatusCode + }{ + { + name: "Degraded to Missing", + initialStatus: "Degraded", + expectedStatus: health.HealthStatusMissing, + }, + { + name: "Missing to Progressing", + initialStatus: "Missing", + expectedStatus: health.HealthStatusProgressing, + }, + { + name: "Progressing to Healthy", + initialStatus: "Progressing", + expectedStatus: health.HealthStatusHealthy, + }, + { + name: "Healthy to Degraded", + initialStatus: "Healthy", + expectedStatus: health.HealthStatusDegraded, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + deployment.SetLabels(map[string]string{"status": tc.initialStatus}) + ctrl.processAppRefreshQueueItem() + apps, err := ctrl.appLister.List(labels.Everything()) + require.NoError(t, err) + if assert.NotEmpty(t, apps) { + assert.Equal(t, tc.expectedStatus, apps[0].Status.Health.Status) + assert.NotEqual(t, testTimestamp, *apps[0].Status.Health.LastTransitionTime) + } + + ctrl.requestAppRefresh(app.Name, nil, nil) + time.Sleep(time.Millisecond * 15) + }) + } +} + func TestProjectErrorToCondition(t *testing.T) { app := newFakeApp() app.Spec.Project = "wrong project" @@ -2182,15 +2413,93 @@ func TestAppStatusIsReplaced(t *testing.T) { func TestAlreadyAttemptSync(t *testing.T) { app := newFakeApp() - t.Run("same manifest with sync result", func(t *testing.T) { - attempted, _ := alreadyAttemptedSync(app, "sha", []string{}, false, false) - assert.True(t, attempted) + + t.Run("no operation state", func(t *testing.T) { + app := app.DeepCopy() + app.Status.OperationState = nil + attempted, _ := alreadyAttemptedSync(app, "", []string{}, false, false) + assert.False(t, attempted) + }) + + t.Run("no sync operation", func(t *testing.T) { + app := app.DeepCopy() + app.Status.OperationState.Operation.Sync = nil + attempted, _ := alreadyAttemptedSync(app, "", []string{}, false, false) + assert.False(t, attempted) }) - t.Run("different manifest with sync result", func(t *testing.T) { - attempted, _ := alreadyAttemptedSync(app, "sha", []string{}, false, true) + t.Run("no sync result", func(t *testing.T) { + app := app.DeepCopy() + app.Status.OperationState.SyncResult = nil + attempted, _ := alreadyAttemptedSync(app, "", []string{}, false, false) assert.False(t, attempted) }) + + t.Run("single source", func(t *testing.T) { + t.Run("same manifest with sync result", func(t *testing.T) { + attempted, _ := alreadyAttemptedSync(app, "sha", []string{}, false, false) + assert.True(t, attempted) + }) + + t.Run("same manifest with sync result different targetRevision, same SHA", func(t *testing.T) { + // This test represents the case where the user changed a source's target revision to a new branch, but it + // points to the same revision as the old branch. We currently do not consider this as having been "already + // attempted." In the future we may want to short-circuit the auto-sync in these cases. + app := app.DeepCopy() + app.Status.OperationState.SyncResult.Source = v1alpha1.ApplicationSource{TargetRevision: "branch1"} + app.Spec.Source = &v1alpha1.ApplicationSource{TargetRevision: "branch2"} + app.Status.OperationState.SyncResult.Revision = "sha" + attempted, _ := alreadyAttemptedSync(app, "sha", []string{}, false, false) + assert.False(t, attempted) + }) + + t.Run("different manifest with sync result, different SHA", func(t *testing.T) { + app := app.DeepCopy() + app.Status.OperationState.SyncResult.Revision = "sha1" + attempted, _ := alreadyAttemptedSync(app, "sha2", []string{}, false, true) + assert.False(t, attempted) + }) + + t.Run("different manifest with sync result, same SHA", func(t *testing.T) { + app := app.DeepCopy() + app.Status.OperationState.SyncResult.Revision = "sha" + attempted, _ := alreadyAttemptedSync(app, "sha", []string{}, false, true) + assert.True(t, attempted) + }) + }) + + t.Run("multi-source", func(t *testing.T) { + t.Run("same manifest with sync result", func(t *testing.T) { + attempted, _ := alreadyAttemptedSync(app, "", []string{"sha"}, true, false) + assert.True(t, attempted) + }) + + t.Run("same manifest with sync result, different targetRevision, same SHA", func(t *testing.T) { + // This test represents the case where the user changed a source's target revision to a new branch, but it + // points to the same revision as the old branch. We currently do not consider this as having been "already + // attempted." In the future we may want to short-circuit the auto-sync in these cases. + app := app.DeepCopy() + app.Status.OperationState.SyncResult.Sources = []v1alpha1.ApplicationSource{{TargetRevision: "branch1"}} + app.Spec.Sources = []v1alpha1.ApplicationSource{{TargetRevision: "branch2"}} + app.Status.OperationState.SyncResult.Revisions = []string{"sha"} + attempted, _ := alreadyAttemptedSync(app, "", []string{"sha"}, true, false) + assert.False(t, attempted) + }) + + t.Run("different manifest with sync result, different SHAs", func(t *testing.T) { + app := app.DeepCopy() + app.Status.OperationState.SyncResult.Revisions = []string{"sha_a_=", "sha_b_1"} + attempted, _ := alreadyAttemptedSync(app, "", []string{"sha_a_2", "sha_b_2"}, true, true) + assert.False(t, attempted) + }) + + t.Run("different manifest with sync result, same SHAs", func(t *testing.T) { + app := app.DeepCopy() + app.Status.OperationState.SyncResult.Revisions = []string{"sha_a", "sha_b"} + attempted, _ := alreadyAttemptedSync(app, "", []string{"sha_a", "sha_b"}, true, true) + assert.True(t, attempted) + }) + }) } func assertDurationAround(t *testing.T, expected time.Duration, actual time.Duration) { @@ -2205,7 +2514,7 @@ func TestSelfHealExponentialBackoff(t *testing.T) { ctrl.selfHealBackOff = &wait.Backoff{ Factor: 3, Duration: 2 * time.Second, - Cap: 5 * time.Minute, + Cap: 2 * time.Minute, } app := &v1alpha1.Application{ @@ -2243,6 +2552,21 @@ func TestSelfHealExponentialBackoff(t *testing.T) { finishedAt: nil, expectedDuration: 18 * time.Second, shouldSelfHeal: false, + }, { + attempts: 4, + finishedAt: nil, + expectedDuration: 54 * time.Second, + shouldSelfHeal: false, + }, { + attempts: 5, + finishedAt: nil, + expectedDuration: 120 * time.Second, + shouldSelfHeal: false, + }, { + attempts: 6, + finishedAt: nil, + expectedDuration: 120 * time.Second, + shouldSelfHeal: false, }} for i := range testCases { @@ -2256,3 +2580,54 @@ func TestSelfHealExponentialBackoff(t *testing.T) { }) } } + +func TestSyncTimeout(t *testing.T) { + testCases := []struct { + delta time.Duration + expectedPhase synccommon.OperationPhase + expectedMessage string + }{{ + delta: 2 * time.Minute, + expectedPhase: synccommon.OperationFailed, + expectedMessage: "Operation terminated", + }, { + delta: 30 * time.Second, + expectedPhase: synccommon.OperationSucceeded, + expectedMessage: "successfully synced (no more tasks)", + }} + for i := range testCases { + tc := testCases[i] + t.Run(fmt.Sprintf("test case %d", i), func(t *testing.T) { + app := newFakeApp() + app.Spec.Project = "default" + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Revision: "HEAD", + }, + } + ctrl := newFakeController(&fakeData{ + apps: []runtime.Object{app, &defaultProj}, + manifestResponses: []*apiclient.ManifestResponse{{ + Manifests: []string{}, + }}, + }, nil) + + ctrl.syncTimeout = time.Minute + app.Status.OperationState = &v1alpha1.OperationState{ + Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Revision: "HEAD", + }, + }, + Phase: synccommon.OperationRunning, + StartedAt: metav1.NewTime(time.Now().Add(-tc.delta)), + } + ctrl.processRequestedAppOperation(app) + + app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.ObjectMeta.Namespace).Get(context.Background(), app.ObjectMeta.Name, metav1.GetOptions{}) + require.NoError(t, err) + require.Equal(t, tc.expectedPhase, app.Status.OperationState.Phase) + require.Equal(t, tc.expectedMessage, app.Status.OperationState.Message) + }) + } +} diff --git a/controller/cache/cache.go b/controller/cache/cache.go index b17afbca5234b..266c6ab0fd6cc 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -69,6 +69,12 @@ const ( // EnvClusterCacheRetryUseBackoff is the env variable to control whether to use a backoff strategy with the retry during cluster cache sync EnvClusterCacheRetryUseBackoff = "ARGOCD_CLUSTER_CACHE_RETRY_USE_BACKOFF" + // EnvClusterCacheBatchEventsProcessing is the env variable to control whether to enable batch events processing + EnvClusterCacheBatchEventsProcessing = "ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING" + + // EnvClusterCacheEventProcessingInterval is the env variable to control the interval between processing events when BatchEventsProcessing is enabled + EnvClusterCacheEventProcessingInterval = "ARGOCD_CLUSTER_CACHE_EVENT_PROCESSING_INTERVAL" + // AnnotationIgnoreResourceUpdates when set to true on an untracked resource, // argo will apply `ignoreResourceUpdates` configuration on it. AnnotationIgnoreResourceUpdates = "argocd.argoproj.io/ignore-resource-updates" @@ -103,6 +109,12 @@ var ( // clusterCacheRetryUseBackoff specifies whether to use a backoff strategy on cluster cache sync, if retry is enabled clusterCacheRetryUseBackoff bool = false + + // clusterCacheBatchEventsProcessing specifies whether to enable batch events processing + clusterCacheBatchEventsProcessing bool = false + + // clusterCacheEventProcessingInterval specifies the interval between processing events when BatchEventsProcessing is enabled + clusterCacheEventProcessingInterval = 100 * time.Millisecond ) func init() { @@ -114,6 +126,8 @@ func init() { clusterCacheListSemaphoreSize = env.ParseInt64FromEnv(EnvClusterCacheListSemaphore, clusterCacheListSemaphoreSize, 0, math.MaxInt64) clusterCacheAttemptLimit = int32(env.ParseNumFromEnv(EnvClusterCacheAttemptLimit, int(clusterCacheAttemptLimit), 1, math.MaxInt32)) clusterCacheRetryUseBackoff = env.ParseBoolFromEnv(EnvClusterCacheRetryUseBackoff, false) + clusterCacheBatchEventsProcessing = env.ParseBoolFromEnv(EnvClusterCacheBatchEventsProcessing, false) + clusterCacheEventProcessingInterval = env.ParseDurationFromEnv(EnvClusterCacheEventProcessingInterval, clusterCacheEventProcessingInterval, 0, math.MaxInt64) } type LiveStateCache interface { @@ -554,6 +568,8 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e clustercache.SetLogr(logutils.NewLogrusLogger(log.WithField("server", cluster.Server))), clustercache.SetRetryOptions(clusterCacheAttemptLimit, clusterCacheRetryUseBackoff, isRetryableError), clustercache.SetRespectRBAC(respectRBAC), + clustercache.SetBatchEventsProcessing(clusterCacheBatchEventsProcessing), + clustercache.SetEventProcessingInterval(clusterCacheEventProcessingInterval), } clusterCache = clustercache.NewClusterCache(clusterCacheConfig, clusterCacheOpts...) @@ -608,6 +624,10 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e c.metricsServer.IncClusterEventsCount(cluster.Server, gvk.Group, gvk.Kind) }) + _ = clusterCache.OnProcessEventsHandler(func(duration time.Duration, processedEventsNumber int) { + c.metricsServer.ObserveResourceEventsProcessingDuration(cluster.Server, duration, processedEventsNumber) + }) + c.clusters[server] = clusterCache return clusterCache, nil diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 63935a1e453f4..652b4b5549ccc 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -140,7 +140,7 @@ func TestHandleDeleteEvent_CacheDeadlock(t *testing.T) { } db := &dbmocks.ArgoDB{} db.On("GetApplicationControllerReplicas").Return(1) - fakeClient := fake.NewSimpleClientset() + fakeClient := fake.NewClientset() settingsMgr := argosettings.NewSettingsManager(context.TODO(), fakeClient, "argocd") liveStateCacheLock := sync.RWMutex{} gitopsEngineClusterCache := &mocks.ClusterCache{} diff --git a/controller/clusterinfoupdater_test.go b/controller/clusterinfoupdater_test.go index 989ac630d528a..6dc10d9db3e30 100644 --- a/controller/clusterinfoupdater_test.go +++ b/controller/clusterinfoupdater_test.go @@ -67,7 +67,7 @@ func TestClusterSecretUpdater(t *testing.T) { "server.secretkey": nil, }, } - kubeclientset := fake.NewSimpleClientset(emptyArgoCDConfigMap, argoCDSecret) + kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecret) appclientset := appsfake.NewSimpleClientset() appInformer := appinformers.NewApplicationInformer(appclientset, "", time.Minute, cache.Indexers{}) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) diff --git a/controller/health.go b/controller/health.go index f713a574f57d3..ece586c00b089 100644 --- a/controller/health.go +++ b/controller/health.go @@ -8,8 +8,10 @@ import ( "github.com/argoproj/gitops-engine/pkg/sync/ignore" kubeutil "github.com/argoproj/gitops-engine/pkg/utils/kube" log "github.com/sirupsen/logrus" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/lua" @@ -19,11 +21,15 @@ import ( func setApplicationHealth(resources []managedResource, statuses []appv1.ResourceStatus, resourceOverrides map[string]appv1.ResourceOverride, app *appv1.Application, persistResourceHealth bool) (*appv1.HealthStatus, error) { var savedErr error var errCount uint + appHealth := appv1.HealthStatus{Status: health.HealthStatusHealthy} for i, res := range resources { if res.Target != nil && hookutil.Skip(res.Target) { continue } + if res.Target != nil && res.Target.GetAnnotations() != nil && res.Target.GetAnnotations()[common.AnnotationIgnoreHealthCheck] == "true" { + continue + } if res.Live != nil && (hookutil.IsHook(res.Live) || ignore.Ignore(res.Live)) { continue @@ -76,6 +82,13 @@ func setApplicationHealth(resources []managedResource, statuses []appv1.Resource } if persistResourceHealth { app.Status.ResourceHealthSource = appv1.ResourceHealthLocationInline + // if the status didn't change, don't update the timestamp + if app.Status.Health.Status == appHealth.Status && app.Status.Health.LastTransitionTime != nil { + appHealth.LastTransitionTime = app.Status.Health.LastTransitionTime + } else { + now := metav1.Now() + appHealth.LastTransitionTime = &now + } } else { app.Status.ResourceHealthSource = appv1.ResourceHealthLocationAppTree } diff --git a/controller/health_test.go b/controller/health_test.go index efaf4b2a8fc80..3cc3f8d67d816 100644 --- a/controller/health_test.go +++ b/controller/health_test.go @@ -1,8 +1,10 @@ package controller import ( + "fmt" "os" "testing" + "time" "github.com/argoproj/gitops-engine/pkg/health" synccommon "github.com/argoproj/gitops-engine/pkg/sync/common" @@ -19,7 +21,16 @@ import ( "github.com/argoproj/argo-cd/v2/util/lua" ) -var app = &appv1.Application{} +var ( + app = &appv1.Application{ + Status: appv1.ApplicationStatus{ + Health: appv1.HealthStatus{ + LastTransitionTime: &metav1.Time{Time: time.Date(2020, time.January, 1, 12, 0, 0, 0, time.UTC)}, + }, + }, + } + testTimestamp = metav1.Time{Time: time.Date(2020, time.January, 1, 12, 0, 0, 0, time.UTC)} +) func initStatuses(resources []managedResource) []appv1.ResourceStatus { statuses := make([]appv1.ResourceStatus, len(resources)) @@ -56,15 +67,35 @@ func TestSetApplicationHealth(t *testing.T) { healthStatus, err := setApplicationHealth(resources, resourceStatuses, lua.ResourceHealthOverrides{}, app, true) require.NoError(t, err) assert.Equal(t, health.HealthStatusDegraded, healthStatus.Status) - assert.Equal(t, health.HealthStatusHealthy, resourceStatuses[0].Health.Status) assert.Equal(t, health.HealthStatusDegraded, resourceStatuses[1].Health.Status) + // Health.LastTransitionTime is set only for app health and not at individual resource level + assert.NotNil(t, healthStatus.LastTransitionTime) + assert.Nil(t, resourceStatuses[0].Health.LastTransitionTime) + assert.Nil(t, resourceStatuses[1].Health.LastTransitionTime) + previousLastTransitionTime := healthStatus.LastTransitionTime + app.Status.Health = *healthStatus // now mark the job as a hook and retry. it should ignore the hook and consider the app healthy failedJob.SetAnnotations(map[string]string{synccommon.AnnotationKeyHook: "PreSync"}) healthStatus, err = setApplicationHealth(resources, resourceStatuses, nil, app, true) require.NoError(t, err) assert.Equal(t, health.HealthStatusHealthy, healthStatus.Status) + // change in health, timestamp should change + assert.NotEqual(t, *previousLastTransitionTime, *healthStatus.LastTransitionTime) + previousLastTransitionTime = healthStatus.LastTransitionTime + app.Status.Health = *healthStatus + + // now we set the `argocd.argoproj.io/ignore-healthcheck: "true"` annotation on the job's target. + // The app is considered healthy + failedJob.SetAnnotations(nil) + failedJobIgnoreHealthcheck := resourceFromFile("./testdata/job-failed-ignore-healthcheck.yaml") + resources[1].Target = &failedJobIgnoreHealthcheck + healthStatus, err = setApplicationHealth(resources, resourceStatuses, nil, app, true) + require.NoError(t, err) + assert.Equal(t, health.HealthStatusHealthy, healthStatus.Status) + // no change in health, timestamp shouldn't change + assert.Equal(t, *previousLastTransitionTime, *healthStatus.LastTransitionTime) } func TestSetApplicationHealth_ResourceHealthNotPersisted(t *testing.T) { @@ -93,6 +124,41 @@ func TestSetApplicationHealth_MissingResource(t *testing.T) { healthStatus, err := setApplicationHealth(resources, resourceStatuses, lua.ResourceHealthOverrides{}, app, true) require.NoError(t, err) assert.Equal(t, health.HealthStatusMissing, healthStatus.Status) + assert.False(t, healthStatus.LastTransitionTime.IsZero()) +} + +func TestSetApplicationHealth_HealthImproves(t *testing.T) { + testCases := []struct { + oldStatus health.HealthStatusCode + newStatus health.HealthStatusCode + }{ + {health.HealthStatusUnknown, health.HealthStatusDegraded}, + {health.HealthStatusDegraded, health.HealthStatusProgressing}, + {health.HealthStatusMissing, health.HealthStatusProgressing}, + {health.HealthStatusProgressing, health.HealthStatusSuspended}, + {health.HealthStatusSuspended, health.HealthStatusHealthy}, + } + + for _, tc := range testCases { + overrides := lua.ResourceHealthOverrides{ + lua.GetConfigMapKey(schema.FromAPIVersionAndKind("v1", "Pod")): appv1.ResourceOverride{ + HealthLua: fmt.Sprintf("hs = {}\nhs.status = %q\nhs.message = \"\"return hs", tc.newStatus), + }, + } + + runningPod := resourceFromFile("./testdata/pod-running-restart-always.yaml") + resources := []managedResource{{ + Group: "", Version: "v1", Kind: "Pod", Live: &runningPod, + }} + resourceStatuses := initStatuses(resources) + + t.Run(string(fmt.Sprintf("%s to %s", tc.oldStatus, tc.newStatus)), func(t *testing.T) { + healthStatus, err := setApplicationHealth(resources, resourceStatuses, overrides, app, true) + require.NoError(t, err) + assert.Equal(t, tc.newStatus, healthStatus.Status) + assert.NotEqual(t, testTimestamp, *healthStatus.LastTransitionTime) + }) + } } func TestSetApplicationHealth_MissingResourceNoBuiltHealthCheck(t *testing.T) { @@ -118,6 +184,7 @@ func TestSetApplicationHealth_MissingResourceNoBuiltHealthCheck(t *testing.T) { }, app, true) require.NoError(t, err) assert.Equal(t, health.HealthStatusMissing, healthStatus.Status) + assert.False(t, healthStatus.LastTransitionTime.IsZero()) }) } diff --git a/controller/hook.go b/controller/hook.go index 5c391114ab9bb..b0fd8ebb039b4 100644 --- a/controller/hook.go +++ b/controller/hook.go @@ -51,7 +51,7 @@ func (ctrl *ApplicationController) executePostDeleteHooks(app *v1alpha1.Applicat revisions = append(revisions, src.TargetRevision) } - targets, _, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, false) + targets, _, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, false, true) if err != nil { return false, err } diff --git a/controller/hydrator/hydrator.go b/controller/hydrator/hydrator.go new file mode 100644 index 0000000000000..5b37374b3af1a --- /dev/null +++ b/controller/hydrator/hydrator.go @@ -0,0 +1,347 @@ +package hydrator + +import ( + "context" + "encoding/json" + "fmt" + "time" + + log "github.com/sirupsen/logrus" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + commitclient "github.com/argoproj/argo-cd/v2/commitserver/apiclient" + "github.com/argoproj/argo-cd/v2/controller/utils" + appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + argoio "github.com/argoproj/argo-cd/v2/util/io" +) + +// Dependencies is the interface for the dependencies of the Hydrator. It serves two purposes: 1) it prevents the +// hydrator from having direct access to the app controller, and 2) it allows for easy mocking of dependencies in tests. +// If you add something here, be sure that it is something the app controller needs to provide to the hydrator. +type Dependencies interface { + // TODO: determine if we actually need to get the app, or if all the stuff we need the app for is done already on + // the app controller side. + GetProcessableAppProj(app *appv1.Application) (*appv1.AppProject, error) + GetProcessableApps() (*appv1.ApplicationList, error) + GetRepoObjs(app *appv1.Application, source appv1.ApplicationSource, revision string, project *appv1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error) + GetWriteCredentials(ctx context.Context, repoURL string, project string) (*appv1.Repository, error) + RequestAppRefresh(appName string) + // TODO: only allow access to the hydrator status + PersistAppHydratorStatus(orig *appv1.Application, newStatus *appv1.SourceHydratorStatus) + AddHydrationQueueItem(key HydrationQueueKey) +} + +type Hydrator struct { + dependencies Dependencies + statusRefreshTimeout time.Duration + commitClientset commitclient.Clientset +} + +func NewHydrator(dependencies Dependencies, statusRefreshTimeout time.Duration, commitClientset commitclient.Clientset) *Hydrator { + return &Hydrator{ + dependencies: dependencies, + statusRefreshTimeout: statusRefreshTimeout, + commitClientset: commitClientset, + } +} + +func (h *Hydrator) ProcessAppHydrateQueueItem(origApp *appv1.Application) { + origApp = origApp.DeepCopy() + app := origApp.DeepCopy() + + if app.Spec.SourceHydrator == nil { + return + } + + logCtx := utils.GetAppLog(app) + + logCtx.Debug("Processing app hydrate queue item") + + // TODO: don't reuse statusRefreshTimeout. Create a new timeout for hydration. + needsHydration, reason := appNeedsHydration(origApp, h.statusRefreshTimeout) + if !needsHydration { + return + } + + logCtx.WithField("reason", reason).Info("Hydrating app") + + app.Status.SourceHydrator.CurrentOperation = &appv1.HydrateOperation{ + StartedAt: metav1.Now(), + FinishedAt: nil, + Phase: appv1.HydrateOperationPhaseHydrating, + SourceHydrator: *app.Spec.SourceHydrator, + } + h.dependencies.PersistAppHydratorStatus(origApp, &app.Status.SourceHydrator) + origApp.Status.SourceHydrator = app.Status.SourceHydrator + h.dependencies.AddHydrationQueueItem(getHydrationQueueKey(app)) + + logCtx.Debug("Successfully processed app hydrate queue item") +} + +func getHydrationQueueKey(app *appv1.Application) HydrationQueueKey { + destinationBranch := app.Spec.SourceHydrator.SyncSource.TargetBranch + if app.Spec.SourceHydrator.HydrateTo != nil { + destinationBranch = app.Spec.SourceHydrator.HydrateTo.TargetBranch + } + key := HydrationQueueKey{ + SourceRepoURL: app.Spec.SourceHydrator.DrySource.RepoURL, + SourceTargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision, + DestinationBranch: destinationBranch, + } + return key +} + +type HydrationQueueKey struct { + SourceRepoURL string + SourceTargetRevision string + DestinationBranch string +} + +// uniqueHydrationDestination is used to detect duplicate hydrate destinations. +type uniqueHydrationDestination struct { + sourceRepoURL string + sourceTargetRevision string + destinationBranch string + destinationPath string +} + +func (h *Hydrator) ProcessHydrationQueueItem(hydrationKey HydrationQueueKey) (processNext bool) { + logCtx := log.WithFields(log.Fields{ + "sourceRepoURL": hydrationKey.SourceRepoURL, + "sourceTargetRevision": hydrationKey.SourceTargetRevision, + "destinationBranch": hydrationKey.DestinationBranch, + }) + + relevantApps, drySHA, hydratedSHA, err := h.hydrateAppsLatestCommit(logCtx, hydrationKey) + if drySHA != "" { + logCtx = logCtx.WithField("drySHA", drySHA) + } + if err != nil { + logCtx.WithField("appCount", len(relevantApps)).WithError(err).Error("Failed to hydrate apps") + for _, app := range relevantApps { + origApp := app.DeepCopy() + app.Status.SourceHydrator.CurrentOperation.Phase = appv1.HydrateOperationPhaseFailed + failedAt := metav1.Now() + app.Status.SourceHydrator.CurrentOperation.FinishedAt = &failedAt + app.Status.SourceHydrator.CurrentOperation.Message = fmt.Sprintf("Failed to hydrated revision %s: %v", drySHA, err.Error()) + h.dependencies.PersistAppHydratorStatus(origApp, &app.Status.SourceHydrator) + logCtx = logCtx.WithField("app", app.QualifiedName()) + logCtx.Errorf("Failed to hydrate app: %v", err) + } + return + } + logCtx.WithField("appCount", len(relevantApps)).Debug("Successfully hydrated apps") + finishedAt := metav1.Now() + for _, app := range relevantApps { + origApp := app.DeepCopy() + operation := &appv1.HydrateOperation{ + StartedAt: app.Status.SourceHydrator.CurrentOperation.StartedAt, + FinishedAt: &finishedAt, + Phase: appv1.HydrateOperationPhaseHydrated, + Message: "", + DrySHA: drySHA, + HydratedSHA: hydratedSHA, + SourceHydrator: app.Status.SourceHydrator.CurrentOperation.SourceHydrator, + } + app.Status.SourceHydrator.CurrentOperation = operation + app.Status.SourceHydrator.LastSuccessfulOperation = &appv1.SuccessfulHydrateOperation{ + DrySHA: drySHA, + HydratedSHA: hydratedSHA, + SourceHydrator: app.Status.SourceHydrator.CurrentOperation.SourceHydrator, + } + h.dependencies.PersistAppHydratorStatus(origApp, &app.Status.SourceHydrator) + // Request a refresh since we pushed a new commit. + h.dependencies.RequestAppRefresh(app.QualifiedName()) + } + return +} + +func (h *Hydrator) hydrateAppsLatestCommit(logCtx *log.Entry, hydrationKey HydrationQueueKey) ([]*appv1.Application, string, string, error) { + relevantApps, err := h.getRelevantAppsForHydration(logCtx, hydrationKey) + if err != nil { + return nil, "", "", fmt.Errorf("failed to get relevant apps for hydration: %w", err) + } + + hydratedRevision, dryRevision, err := h.hydrate(logCtx, relevantApps) + if err != nil { + return relevantApps, dryRevision, "", fmt.Errorf("failed to hydrate apps: %w", err) + } + + return relevantApps, dryRevision, hydratedRevision, nil +} + +func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey HydrationQueueKey) ([]*appv1.Application, error) { + // Get all apps + apps, err := h.dependencies.GetProcessableApps() + if err != nil { + return nil, fmt.Errorf("failed to list apps: %w", err) + } + + var relevantApps []*appv1.Application + uniqueDestinations := make(map[uniqueHydrationDestination]bool, len(apps.Items)) + for _, app := range apps.Items { + if app.Spec.SourceHydrator == nil { + continue + } + + if app.Spec.SourceHydrator.DrySource.RepoURL != hydrationKey.SourceRepoURL || + app.Spec.SourceHydrator.DrySource.TargetRevision != hydrationKey.SourceTargetRevision { + continue + } + destinationBranch := app.Spec.SourceHydrator.SyncSource.TargetBranch + if app.Spec.SourceHydrator.HydrateTo != nil { + destinationBranch = app.Spec.SourceHydrator.HydrateTo.TargetBranch + } + if destinationBranch != hydrationKey.DestinationBranch { + continue + } + + var proj *appv1.AppProject + proj, err = h.dependencies.GetProcessableAppProj(&app) + if err != nil { + return nil, fmt.Errorf("failed to get project %q for app %q: %w", app.Spec.Project, app.QualifiedName(), err) + } + permitted := proj.IsSourcePermitted(app.Spec.GetSource()) + if !permitted { + // Log and skip. We don't want to fail the entire operation because of one app. + logCtx.Warnf("App %q is not permitted to use source %q", app.QualifiedName(), app.Spec.Source.String()) + continue + } + + uniqueDestinationKey := uniqueHydrationDestination{ + sourceRepoURL: app.Spec.SourceHydrator.DrySource.RepoURL, + sourceTargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision, + destinationBranch: destinationBranch, + destinationPath: app.Spec.SourceHydrator.SyncSource.Path, + } + // TODO: test the dupe detection + if _, ok := uniqueDestinations[uniqueDestinationKey]; ok { + return nil, fmt.Errorf("multiple app hydrators use the same destination: %v", uniqueDestinationKey) + } + uniqueDestinations[uniqueDestinationKey] = true + + relevantApps = append(relevantApps, &app) + } + return relevantApps, nil +} + +func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application) (string, string, error) { + if len(apps) == 0 { + return "", "", nil + } + repoURL := apps[0].Spec.SourceHydrator.DrySource.RepoURL + syncBranch := apps[0].Spec.SourceHydrator.SyncSource.TargetBranch + targetBranch := apps[0].Spec.GetHydrateToSource().TargetRevision + var paths []*commitclient.PathDetails + projects := make(map[string]bool, len(apps)) + var targetRevision string + // TODO: parallelize this loop + for _, app := range apps { + project, err := h.dependencies.GetProcessableAppProj(app) + if err != nil { + return "", "", fmt.Errorf("failed to get project: %w", err) + } + projects[project.Name] = true + drySource := appv1.ApplicationSource{ + RepoURL: app.Spec.SourceHydrator.DrySource.RepoURL, + Path: app.Spec.SourceHydrator.DrySource.Path, + TargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision, + } + if targetRevision == "" { + targetRevision = app.Spec.SourceHydrator.DrySource.TargetRevision + } + + // TODO: enable signature verification + objs, resp, err := h.dependencies.GetRepoObjs(app, drySource, targetRevision, project) + if err != nil { + return "", "", fmt.Errorf("failed to get repo objects: %w", err) + } + + targetRevision = resp.Revision + + // Set up a ManifestsRequest + manifestDetails := make([]*commitclient.HydratedManifestDetails, len(objs)) + for i, obj := range objs { + objJson, err := json.Marshal(obj) + if err != nil { + return "", "", fmt.Errorf("failed to marshal object: %w", err) + } + manifestDetails[i] = &commitclient.HydratedManifestDetails{ManifestJSON: string(objJson)} + } + + paths = append(paths, &commitclient.PathDetails{ + Path: app.Spec.SourceHydrator.SyncSource.Path, + Manifests: manifestDetails, + Commands: resp.Commands, + }) + } + + // If all the apps are under the same project, use that project. Otherwise, use an empty string to indicate that we + // need global creds. + project := "" + if len(projects) == 1 { + for p := range projects { + project = p + } + } + + repo, err := h.dependencies.GetWriteCredentials(context.Background(), repoURL, project) + if err != nil { + return "", "", fmt.Errorf("failed to get hydrator credentials: %w", err) + } + if repo == nil { + // Try without credentials. + repo = &appv1.Repository{ + Repo: repoURL, + } + logCtx.Warn("no credentials found for repo, continuing without credentials") + } + + manifestsRequest := commitclient.CommitHydratedManifestsRequest{ + Repo: repo, + SyncBranch: syncBranch, + TargetBranch: targetBranch, + DrySha: targetRevision, + CommitMessage: "[Argo CD Bot] hydrate " + targetRevision, + Paths: paths, + } + + closer, commitService, err := h.commitClientset.NewCommitServerClient() + if err != nil { + return "", "", fmt.Errorf("failed to create commit service: %w", err) + } + defer argoio.Close(closer) + resp, err := commitService.CommitHydratedManifests(context.Background(), &manifestsRequest) + if err != nil { + return "", "", fmt.Errorf("failed to commit hydrated manifests: %w", err) + } + return targetRevision, resp.HydratedSha, nil +} + +// appNeedsHydration answers if application needs manifests hydrated. +func appNeedsHydration(app *appv1.Application, statusHydrateTimeout time.Duration) (needsHydration bool, reason string) { + if app.Spec.SourceHydrator == nil { + return false, "source hydrator not configured" + } + + var hydratedAt *metav1.Time + if app.Status.SourceHydrator.CurrentOperation != nil { + hydratedAt = &app.Status.SourceHydrator.CurrentOperation.StartedAt + } + + if app.IsHydrateRequested() { + return true, "hydrate requested" + } else if app.Status.SourceHydrator.CurrentOperation == nil { + return true, "no previous hydrate operation" + } else if !app.Spec.SourceHydrator.DeepEquals(app.Status.SourceHydrator.CurrentOperation.SourceHydrator) { + return true, "spec.sourceHydrator differs" + } else if app.Status.SourceHydrator.CurrentOperation.Phase == appv1.HydrateOperationPhaseFailed && metav1.Now().Sub(app.Status.SourceHydrator.CurrentOperation.FinishedAt.Time) > 2*time.Minute { + return true, "previous hydrate operation failed more than 2 minutes ago" + } else if hydratedAt == nil || hydratedAt.Add(statusHydrateTimeout).Before(time.Now().UTC()) { + return true, "hydration expired" + } + + return false, "" +} diff --git a/controller/hydrator/hydrator_test.go b/controller/hydrator/hydrator_test.go new file mode 100644 index 0000000000000..c4e62931a5348 --- /dev/null +++ b/controller/hydrator/hydrator_test.go @@ -0,0 +1,103 @@ +package hydrator + +import ( + "testing" + "time" + + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +func Test_appNeedsHydration(t *testing.T) { + t.Parallel() + + now := metav1.NewTime(time.Now()) + oneHourAgo := metav1.NewTime(now.Add(-1 * time.Hour)) + + testCases := []struct { + name string + app *v1alpha1.Application + timeout time.Duration + expectedNeedsHydration bool + expectedMessage string + }{ + { + name: "source hydrator not configured", + app: &v1alpha1.Application{}, + expectedNeedsHydration: false, + expectedMessage: "source hydrator not configured", + }, + { + name: "hydrate requested", + app: &v1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{Annotations: map[string]string{v1alpha1.AnnotationKeyHydrate: "normal"}}, + Spec: v1alpha1.ApplicationSpec{SourceHydrator: &v1alpha1.SourceHydrator{}}, + }, + timeout: 1 * time.Hour, + expectedNeedsHydration: true, + expectedMessage: "hydrate requested", + }, + { + name: "no previous hydrate operation", + app: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{SourceHydrator: &v1alpha1.SourceHydrator{}}, + }, + timeout: 1 * time.Hour, + expectedNeedsHydration: true, + expectedMessage: "no previous hydrate operation", + }, + { + name: "spec.sourceHydrator differs", + app: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{SourceHydrator: &v1alpha1.SourceHydrator{}}, + Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{ + SourceHydrator: v1alpha1.SourceHydrator{DrySource: v1alpha1.DrySource{RepoURL: "something new"}}, + }}}, + }, + timeout: 1 * time.Hour, + expectedNeedsHydration: true, + expectedMessage: "spec.sourceHydrator differs", + }, + { + name: "hydration failed more than two minutes ago", + app: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{SourceHydrator: &v1alpha1.SourceHydrator{}}, + Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{DrySHA: "abc123", FinishedAt: &oneHourAgo, Phase: v1alpha1.HydrateOperationPhaseFailed}}}, + }, + timeout: 1 * time.Hour, + expectedNeedsHydration: true, + expectedMessage: "previous hydrate operation failed more than 2 minutes ago", + }, + { + name: "timeout reached", + app: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{SourceHydrator: &v1alpha1.SourceHydrator{}}, + Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{StartedAt: oneHourAgo}}}, + }, + timeout: 1 * time.Minute, + expectedNeedsHydration: true, + expectedMessage: "hydration expired", + }, + { + name: "hydrate not needed", + app: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{SourceHydrator: &v1alpha1.SourceHydrator{}}, + Status: v1alpha1.ApplicationStatus{SourceHydrator: v1alpha1.SourceHydratorStatus{CurrentOperation: &v1alpha1.HydrateOperation{DrySHA: "abc123", StartedAt: now, FinishedAt: &now, Phase: v1alpha1.HydrateOperationPhaseFailed}}}, + }, + timeout: 1 * time.Hour, + expectedNeedsHydration: false, + expectedMessage: "", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + needsHydration, message := appNeedsHydration(tc.app, tc.timeout) + assert.Equal(t, tc.expectedNeedsHydration, needsHydration) + assert.Equal(t, tc.expectedMessage, message) + }) + } +} diff --git a/controller/hydrator_dependencies.go b/controller/hydrator_dependencies.go new file mode 100644 index 0000000000000..b9c0430a4206c --- /dev/null +++ b/controller/hydrator_dependencies.go @@ -0,0 +1,71 @@ +package controller + +import ( + "context" + "fmt" + + "github.com/argoproj/argo-cd/v2/controller/hydrator" + appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +/** +This file implements the hydrator.Dependencies interface for the ApplicationController. + +Hydration logic does not belong in this file. The methods here should be "bookkeeping" methods that keep hydration work +in the hydrator and app controller work in the app controller. The only purpose of this file is to provide the hydrator +safe, minimal access to certain app controller functionality to avoid duplicate code. +*/ + +func (ctrl *ApplicationController) GetProcessableAppProj(app *appv1.Application) (*appv1.AppProject, error) { + return ctrl.getAppProj(app) +} + +// GetProcessableApps returns a list of applications that are processable by the controller. +func (ctrl *ApplicationController) GetProcessableApps() (*appv1.ApplicationList, error) { + // getAppList already filters out applications that are not processable by the controller. + return ctrl.getAppList(metav1.ListOptions{}) +} + +func (ctrl *ApplicationController) GetRepoObjs(app *appv1.Application, source appv1.ApplicationSource, revision string, project *appv1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error) { + sources := []appv1.ApplicationSource{source} + revisions := []string{revision} + + appLabelKey, err := ctrl.settingsMgr.GetAppInstanceLabelKey() + if err != nil { + return nil, nil, fmt.Errorf("failed to get app instance label key: %w", err) + } + + // FIXME: use cache and revision cache + objs, resp, _, err := ctrl.appStateManager.GetRepoObjs(app, sources, appLabelKey, revisions, true, true, false, project, false, false) + if err != nil { + return nil, nil, fmt.Errorf("failed to get repo objects: %w", err) + } + + if len(resp) != 1 { + return nil, nil, fmt.Errorf("expected one manifest response, got %d", len(resp)) + } + + return objs, resp[0], nil +} + +func (ctrl *ApplicationController) GetWriteCredentials(ctx context.Context, repoURL string, project string) (*appv1.Repository, error) { + return ctrl.db.GetWriteRepository(ctx, repoURL, project) +} + +func (ctrl *ApplicationController) RequestAppRefresh(appName string) { + ctrl.requestAppRefresh(appName, CompareWithLatest.Pointer(), nil) +} + +func (ctrl *ApplicationController) PersistAppHydratorStatus(orig *appv1.Application, newStatus *appv1.SourceHydratorStatus) { + status := orig.Status.DeepCopy() + status.SourceHydrator = *newStatus + ctrl.persistAppStatus(orig, status) +} + +func (ctrl *ApplicationController) AddHydrationQueueItem(key hydrator.HydrationQueueKey) { + ctrl.hydrationQueue.AddRateLimited(key) +} diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index b8674cd231b09..70339499e0a13 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -30,18 +30,20 @@ import ( type MetricsServer struct { *http.Server - syncCounter *prometheus.CounterVec - kubectlExecCounter *prometheus.CounterVec - kubectlExecPendingGauge *prometheus.GaugeVec - orphanedResourcesGauge *prometheus.GaugeVec - k8sRequestCounter *prometheus.CounterVec - clusterEventsCounter *prometheus.CounterVec - redisRequestCounter *prometheus.CounterVec - reconcileHistogram *prometheus.HistogramVec - redisRequestHistogram *prometheus.HistogramVec - registry *prometheus.Registry - hostname string - cron *cron.Cron + syncCounter *prometheus.CounterVec + kubectlExecCounter *prometheus.CounterVec + kubectlExecPendingGauge *prometheus.GaugeVec + orphanedResourcesGauge *prometheus.GaugeVec + k8sRequestCounter *prometheus.CounterVec + clusterEventsCounter *prometheus.CounterVec + redisRequestCounter *prometheus.CounterVec + reconcileHistogram *prometheus.HistogramVec + redisRequestHistogram *prometheus.HistogramVec + resourceEventsProcessingHistogram *prometheus.HistogramVec + resourceEventsNumberGauge *prometheus.GaugeVec + registry *prometheus.Registry + hostname string + cron *cron.Cron } const ( @@ -153,6 +155,20 @@ var ( }, descAppDefaultLabels, ) + + resourceEventsProcessingHistogram = prometheus.NewHistogramVec( + prometheus.HistogramOpts{ + Name: "argocd_resource_events_processing", + Help: "Time to process resource events in seconds.", + Buckets: []float64{0.25, .5, 1, 2, 4, 8, 16}, + }, + []string{"server"}, + ) + + resourceEventsNumberGauge = prometheus.NewGaugeVec(prometheus.GaugeOpts{ + Name: "argocd_resource_events_processed_in_batch", + Help: "Number of resource events processed in batch", + }, []string{"server"}) ) // NewMetricsServer returns a new prometheus server which collects application metrics @@ -202,6 +218,8 @@ func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFil registry.MustRegister(clusterEventsCounter) registry.MustRegister(redisRequestCounter) registry.MustRegister(redisRequestHistogram) + registry.MustRegister(resourceEventsProcessingHistogram) + registry.MustRegister(resourceEventsNumberGauge) return &MetricsServer{ registry: registry, @@ -209,16 +227,18 @@ func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFil Addr: addr, Handler: mux, }, - syncCounter: syncCounter, - k8sRequestCounter: k8sRequestCounter, - kubectlExecCounter: kubectlExecCounter, - kubectlExecPendingGauge: kubectlExecPendingGauge, - orphanedResourcesGauge: orphanedResourcesGauge, - reconcileHistogram: reconcileHistogram, - clusterEventsCounter: clusterEventsCounter, - redisRequestCounter: redisRequestCounter, - redisRequestHistogram: redisRequestHistogram, - hostname: hostname, + syncCounter: syncCounter, + k8sRequestCounter: k8sRequestCounter, + kubectlExecCounter: kubectlExecCounter, + kubectlExecPendingGauge: kubectlExecPendingGauge, + orphanedResourcesGauge: orphanedResourcesGauge, + reconcileHistogram: reconcileHistogram, + clusterEventsCounter: clusterEventsCounter, + redisRequestCounter: redisRequestCounter, + redisRequestHistogram: redisRequestHistogram, + resourceEventsProcessingHistogram: resourceEventsProcessingHistogram, + resourceEventsNumberGauge: resourceEventsNumberGauge, + hostname: hostname, // This cron is used to expire the metrics cache. // Currently clearing the metrics cache is logging and deleting from the map // so there is no possibility of panic, but we will add a chain to keep robfig/cron v1 behavior. @@ -284,6 +304,12 @@ func (m *MetricsServer) ObserveRedisRequestDuration(duration time.Duration) { m.redisRequestHistogram.WithLabelValues(m.hostname, common.ApplicationController).Observe(duration.Seconds()) } +// ObserveResourceEventsProcessingDuration observes resource events processing duration +func (m *MetricsServer) ObserveResourceEventsProcessingDuration(server string, duration time.Duration, processedEventsNumber int) { + m.resourceEventsProcessingHistogram.WithLabelValues(server).Observe(duration.Seconds()) + m.resourceEventsNumberGauge.WithLabelValues(server).Set(float64(processedEventsNumber)) +} + // IncReconcile increments the reconcile counter for an application func (m *MetricsServer) IncReconcile(app *argoappv1.Application, duration time.Duration) { m.reconcileHistogram.WithLabelValues(app.Namespace, app.Spec.Destination.Server).Observe(duration.Seconds()) @@ -311,6 +337,8 @@ func (m *MetricsServer) SetExpiration(cacheExpiration time.Duration) error { m.redisRequestCounter.Reset() m.reconcileHistogram.Reset() m.redisRequestHistogram.Reset() + m.resourceEventsProcessingHistogram.Reset() + m.resourceEventsNumberGauge.Reset() }) if err != nil { return err diff --git a/controller/sharding/cache.go b/controller/sharding/cache.go index 4a750e3545524..454b37e4cf5fe 100644 --- a/controller/sharding/cache.go +++ b/controller/sharding/cache.go @@ -19,7 +19,6 @@ type ClusterShardingCache interface { UpdateApp(a *v1alpha1.Application) IsManagedCluster(c *v1alpha1.Cluster) bool GetDistribution() map[string]int - GetAppDistribution() map[string]int } type ClusterSharding struct { @@ -244,22 +243,3 @@ func (sharding *ClusterSharding) UpdateApp(a *v1alpha1.Application) { log.Debugf("Skipping sharding distribution update. No relevant changes") } } - -// GetAppDistribution should be not be called from a DestributionFunction because -// it could cause a deadlock when updateDistribution is called. -func (sharding *ClusterSharding) GetAppDistribution() map[string]int { - sharding.lock.RLock() - clusters := sharding.Clusters - apps := sharding.Apps - sharding.lock.RUnlock() - - appDistribution := make(map[string]int, len(clusters)) - - for _, a := range apps { - if _, ok := appDistribution[a.Spec.Destination.Server]; !ok { - appDistribution[a.Spec.Destination.Server] = 0 - } - appDistribution[a.Spec.Destination.Server]++ - } - return appDistribution -} diff --git a/controller/sharding/sharding_test.go b/controller/sharding/sharding_test.go index b76741be92e16..c332e869c2789 100644 --- a/controller/sharding/sharding_test.go +++ b/controller/sharding/sharding_test.go @@ -988,35 +988,37 @@ func TestGetClusterSharding(t *testing.T) { } func TestAppAwareCache(t *testing.T) { - _, db, cluster1, cluster2, cluster3, cluster4, cluster5 := createTestClusters() + _, _, cluster1, cluster2, cluster3, cluster4, cluster5 := createTestClusters() _, app1, app2, app3, app4, app5 := createTestApps() - clusterSharding := NewClusterSharding(db, 0, 1, "legacy") + clusterList := getClusterPointers([]v1alpha1.Cluster{cluster1, cluster2, cluster3, cluster4, cluster5}) + appList := getAppPointers([]v1alpha1.Application{app1, app2, app3, app4, app5}) - clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{cluster1, cluster2, cluster3, cluster4, cluster5}} - appList := &v1alpha1.ApplicationList{Items: []v1alpha1.Application{app1, app2, app3, app4, app5}} - clusterSharding.Init(clusterList, appList) + getClusters := func() []*v1alpha1.Cluster { return clusterList } + getApps := func() []*v1alpha1.Application { return appList } - appDistribution := clusterSharding.GetAppDistribution() + appDistribution := getAppDistribution(getClusters, getApps) - assert.Equal(t, 2, appDistribution["cluster1"]) - assert.Equal(t, 2, appDistribution["cluster2"]) - assert.Equal(t, 1, appDistribution["cluster3"]) + assert.Equal(t, int64(2), appDistribution["cluster1"]) + assert.Equal(t, int64(2), appDistribution["cluster2"]) + assert.Equal(t, int64(1), appDistribution["cluster3"]) app6 := createApp("app6", "cluster4") - clusterSharding.AddApp(&app6) + appList = append(appList, &app6) app1Update := createApp("app1", "cluster2") - clusterSharding.UpdateApp(&app1Update) + // replace app 1 + appList[0] = &app1Update - clusterSharding.DeleteApp(&app3) + // Remove app 3 + appList = append(appList[:2], appList[3:]...) - appDistribution = clusterSharding.GetAppDistribution() + appDistribution = getAppDistribution(getClusters, getApps) - assert.Equal(t, 1, appDistribution["cluster1"]) - assert.Equal(t, 2, appDistribution["cluster2"]) - assert.Equal(t, 1, appDistribution["cluster3"]) - assert.Equal(t, 1, appDistribution["cluster4"]) + assert.Equal(t, int64(1), appDistribution["cluster1"]) + assert.Equal(t, int64(2), appDistribution["cluster2"]) + assert.Equal(t, int64(1), appDistribution["cluster3"]) + assert.Equal(t, int64(1), appDistribution["cluster4"]) } func createTestApps() (appAccessor, v1alpha1.Application, v1alpha1.Application, v1alpha1.Application, v1alpha1.Application, v1alpha1.Application) { diff --git a/controller/state.go b/controller/state.go index b6bafcb5c83ac..f9b8628d89d29 100644 --- a/controller/state.go +++ b/controller/state.go @@ -71,7 +71,7 @@ type managedResource struct { type AppStateManager interface { CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool, rollback bool) (*comparisonResult, error) SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState) - GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error) + GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error) } // comparisonResult holds the state of an application after the reconciliation @@ -125,7 +125,7 @@ type appStateManager struct { // task to the repo-server. It returns the list of generated manifests as unstructured // objects. It also returns the full response from all calls to the repo server as the // second argument. -func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error) { +func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error) { ts := stats.NewTimingStats() helmRepos, err := m.db.ListHelmRepositories(context.Background()) if err != nil { @@ -219,6 +219,14 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp revision := revisions[i] + appNamespace := app.Spec.Destination.Namespace + apiVersions := argo.APIResourcesToStrings(apiResources, true) + if !sendRuntimeState { + appNamespace = "" + apiVersions = nil + serverVersion = "" + } + if !source.IsHelm() && syncedRevision != "" && keyManifestGenerateAnnotationExists && keyManifestGenerateAnnotationVal != "" { // Validate the manifest-generate-path annotation to avoid generating manifests if it has not changed. updateRevisionResult, err := repoClient.UpdateRevisionForPaths(context.Background(), &apiclient.UpdateRevisionForPathsRequest{ @@ -229,10 +237,10 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp Paths: path.GetAppRefreshPaths(app), AppLabelKey: appLabelKey, AppName: app.InstanceName(m.namespace), - Namespace: app.Spec.Destination.Namespace, + Namespace: appNamespace, ApplicationSource: &source, KubeVersion: serverVersion, - ApiVersions: argo.APIResourcesToStrings(apiResources, true), + ApiVersions: apiVersions, TrackingMethod: string(argo.GetTrackingMethod(m.settingsMgr)), RefSources: refSources, HasMultipleSources: app.Spec.HasMultipleSources(), @@ -263,11 +271,11 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp NoRevisionCache: noRevisionCache, AppLabelKey: appLabelKey, AppName: app.InstanceName(m.namespace), - Namespace: app.Spec.Destination.Namespace, + Namespace: appNamespace, ApplicationSource: &source, KustomizeOptions: kustomizeOptions, KubeVersion: serverVersion, - ApiVersions: argo.APIResourcesToStrings(apiResources, true), + ApiVersions: apiVersions, VerifySignature: verifySignature, HelmRepoCreds: permittedHelmCredentials, TrackingMethod: string(argo.GetTrackingMethod(m.settingsMgr)), @@ -309,6 +317,39 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp return targetObjs, manifestInfos, revisionUpdated, nil } +// ResolveGitRevision will resolve the given revision to a full commit SHA. Only works for git. +func (m *appStateManager) ResolveGitRevision(repoURL string, revision string) (string, error) { + conn, repoClient, err := m.repoClientset.NewRepoServerClient() + if err != nil { + return "", fmt.Errorf("failed to connect to repo server: %w", err) + } + defer io.Close(conn) + + repo, err := m.db.GetRepository(context.Background(), repoURL, "") + if err != nil { + return "", fmt.Errorf("failed to get repo %q: %w", repoURL, err) + } + + // Mock the app. The repo-server only needs to know whether the "chart" field is populated. + app := &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{ + RepoURL: repoURL, + TargetRevision: revision, + }, + }, + } + resp, err := repoClient.ResolveRevision(context.Background(), &apiclient.ResolveRevisionRequest{ + Repo: repo, + App: app, + AmbiguousRevision: revision, + }) + if err != nil { + return "", fmt.Errorf("failed to determine whether the dry source has changed: %w", err) + } + return resp.Revision, nil +} + func unmarshalManifests(manifests []string) ([]*unstructured.Unstructured, error) { targetObjs := make([]*unstructured.Unstructured, 0) for _, manifest := range manifests { @@ -437,23 +478,24 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 // return unknown comparison result if basic comparison settings cannot be loaded if err != nil { + now := metav1.Now() if hasMultipleSources { return &comparisonResult{ syncStatus: &v1alpha1.SyncStatus{ - ComparedTo: v1alpha1.ComparedTo{Destination: app.Spec.Destination, Sources: sources, IgnoreDifferences: app.Spec.IgnoreDifferences}, + ComparedTo: app.Spec.BuildComparedToStatus(), Status: v1alpha1.SyncStatusCodeUnknown, Revisions: revisions, }, - healthStatus: &v1alpha1.HealthStatus{Status: health.HealthStatusUnknown}, + healthStatus: &v1alpha1.HealthStatus{Status: health.HealthStatusUnknown, LastTransitionTime: &now}, }, nil } else { return &comparisonResult{ syncStatus: &v1alpha1.SyncStatus{ - ComparedTo: v1alpha1.ComparedTo{Source: sources[0], Destination: app.Spec.Destination, IgnoreDifferences: app.Spec.IgnoreDifferences}, + ComparedTo: app.Spec.BuildComparedToStatus(), Status: v1alpha1.SyncStatusCodeUnknown, Revision: revisions[0], }, - healthStatus: &v1alpha1.HealthStatus{Status: health.HealthStatusUnknown}, + healthStatus: &v1alpha1.HealthStatus{Status: health.HealthStatusUnknown, LastTransitionTime: &now}, }, nil } } @@ -489,10 +531,10 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } } - targetObjs, manifestInfos, revisionUpdated, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, rollback) + targetObjs, manifestInfos, revisionUpdated, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, rollback, true) if err != nil { targetObjs = make([]*unstructured.Unstructured, 0) - msg := fmt.Sprintf("Failed to load target state: %s", err.Error()) + msg := "Failed to load target state: " + err.Error() conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) if firstSeen, ok := m.repoErrorCache.Load(app.Name); ok { if time.Since(firstSeen.(time.Time)) <= m.repoErrorGracePeriod && !noRevisionCache { @@ -522,7 +564,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 targetObjs, err = unmarshalManifests(localManifests) if err != nil { targetObjs = make([]*unstructured.Unstructured, 0) - msg := fmt.Sprintf("Failed to load local manifests: %s", err.Error()) + msg := "Failed to load local manifests: " + err.Error() conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) failedToLoadObjs = true } @@ -539,7 +581,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } targetObjs, dedupConditions, err := DeduplicateTargetObjects(app.Spec.Destination.Namespace, targetObjs, infoProvider) if err != nil { - msg := fmt.Sprintf("Failed to deduplicate target state: %s", err.Error()) + msg := "Failed to deduplicate target state: " + err.Error() conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) } conditions = append(conditions, dedupConditions...) @@ -567,7 +609,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 liveObjByKey, err := m.liveStateCache.GetManagedLiveObjs(app, targetObjs) if err != nil { liveObjByKey = make(map[kubeutil.ResourceKey]*unstructured.Unstructured) - msg := fmt.Sprintf("Failed to load live state: %s", err.Error()) + msg := "Failed to load live state: " + err.Error() conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) failedToLoadObjs = true } @@ -719,7 +761,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 if err != nil { diffResults = &diff.DiffResultList{} failedToLoadObjs = true - msg := fmt.Sprintf("Failed to compare desired state to live state: %s", err.Error()) + msg := "Failed to compare desired state to live state: " + err.Error() conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) } ts.AddCheckpoint("diff_ms") @@ -861,7 +903,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 healthStatus, err := setApplicationHealth(managedResources, resourceSummaries, resourceOverrides, app, m.persistResourceHealth) if err != nil { - conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: fmt.Sprintf("error setting app health: %s", err.Error()), LastTransitionTime: &now}) + conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: "error setting app health: " + err.Error(), LastTransitionTime: &now}) } // Git has already performed the signature verification via its GPG interface, and the result is available diff --git a/controller/state_test.go b/controller/state_test.go index 658e72224aeb9..2efc51718f9ef 100644 --- a/controller/state_test.go +++ b/controller/state_test.go @@ -715,6 +715,44 @@ func TestSetHealth(t *testing.T) { require.NoError(t, err) assert.Equal(t, health.HealthStatusHealthy, compRes.healthStatus.Status) + assert.False(t, compRes.healthStatus.LastTransitionTime.IsZero()) +} + +func TestPreserveStatusTimestamp(t *testing.T) { + timestamp := metav1.Now() + app := newFakeAppWithHealthAndTime(health.HealthStatusHealthy, timestamp) + deployment := kube.MustToUnstructured(&v1.Deployment{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "apps/v1", + Kind: "Deployment", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "demo", + Namespace: "default", + }, + }) + ctrl := newFakeController(&fakeData{ + apps: []runtime.Object{app, &defaultProj}, + manifestResponse: &apiclient.ManifestResponse{ + Manifests: []string{}, + Namespace: test.FakeDestNamespace, + Server: test.FakeClusterURL, + Revision: "abc123", + }, + managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{ + kube.GetResourceKey(deployment): deployment, + }, + }, nil) + + sources := make([]argoappv1.ApplicationSource, 0) + sources = append(sources, app.Spec.GetSource()) + revisions := make([]string, 0) + revisions = append(revisions, "") + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) + require.NoError(t, err) + + assert.Equal(t, health.HealthStatusHealthy, compRes.healthStatus.Status) + assert.Equal(t, timestamp, *compRes.healthStatus.LastTransitionTime) } func TestSetHealthSelfReferencedApp(t *testing.T) { @@ -752,6 +790,7 @@ func TestSetHealthSelfReferencedApp(t *testing.T) { require.NoError(t, err) assert.Equal(t, health.HealthStatusHealthy, compRes.healthStatus.Status) + assert.False(t, compRes.healthStatus.LastTransitionTime.IsZero()) } func TestSetManagedResourcesWithOrphanedResources(t *testing.T) { @@ -827,6 +866,7 @@ func TestReturnUnknownComparisonStateOnSettingLoadError(t *testing.T) { require.NoError(t, err) assert.Equal(t, health.HealthStatusUnknown, compRes.healthStatus.Status) + assert.False(t, compRes.healthStatus.LastTransitionTime.IsZero()) assert.Equal(t, argoappv1.SyncStatusCodeUnknown, compRes.syncStatus.Status) } diff --git a/controller/sync.go b/controller/sync.go index dcbb768a79be8..fc1aeb19246e5 100644 --- a/controller/sync.go +++ b/controller/sync.go @@ -117,7 +117,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha if syncOp.SyncOptions.HasOption("FailOnSharedResource=true") && hasSharedResource { state.Phase = common.OperationFailed - state.Message = fmt.Sprintf("Shared resource found: %s", sharedResourceMessage) + state.Message = "Shared resource found: " + sharedResourceMessage return } @@ -625,7 +625,7 @@ func deriveServiceAccountToImpersonate(project *v1alpha1.AppProject, application return "", fmt.Errorf("default service account contains invalid chars '%s'", item.DefaultServiceAccount) } else if strings.Contains(item.DefaultServiceAccount, ":") { // service account is specified along with its namespace. - return fmt.Sprintf("system:serviceaccount:%s", item.DefaultServiceAccount), nil + return "system:serviceaccount:" + item.DefaultServiceAccount, nil } else { // service account needs to be prefixed with a namespace return fmt.Sprintf("system:serviceaccount:%s:%s", serviceAccountNamespace, item.DefaultServiceAccount), nil diff --git a/controller/sync_test.go b/controller/sync_test.go index a553fd3e37cf7..5560ffc2ec971 100644 --- a/controller/sync_test.go +++ b/controller/sync_test.go @@ -56,7 +56,7 @@ func TestPersistRevisionHistory(t *testing.T) { updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Get(context.Background(), app.Name, v1.GetOptions{}) require.NoError(t, err) - assert.Len(t, updatedApp.Status.History, 1) + require.Len(t, updatedApp.Status.History, 1) assert.Equal(t, app.Spec.GetSource(), updatedApp.Status.History[0].Source) assert.Equal(t, "abc123", updatedApp.Status.History[0].Revision) } diff --git a/controller/testdata/job-failed-ignore-healthcheck.yaml b/controller/testdata/job-failed-ignore-healthcheck.yaml new file mode 100644 index 0000000000000..62a952203bd12 --- /dev/null +++ b/controller/testdata/job-failed-ignore-healthcheck.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + argocd.argoproj.io/ignore-healthcheck: "true" + labels: + job-name: fail + name: fail + namespace: argoci-workflows + selfLink: /apis/batch/v1/namespaces/argoci-workflows/jobs/fail +spec: + backoffLimit: 0 + completions: 1 + parallelism: 1 + template: + metadata: + creationTimestamp: null + labels: + job-name: fail + spec: + containers: + - command: + - sh + - -c + - exit 1 + image: alpine:latest + imagePullPolicy: Always + name: fail + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Never + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 diff --git a/controller/utils/log.go b/controller/utils/log.go new file mode 100644 index 0000000000000..3c5a244e73e6e --- /dev/null +++ b/controller/utils/log.go @@ -0,0 +1,17 @@ +package utils + +import ( + "github.com/sirupsen/logrus" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +// GetAppLog returns a logrus entry with fields set for the given application. +func GetAppLog(app *v1alpha1.Application) *logrus.Entry { + return logrus.WithFields(logrus.Fields{ + "application": app.Name, + "app-namespace": app.Namespace, + "app-qualified-name": app.QualifiedName(), + "project": app.Spec.Project, + }) +} diff --git a/docs/assets/identity-center-1.png b/docs/assets/identity-center-1.png index 0cd49528d90f7..1e308dd461b32 100644 Binary files a/docs/assets/identity-center-1.png and b/docs/assets/identity-center-1.png differ diff --git a/docs/assets/keycloak-add-client-pkce_2.png b/docs/assets/keycloak-add-client-pkce_2.png new file mode 100644 index 0000000000000..eaade14737813 Binary files /dev/null and b/docs/assets/keycloak-add-client-pkce_2.png differ diff --git a/docs/assets/keycloak-authentication-successful.png b/docs/assets/keycloak-authentication-successful.png new file mode 100644 index 0000000000000..7745773967026 Binary files /dev/null and b/docs/assets/keycloak-authentication-successful.png differ diff --git a/docs/assets/keycloak-configure-client-pkce.png b/docs/assets/keycloak-configure-client-pkce.png new file mode 100644 index 0000000000000..6b6e50cefc8c1 Binary files /dev/null and b/docs/assets/keycloak-configure-client-pkce.png differ diff --git a/docs/assets/keycloak-configure-client-pkce_2.png b/docs/assets/keycloak-configure-client-pkce_2.png new file mode 100644 index 0000000000000..ca9ec13c49600 Binary files /dev/null and b/docs/assets/keycloak-configure-client-pkce_2.png differ diff --git a/docs/assets/keycloak-configure-client.png b/docs/assets/keycloak-configure-client.png index cd711dfd602bf..9f967dc33ab0b 100644 Binary files a/docs/assets/keycloak-configure-client.png and b/docs/assets/keycloak-configure-client.png differ diff --git a/docs/developer-guide/toolchain-guide.md b/docs/developer-guide/toolchain-guide.md index 9bba72b456f71..c767acb2bafd3 100644 --- a/docs/developer-guide/toolchain-guide.md +++ b/docs/developer-guide/toolchain-guide.md @@ -16,7 +16,7 @@ If you want to submit a PR, please read this document carefully, as it contains As is the case with the development process, this document is under constant change. If you notice any error, or if you think this document is out-of-date, or if you think it is missing something: Feel free to submit a PR or submit a bug to our GitHub issue tracker. -If you need guidance with submitting a PR, or have any other questions regarding development of Argo CD, do not hesitate to [join our Slack](https://argoproj.github.io/community/join-slack) and get in touch with us in the `#argo-contributors` channel! +If you need guidance with submitting a PR, or have any other questions regarding development of Argo CD, do not hesitate to [join our Slack](https://argoproj.github.io/community/join-slack) and get in touch with us in the `#argo-cd-contributors` channel! ## Before you start diff --git a/docs/faq.md b/docs/faq.md index e98ca95f556b6..44c3e25902c82 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -151,10 +151,10 @@ The default polling interval is 3 minutes (180 seconds) with a configurable jitt You can change the setting by updating the `timeout.reconciliation` value and the `timeout.reconciliation.jitter` in the [argocd-cm](https://github.com/argoproj/argo-cd/blob/2d6ce088acd4fb29271ffb6f6023dbb27594d59b/docs/operator-manual/argocd-cm.yaml#L279-L282) config map. If there are any Git changes, Argo CD will only update applications with the [auto-sync setting](user-guide/auto_sync.md) enabled. If you set it to `0` then Argo CD will stop polling Git repositories automatically and you can only use alternative methods such as [webhooks](operator-manual/webhook.md) and/or manual syncs for deploying applications. -## Why Are My Resource Limits `Out Of Sync`? +## Why is my ArgoCD application `Out Of Sync` when there are no actual changes to the resource limits (or other fields with unit values)? -Kubernetes has normalized your resource limits when they are applied, and then Argo CD has then compared the version in -your generated manifests to the normalized one is Kubernetes - they won't match. +Kubernetes has normalized your resource limits when they are applied, and then Argo CD has compared the version in +your generated manifests from git to the normalized ones in the Kubernetes cluster - they may not match. E.g. @@ -162,9 +162,9 @@ E.g. * `'0.1'` normalized to `'100m'` * `'3072Mi'` normalized to `'3Gi'` * `3072` normalized to `'3072'` (quotes added) +* `8760h` normalized to `8760h0m0s` -To fix this use diffing -customizations [settings](./user-guide/diffing.md#known-kubernetes-types-in-crds-resource-limits-volume-mounts-etc). +To fix this use [diffing customizations](./user-guide/diffing.md#known-kubernetes-types-in-crds-resource-limits-volume-mounts-etc). ## How Do I Fix `invalid cookie, longer than max length 4093`? diff --git a/docs/getting_started.md b/docs/getting_started.md index 74623e3f08209..596251b3c28b0 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -160,7 +160,7 @@ argocd app create guestbook --repo https://github.com/argoproj/argocd-example-ap ### Creating Apps Via UI -Open a browser to the Argo CD external UI, and login by visiting the IP/hostname in a browser and use the credentials set in step 4. +Open a browser to the Argo CD external UI, and login by visiting the IP/hostname in a browser and use the credentials set in step 4 or locally as explained in [Try Argo CD Locally](try_argo_cd_locally.md). After logging in, click the **+ New App** button as shown below: diff --git a/docs/index.md b/docs/index.md index ddb17c2bdc36a..05a506395df21 100644 --- a/docs/index.md +++ b/docs/index.md @@ -40,7 +40,7 @@ the desired application state. Kubernetes manifests can be specified in several * Any custom config management tool configured as a config management plugin Argo CD automates the deployment of the desired application states in the specified target environments. -Application deployments can track updates to branches, tags, or pinned to a specific version of +Application deployments can track updates to branches, tags, or be pinned to a specific version of manifests at a Git commit. See [tracking strategies](user-guide/tracking_strategies.md) for additional details about the different tracking strategies available. diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml index 051ca6a1755e3..b38d7fddd50c5 100644 --- a/docs/operator-manual/application.yaml +++ b/docs/operator-manual/application.yaml @@ -85,6 +85,9 @@ spec: # Skip custom resource definition installation if chart contains custom resource definitions. Defaults to false skipCrds: false + + # Skip schema validation if chart contains JSON schema validation. Defaults to false + skipSchemaValidation: false # Optional Helm version to template with. If omitted it will fall back to look at the 'apiVersion' in Chart.yaml # and decide which Helm binary to use automatically. This field can be either 'v2' or 'v3'. diff --git a/docs/operator-manual/applicationset/Application-Deletion.md b/docs/operator-manual/applicationset/Application-Deletion.md index b59a556ec7f40..2f13ccb1add71 100644 --- a/docs/operator-manual/applicationset/Application-Deletion.md +++ b/docs/operator-manual/applicationset/Application-Deletion.md @@ -8,7 +8,7 @@ All `Application` resources created by the ApplicationSet controller (from an Ap The end result is that when an ApplicationSet is deleted, the following occurs (in rough order): - The `ApplicationSet` resource itself is deleted -- Any `Application` resources that were created from this `ApplicationSet` (as identified by owner reference) +- Any `Application` resources that were created from this `ApplicationSet` (as identified by owner reference) will be deleted - Any deployed resources (`Deployments`, `Services`, `ConfigMaps`, etc) on the managed cluster, that were created from that `Application` resource (by Argo CD), will be deleted. - Argo CD is responsible for handling this deletion, via [the deletion finalizer](../../../user-guide/app_deletion/#about-the-deletion-finalizer). - To preserve deployed resources, set `.syncPolicy.preserveResourcesOnDeletion` to true in the ApplicationSet. @@ -26,4 +26,4 @@ kubectl delete ApplicationSet (NAME) --cascade=orphan !!! warning Even if using a non-cascaded delete, the `resources-finalizer.argocd.argoproj.io` is still specified on the `Application`. Thus, when the `Application` is deleted, all of its deployed resources will also be deleted. (The lifecycle of the Application, and its *child* objects, are still equivalent.) - To prevent the deletion of the resources of the Application, such as Services, Deployments, etc, set `.syncPolicy.preserveResourcesOnDeletion` to true in the ApplicationSet. This syncPolicy parameter prevents the finalizer from being added to the Application. \ No newline at end of file + To prevent the deletion of the resources of the Application, such as Services, Deployments, etc, set `.syncPolicy.preserveResourcesOnDeletion` to true in the ApplicationSet. This syncPolicy parameter prevents the finalizer from being added to the Application. diff --git a/docs/operator-manual/applicationset/Generators-Post-Selector.md b/docs/operator-manual/applicationset/Generators-Post-Selector.md index 5a07cf1db425c..03959175893cb 100644 --- a/docs/operator-manual/applicationset/Generators-Post-Selector.md +++ b/docs/operator-manual/applicationset/Generators-Post-Selector.md @@ -40,12 +40,12 @@ spec: - cluster: engineering-prod url: https://kubernetes.default.svc env: prod - selector: - matchExpressions: - - key: env - operator: In - values: - - staging + selector: + matchExpressions: + - key: env + operator: In + values: + - staging ``` Valid `operators` include `In`, `NotIn`, `Exists`, and `DoesNotExist`. The `values` set must be non-empty in the case of `In` and `NotIn`. diff --git a/docs/operator-manual/argocd-cm.yaml b/docs/operator-manual/argocd-cm.yaml index e00c2f420d240..68b4c0c7302b9 100644 --- a/docs/operator-manual/argocd-cm.yaml +++ b/docs/operator-manual/argocd-cm.yaml @@ -432,7 +432,7 @@ data: name: some-cluster server: https://some-cluster # The maximum size of the payload that can be sent to the webhook server. - webhook.maxPayloadSizeMB: "1024" + webhook.maxPayloadSizeMB: "50" # application.sync.impersonation.enabled enables application sync to use a custom service account, via impersonation. This allows decoupling sync from control-plane service account. application.sync.impersonation.enabled: "false" diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index 37aaadd12a4d4..72136ae03d072 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -9,6 +9,9 @@ data: # Repo server address. (default "argocd-repo-server:8081") repo.server: "argocd-repo-server:8081" + # Commit server address. (default "argocd-commit-server:8086") + commit.server: "argocd-commit-server:8086" + # Redis server hostname and port (e.g. argocd-redis:6379) redis.server: "argocd-redis:6379" # Enable compression for data sent to Redis with the required compression algorithm. (default 'gzip') @@ -16,6 +19,9 @@ data: # Redis database redis.db: + # Enables the alpha "manifest hydrator" feature. (default "false") + hydrator.enabled: "false" + # Open-Telemetry collector address: (e.g. "otel-collector:4317") otlp.address: "" # Open-Telemetry collector insecure: (e.g. "true") @@ -51,6 +57,8 @@ data: controller.self.heal.timeout.seconds: "2" controller.self.heal.backoff.factor: "3" controller.self.heal.backoff.cap.seconds: "300" + # Specifies a sync timeout for applications. "0" means no timeout (default "0") + controller.sync.timeout.seconds: "0" # Cache expiration for app state (default 1h0m0s) controller.app.state.cache.expiration: "1h0m0s" @@ -127,8 +135,8 @@ data: server.tls.minversion: "1.2" # The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") server.tls.maxversion: "1.3" - # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") - server.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" + # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") + server.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" # Cache expiration for cluster/repo connection status (default 1h0m0s) server.connection.status.cache.expiration: "1h0m0s" # Cache expiration for OIDC state (default 3m0s) @@ -161,8 +169,8 @@ data: reposerver.tls.minversion: "1.2" # The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") reposerver.tls.maxversion: "1.3" - # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") - reposerver.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" + # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") + reposerver.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" # Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s) reposerver.repo.cache.expiration: "24h0m0s" # Cache expiration default (default 24h0m0s) @@ -193,6 +201,15 @@ data: # Include hidden directories from Git reposerver.include.hidden.directories: "false" + ## Commit-server properties + # Listen on given address for incoming connections (default "0.0.0.0") + commitserver.listen.address: "0.0.0.0" + # Set the logging format. One of: text|json (default "text") + commitserver.log.format: "text" + # Set the logging level. One of: debug|info|warn|error (default "info") + commitserver.log.level: "info" + # Listen on given address for metrics (default "0.0.0.0") + commitserver.metrics.listen.address: "0.0.0.0" # Set the logging format. One of: text|json (default "text") dexserver.log.format: "text" diff --git a/docs/operator-manual/custom_tools.md b/docs/operator-manual/custom_tools.md index e94a1d5ac6d03..d23b0a23fa638 100644 --- a/docs/operator-manual/custom_tools.md +++ b/docs/operator-manual/custom_tools.md @@ -30,7 +30,7 @@ the helm binary with a different version than what is bundled in Argo CD: image: alpine:3.8 command: [sh, -c] args: - - wget -qO- https://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz | tar -xvzf - && + - wget -qO- https://get.helm.sh/helm-v2.12.3-linux-amd64.tar.gz | tar -xvzf - && mv linux-amd64/helm /custom-tools/ volumeMounts: - mountPath: /custom-tools diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index d3b93d27c1601..4e58422ab276d 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -71,6 +71,7 @@ See [application.yaml](application.yaml) for additional fields. As long as you h ```yaml spec: + project: default source: repoURL: https://argoproj.github.io/argo-helm chart: argo diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index c034157e7f22e..ffce008b1f192 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -229,3 +229,16 @@ App (healthy) └── CustomResource (healthy) <- This resource's health check needs to be fixed to mark the App as unhealthy └── CustomChildResource (unhealthy) ``` +## Ignoring Child Resource Health Check in Applications + +To ignore the health check of an immediate child resource within an Application, set the annotation `argocd.argoproj.io/ignore-healthcheck` to `true`. For example: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + argocd.argoproj.io/ignore-healthcheck: "true" +``` + +By doing this, the health status of the Deployment will not affect the health of its parent Application. \ No newline at end of file diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index ddcce80fab25a..98e8a709f8852 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -130,6 +130,15 @@ stringData: count (grouped by k8s api version, the granule of parallelism for list operations). In this case, all resources will be buffered in memory -- no api server request will be blocked by processing. +* `ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING` - environment variable that enables the controller to collect events + for Kubernetes resources and process them in a batch. This is useful when the cluster contains a large number of resources, + and the controller is overwhelmed by the number of events. The default value is `false`, which means that the controller + processes events one by one. + +* `ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING_INTERVAL` - environment variable controlling the interval for processing events in a batch. + The valid value is in the format of Go time duration string, e.g. `1ms`, `1s`, `1m`, `1h`. The default value is `100ms`. + The variable is used only when `ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING` is set to `true`. + * `ARGOCD_APPLICATION_TREE_SHARD_SIZE` - environment variable controlling the max number of resources stored in one Redis key. Splitting application tree into multiple keys helps to reduce the amount of traffic between the controller and Redis. The default value is 0, which means that the application tree is stored in a single Redis key. The reasonable value is 100. diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index 652458c32f093..b3a477252feec 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -415,7 +415,7 @@ apiVersion: v1 kind: Service metadata: annotations: - alb.ingress.kubernetes.io/backend-protocol-version: HTTP2 #This tells AWS to send traffic from the ALB using HTTP2. Can use GRPC as well if you want to leverage GRPC specific features + alb.ingress.kubernetes.io/backend-protocol-version: GRPC # This tells AWS to send traffic from the ALB using GRPC. Plain HTTP2 can be used, but the health checks wont be available because argo currently downgrade non-grpc calls to HTTP1 labels: app: argogrpc name: argogrpc @@ -454,7 +454,7 @@ Once we create this service, we can configure the Ingress to conditionally route - path: / backend: service: - name: argogrpc + name: argogrpc # The grpc service must be placed before the argocd-server for the listening rules to be created in the correct order port: number: 443 pathType: Prefix diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index 02a490998307a..deb6037aab94c 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -11,6 +11,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | `argocd_app_condition` | gauge | Report Applications conditions. It contains the conditions currently present in the application status. | | `argocd_app_k8s_request_total` | counter | Number of Kubernetes requests executed during application reconciliation | | `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. | +| `argocd_app_orphaned_resources_count` | gauge | Number of orphaned resources per application. | | `argocd_app_reconcile` | histogram | Application reconciliation performance in seconds. | | `argocd_app_sync_total` | counter | Counter for application sync history | | `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. | @@ -23,6 +24,8 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | `argocd_kubectl_exec_total` | counter | Number of kubectl executions | | `argocd_redis_request_duration` | histogram | Redis requests duration. | | `argocd_redis_request_total` | counter | Number of redis requests executed during application reconciliation | +| `argocd_resource_events_processing` | histogram | Time to process resource events in batch in seconds | +| `argocd_resource_events_processed_in_batch` | gauge | Number of resource events processed in batch | If you use Argo CD with many application and project creation and deletion, the metrics page will keep in cache your application and project's history. @@ -128,6 +131,20 @@ Scraped at the `argocd-repo-server:8084/metrics` endpoint. | `argocd_redis_request_total` | counter | Number of Kubernetes requests executed during application reconciliation. | | `argocd_repo_pending_request_total` | gauge | Number of pending requests requiring repository lock | +## Commit Server Metrics + +Metrics about the Commit Server. +Scraped at the `argocd-commit-server:8087/metrics` endpoint. + +| Metric | Type | Description | +|---------------------------------------------------------|:---------:|------------------------------------------------------| +| `argocd_commitserver_commit_pending_request_total` | guage | Number of pending commit requests. | +| `argocd_commitserver_git_request_duration_seconds` | histogram | Git requests duration seconds. | +| `argocd_commitserver_git_request_total` | counter | Number of git requests performed by commit server | +| `argocd_commitserver_commit_request_duration_seconds` | histogram | Commit requests duration seconds. | +| `argocd_commitserver_userinfo_request_duration_seconds` | histogram | Userinfo requests duration seconds. | +| `argocd_commitserver_commit_request_total` | counter | Number of commit requests performed by commit server | + ## Prometheus Operator If using Prometheus Operator, the following ServiceMonitor example manifests can be used. diff --git a/docs/operator-manual/notifications/templates.md b/docs/operator-manual/notifications/templates.md index 1d80f20953b24..2cba2ad09e901 100644 --- a/docs/operator-manual/notifications/templates.md +++ b/docs/operator-manual/notifications/templates.md @@ -57,7 +57,7 @@ kind: Secret metadata: name: argocd-notifications-secret stringData: - sampleWebhookToken: secret-token + sampleWebhookToken: secret-token type: Opaque ``` @@ -112,7 +112,7 @@ You can change the timezone to show in notifications as follows. ## Functions -Templates have access to the set of built-in functions: +Templates have access to the set of built-in functions such as the functions of the [Sprig](https://masterminds.github.io/sprig/) package ```yaml apiVersion: v1 diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index 63e71c67f001c..9b7775a65e3e5 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -42,7 +42,7 @@ The anonymous access to Argo CD can be enabled using the `users.anonymous.enable ## RBAC Model Structure -The model syntax is based on [Casbin](https://casbin.org/docs/overview). There are two different types of syntax: one for assigning policies, and another one for assigning users to internal roles. +The model syntax is based on [Casbin](https://casbin.org/docs/overview) (an open source ACL/ACLs). There are two different types of syntax: one for assigning policies, and another one for assigning users to internal roles. **Group**: Allows to assign authenticated users/groups to internal roles. diff --git a/docs/operator-manual/resource_actions.md b/docs/operator-manual/resource_actions.md index 0a4ea2cb3936a..8de2984ce0588 100644 --- a/docs/operator-manual/resource_actions.md +++ b/docs/operator-manual/resource_actions.md @@ -80,7 +80,7 @@ The `discovery.lua` script must return a table where the key name represents the Each action name must be represented in the list of `definitions` with an accompanying `action.lua` script to control the resource modifications. The `obj` is a global variable which contains the resource. Each action script returns an optionally modified version of the resource. In this example, we are simply setting `.spec.suspend` to either `true` or `false`. -By default, defining a resource action customization will override any built-in action for this resource kind. If you want to retain the built-in actions, you can set the `mergeBuiltinActions` key to `true`. Your custom actions will have precedence over the built-in actions. +By default, defining a resource action customization will override any built-in action for this resource kind. As of Argo CD version 2.13.0, if you want to retain the built-in actions, you can set the `mergeBuiltinActions` key to `true`. Your custom actions will have precedence over the built-in actions. ```yaml resource.customizations.actions.argoproj.io_Rollout: | mergeBuiltinActions: true @@ -202,4 +202,4 @@ resource.customizations.actions.ConfigMap: | result[1] = impactedResource1 result[2] = impactedResource2 return result -``` \ No newline at end of file +``` diff --git a/docs/operator-manual/server-commands/argocd-application-controller.md b/docs/operator-manual/server-commands/argocd-application-controller.md index 07fd9e545c8d4..4eabca77d167f 100644 --- a/docs/operator-manual/server-commands/argocd-application-controller.md +++ b/docs/operator-manual/server-commands/argocd-application-controller.md @@ -27,6 +27,7 @@ argocd-application-controller [flags] --client-certificate string Path to a client certificate file for TLS --client-key string Path to a client key file for TLS --cluster string The name of the kubeconfig cluster to use + --commit-server string Commit server address. (default "argocd-commit-server:8086") --context string The name of the kubeconfig context to use --default-cache-expiration duration Cache expiration default (default 24h0m0s) --disable-compression If true, opt-out of response compression for all requests to the server @@ -34,6 +35,7 @@ argocd-application-controller [flags] --enable-k8s-event none Enable ArgoCD to use k8s event. For disabling all events, set the value as none. (e.g --enable-k8s-event=none), For enabling specific events, set the value as `event reason`. (e.g --enable-k8s-event=StatusRefreshed,ResourceCreated) (default [all]) --gloglevel int Set the glog logging level -h, --help help for argocd-application-controller + --hydrator-enabled Feature flag to enable Hydrator. Default ("false") --ignore-normalizer-jq-execution-timeout-seconds duration Set ignore normalizer JQ execution timeout --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure --kubeconfig string Path to a kube config. Only required if out-of-cluster @@ -77,6 +79,7 @@ argocd-application-controller [flags] --server-side-diff-enabled Feature flag to enable ServerSide diff. Default ("false") --sharding-method string Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin, consistent-hashing] (default "legacy") --status-processors int Number of application status processors (default 20) + --sync-timeout int Specifies the timeout after which a sync would be terminated. 0 means no timeout (default 0). --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index 0fe1e2d3ca45e..fe284a5940733 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -55,6 +55,7 @@ argocd-server [flags] --enable-proxy-extension Enable Proxy Extension feature --gloglevel int Set the glog logging level -h, --help help for argocd-server + --hydrator-enabled Feature flag to enable Hydrator. Default ("false") --insecure Run server without TLS --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure --kubeconfig string Path to a kube config. Only required if out-of-cluster diff --git a/docs/operator-manual/user-management/identity-center.md b/docs/operator-manual/user-management/identity-center.md index c4019964d7a4d..62d381aec73d5 100644 --- a/docs/operator-manual/user-management/identity-center.md +++ b/docs/operator-manual/user-management/identity-center.md @@ -10,10 +10,15 @@ A working Single Sign-On configuration using Identity Center (AWS SSO) has been ## SAML (with Dex) 1. Create a new SAML application in Identity Center and download the certificate. - * ![Identity Center SAML App 1](../../assets/identity-center-1.png) - * ![Identity Center SAML App 2](../../assets/identity-center-2.png) + +![Identity Center SAML App 1](../../assets/identity-center-1.png) + +![Identity Center SAML App 2](../../assets/identity-center-2.png) + 2. Click `Assign Users` after creating the application in Identity Center, and select the users or user groups you wish to grant access to this application. - * ![Identity Center SAML App 3](../../assets/identity-center-3.png) + +![Identity Center SAML App 3](../../assets/identity-center-3.png) + 3. Copy the Argo CD URL into the `data.url` field in the `argocd-cm` ConfigMap. data: @@ -24,15 +29,20 @@ A working Single Sign-On configuration using Identity Center (AWS SSO) has been !!! note "Group attribute mapping is not officially!" Group attribute mapping is not officially supported in the AWS docs, however the workaround is currently working. - * ![Identity Center SAML App 4](../../assets/identity-center-4.png) - * ![Identity Center SAML App 5](../../assets/identity-center-5.png) +![Identity Center SAML App 4](../../assets/identity-center-4.png) + +![Identity Center SAML App 5](../../assets/identity-center-5.png) 5. Download the CA certificate to use in the `argocd-cm` configuration. + * If using the `caData` field, you'll need to base64-encode the entire certificate, including the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` stanzas (e.g., `base64 my_cert.pem`). + * If using the `ca` field and storing the CA certificate separately as a secret, you will need to mount the secret onto the `dex` container in the `argocd-dex-server` Deployment. - * ![Identity Center SAML App 6](../../assets/identity-center-6.png) + +![Identity Center SAML App 6](../../assets/identity-center-6.png) + 6. Edit the `argocd-cm` and configure the `data.dex.config` section: @@ -60,6 +70,7 @@ dex.config: | ### Connect Identity Center Groups to Argo CD Roles + Argo CD recognizes user memberships in Identity Center groups that match the **Group Attribute Statements** regex. In the example above, the regex `argocd-*` is used, making Argo CD aware of a group named `argocd-admins`. diff --git a/docs/operator-manual/user-management/keycloak.md b/docs/operator-manual/user-management/keycloak.md index 10551321d976a..48eb86f511560 100644 --- a/docs/operator-manual/user-management/keycloak.md +++ b/docs/operator-manual/user-management/keycloak.md @@ -1,14 +1,23 @@ # Keycloak +Keycloak and ArgoCD integration can be configured in two ways with Client authentication and with PKCE. -# Integrating Keycloak and ArgoCD +If you need to authenticate with __argo-cd command line__, you must choose PKCE way. + +* [Keycloak and ArgoCD with Client authentication](#keycloak-and-argocd-with-client-authentication) +* [Keycloak and ArgoCD with PKCE](#keycloak-and-argocd-with-pkce) + +## Keycloak and ArgoCD with Client authentication + +These instructions will take you through the entire process of getting your ArgoCD application authenticating with Keycloak. -These instructions will take you through the entire process of getting your ArgoCD application authenticating with Keycloak. You will create a client within Keycloak and configure ArgoCD to use Keycloak for authentication, using groups set in Keycloak to determine privileges in Argo. -## Creating a new client in Keycloak +### Creating a new client in Keycloak + +First we need to setup a new client. -First we need to setup a new client. Start by logging into your keycloak server, select the realm you want to use (`master` by default) +Start by logging into your keycloak server, select the realm you want to use (`master` by default) and then go to __Clients__ and click the __Create client__ button at the top. ![Keycloak add client](../../assets/keycloak-add-client.png "Keycloak add client") @@ -19,62 +28,97 @@ Enable the __Client authentication__. Configure the client by setting the __Root URL__, __Web origins__, __Admin URL__ to the hostname (https://{hostname}). -Also you can set __Home URL__ to your _/applications_ path and __Valid Post logout redirect URIs__ to "+". +Also you can set __Home URL__ to _/applications_ path and __Valid Post logout redirect URIs__ to "https://{hostname}/applications". The Valid Redirect URIs should be set to https://{hostname}/auth/callback (you can also set the less secure https://{hostname}/* for testing/development purposes, but it's not recommended in production). ![Keycloak configure client](../../assets/keycloak-configure-client.png "Keycloak configure client") -Make sure to click __Save__. There should be a tab called __Credentials__. You can copy the Secret that we'll use in our ArgoCD -configuration. +Make sure to click __Save__. + +There should be a tab called __Credentials__. You can copy the Client Secret that we'll use in our ArgoCD configuration. ![Keycloak client secret](../../assets/keycloak-client-secret.png "Keycloak client secret") -## Configuring the groups claim +### Configuring ArgoCD OIDC -In order for ArgoCD to provide the groups the user is in we need to configure a groups claim that can be included in the authentication token. -To do this we'll start by creating a new __Client Scope__ called _groups_. +Let's start by storing the client secret you generated earlier in the argocd secret _argocd-secret_. -![Keycloak add scope](../../assets/keycloak-add-scope.png "Keycloak add scope") +You can patch it with value copied previously: +```bash +kubectl -n argo-cd patch secret argocd-secret --patch='{"stringData": { "oidc.keycloak.clientSecret": "" }}' +``` -Once you've created the client scope you can now add a Token Mapper which will add the groups claim to the token when the client requests -the groups scope. In the Tab "Mappers", click on "Configure a new mapper" and choose __Group Membership__. -Make sure to set the __Name__ as well as the __Token Claim Name__ to _groups_. Also disable the "Full group path". +Now we can configure the config map and add the oidc configuration to enable our keycloak authentication. +You can use `$ kubectl edit configmap argocd-cm`. -![Keycloak groups mapper](../../assets/keycloak-groups-mapper.png "Keycloak groups mapper") +Your ConfigMap should look like this: -We can now configure the client to provide the _groups_ scope. Go back to the client we've created earlier and go to the Tab "Client Scopes". -Click on "Add client scope", choose the _groups_ scope and add it either to the __Default__ or to the __Optional__ Client Scope. If you put it in the Optional -category you will need to make sure that ArgoCD requests the scope in its OIDC configuration. Since we will always want group information, I recommend -using the Default category. +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm +data: + url: https://argocd.example.com + oidc.config: | + name: Keycloak + issuer: https://keycloak.example.com/realms/master + clientID: argocd + clientSecret: $oidc.keycloak.clientSecret + requestedScopes: ["openid", "profile", "email", "groups"] +``` -![Keycloak client scope](../../assets/keycloak-client-scope.png "Keycloak client scope") +Make sure that: -Create a group called _ArgoCDAdmins_ and have your current user join the group. +- __issuer__ ends with the correct realm (in this example _master_) +- __issuer__ on Keycloak releases older than version 17 the URL must include /auth (in this example /auth/realms/master) +- __clientID__ is set to the Client ID you configured in Keycloak +- __clientSecret__ points to the right key you created in the _argocd-secret_ Secret +- __requestedScopes__ contains the _groups_ claim if you didn't add it to the Default scopes -![Keycloak user group](../../assets/keycloak-user-group.png "Keycloak user group") +## Keycloak and ArgoCD with PKCE -## Configuring ArgoCD OIDC +These instructions will take you through the entire process of getting your ArgoCD application authenticating with Keycloak. -Let's start by storing the client secret you generated earlier in the argocd secret _argocd-secret_. +You will create a client within Keycloak and configure ArgoCD to use Keycloak for authentication, using groups set in Keycloak +to determine privileges in Argo. -1. First you'll need to encode the client secret in base64: `$ echo -n '83083958-8ec6-47b0-a411-a8c55381fbd2' | base64` -2. Then you can edit the secret and add the base64 value to a new key called _oidc.keycloak.clientSecret_ using `$ kubectl edit secret argocd-secret`. - -Your Secret should look something like this: +You will also be able to authenticate using argo-cd command line. -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: argocd-secret -data: - ... - oidc.keycloak.clientSecret: ODMwODM5NTgtOGVjNi00N2IwLWE0MTEtYThjNTUzODFmYmQy - ... -``` +### Creating a new client in Keycloak + +First we need to setup a new client. +Start by logging into your keycloak server, select the realm you want to use (`master` by default) +and then go to __Clients__ and click the __Create client__ button at the top. + +![Keycloak add client](../../assets/keycloak-add-client.png "Keycloak add client") + +Leave default values. + +![Keycloak add client Step 2](../../assets/keycloak-add-client-pkce_2.png "Keycloak add client Step 2") + +Configure the client by setting the __Root URL__, __Web origins__, __Admin URL__ to the hostname (https://{hostname}). + +Also you can set __Home URL__ to _/applications_ path and __Valid Post logout redirect URIs__ to "https://{hostname}/applications". + +The Valid Redirect URIs should be set to: +- http://localhost:8085/auth/callback (needed for argo-cd cli, depends on value from [--sso-port](../../user-guide/commands/argocd_login.md)) +- https://{hostname}/auth/callback +- https://{hostname}/pkce/verify + +![Keycloak configure client](../../assets/keycloak-configure-client-pkce.png "Keycloak configure client") + +Make sure to click __Save__. + +Now go to a tab called __Advanced__, look for parameter named __Proof Key for Code Exchange Code Challenge Method__ and set it to __S256__ + +![Keycloak configure client Step 2](../../assets/keycloak-configure-client-pkce_2.png "Keycloak configure client Step 2") +Make sure to click __Save__. + +### Configuring ArgoCD OIDC Now we can configure the config map and add the oidc configuration to enable our keycloak authentication. You can use `$ kubectl edit configmap argocd-cm`. @@ -91,7 +135,7 @@ data: name: Keycloak issuer: https://keycloak.example.com/realms/master clientID: argocd - clientSecret: $oidc.keycloak.clientSecret + enablePKCEAuthentication: true requestedScopes: ["openid", "profile", "email", "groups"] ``` @@ -100,10 +144,44 @@ Make sure that: - __issuer__ ends with the correct realm (in this example _master_) - __issuer__ on Keycloak releases older than version 17 the URL must include /auth (in this example /auth/realms/master) - __clientID__ is set to the Client ID you configured in Keycloak -- __clientSecret__ points to the right key you created in the _argocd-secret_ Secret +- __enablePKCEAuthentication__ must be set to true to enable correct ArgoCD behaviour with PKCE - __requestedScopes__ contains the _groups_ claim if you didn't add it to the Default scopes -## Configuring ArgoCD Policy +## Configuring the groups claim + +In order for ArgoCD to provide the groups the user is in we need to configure a groups claim that can be included in the authentication token. + +To do this we'll start by creating a new __Client Scope__ called _groups_. + +![Keycloak add scope](../../assets/keycloak-add-scope.png "Keycloak add scope") + +Once you've created the client scope you can now add a Token Mapper which will add the groups claim to the token when the client requests +the groups scope. + +In the Tab "Mappers", click on "Configure a new mapper" and choose __Group Membership__. + +Make sure to set the __Name__ as well as the __Token Claim Name__ to _groups_. Also disable the "Full group path". + +![Keycloak groups mapper](../../assets/keycloak-groups-mapper.png "Keycloak groups mapper") + +We can now configure the client to provide the _groups_ scope. + +Go back to the client we've created earlier and go to the Tab "Client Scopes". + +Click on "Add client scope", choose the _groups_ scope and add it either to the __Default__ or to the __Optional__ Client Scope. + +If you put it in the Optional +category you will need to make sure that ArgoCD requests the scope in its OIDC configuration. +Since we will always want group information, I recommend +using the Default category. + +![Keycloak client scope](../../assets/keycloak-client-scope.png "Keycloak client scope") + +Create a group called _ArgoCDAdmins_ and have your current user join the group. + +![Keycloak user group](../../assets/keycloak-user-group.png "Keycloak user group") + +## Configuring ArgoCD Policy Now that we have an authentication that provides groups we want to apply a policy to these groups. We can modify the _argocd-rbac-cm_ ConfigMap using `$ kubectl edit configmap argocd-rbac-cm`. @@ -126,8 +204,23 @@ You can now login using our new Keycloak OIDC authentication: ![Keycloak ArgoCD login](../../assets/keycloak-login.png "Keycloak ArgoCD login") +If you have used PKCE method, you can also authenticate using command line: +```bash +argocd login argocd.example.com --sso --grpc-web +``` + +argocd cli will start to listen on localhost:8085 and open your web browser to allow you to authenticate with Keycloak. + +Once done, you should see + +![Authentication successful!](../../assets/keycloak-authentication-successful.png "Authentication successful!") + ## Troubleshoot If ArgoCD auth returns 401 or when the login attempt leads to the loop, then restart the argocd-server pod. ``` kubectl rollout restart deployment argocd-server -n argocd ``` + +If you migrate from Client authentification to PKCE, you can have the following error `invalid_request: Missing parameter: code_challenge_method`. + +It could be a redirect issue, try in private browsing or clean browser cookies. diff --git a/docs/operator-manual/webhook.md b/docs/operator-manual/webhook.md index 92789e983d3b3..f57918583e3ba 100644 --- a/docs/operator-manual/webhook.md +++ b/docs/operator-manual/webhook.md @@ -19,7 +19,7 @@ URL configured in the Git provider should use the `/api/webhook` endpoint of you (e.g. `https://argocd.example.com/api/webhook`). If you wish to use a shared secret, input an arbitrary value in the secret. This value will be used when configuring the webhook in the next step. -To prevent DDoS attacks with unauthenticated webhook events (the `/api/webhook` endpoint currently lacks rate limiting protection), it is recommended to limit the payload size. You can achieve this by configuring the `argocd-cm` ConfigMap with the `webhook.maxPayloadSizeMB` attribute. The default value is 1GB. +To prevent DDoS attacks with unauthenticated webhook events (the `/api/webhook` endpoint currently lacks rate limiting protection), it is recommended to limit the payload size. You can achieve this by configuring the `argocd-cm` ConfigMap with the `webhook.maxPayloadSizeMB` attribute. The default value is 50MB. ## Github diff --git a/docs/proposals/manifest-hydrator.md b/docs/proposals/manifest-hydrator.md new file mode 100644 index 0000000000000..313c92adb78de --- /dev/null +++ b/docs/proposals/manifest-hydrator.md @@ -0,0 +1,538 @@ +--- +title: Manifest Hydrator +authors: + - "@crenshaw-dev" + - "@zachaller" +sponsors: + - TBD # List all interested parties here. +reviewers: + - TBD +approvers: + - TBD + +creation-date: 2024-03-26 +last-updated: 2024-03-26 +--- + +# Manifest Hydrator + +This proposal describes a feature to make manifest hydration (i.e. the "rendered manifest pattern") a first-class feature of Argo CD. + +## Terms + +* dry manifests: DRY or Don't Repeat Yourself - things like Kustomize overlays and Helm charts that produce Kubernetes manifests but are not themselves Kubernetes Manifests +* hydrated manifests: the output from dry manifest tools, i.e. plain Kubernetes manifests + +## Summary + +Manifest hydration tools like Helm and Kustomize are indispensable in GitOps. These tools transform "dry" (Don't Repeat Yourself) sources into plain Kubernetes manifests. The effects of a change to dry sources are not always obvious. So storing only dry sources in git leaves the user with an incomplete and confusing history of their application. This undercuts some of the main benefits of GitOps. + +The "rendered manifests" pattern has emerged as a way to mitigate the downsides of using hydration tools in GitOps. Today, developers use CI tools to automatically hydrate manifests and push to separate branches. They then configure Argo CD to deploy from the hydrated branches. (For more information, see the awesome [blog post](https://akuity.io/blog/the-rendered-manifests-pattern/) and [ArgoCon talk](https://www.youtube.com/watch?v=TonN-369Qfo) by Nicholas Morey.) + +This proposal describes manifest hydration and pushing to git as a first-class feature of Argo CD. + +It offers two modes of operation: push-to-deploy and push-to-stage. In push-to-deploy, hydrated manifests are pushed to the same branch from which Argo CD deploys. In push-to-stage, manifests are pushed to a different branch, and Argo CD relies on some external system to move changes to the deployment branch; this provides an integration point for automated environment promotion systems. + +### Opinions + +This proposal is opinionated. It is based on the belief that, in order to reap the full benefits of GitOps, every change to an application's desired state must originate from a commit to a single GitOps repository. In other words, the full history of the application's desired state must be visible as the commit history on a git repository. + +This requirement is incompatible with tooling which injects nondeterministic configuration into the desired state before it is deployed by the GitOps controller. Examples of nondeterministic external configuration are: + +1) Helm chart dependencies on unpinned chart versions +2) Kustomize remote bases to unpinned git revisions +3) Config tool parameter overrides in the Argo CD Application `spec.source` fields +4) Multiple sources referenced in the same application (knowledge of combination of source versions is held externally to git) + +Injecting nondeterministic configuration makes it impossible to know the complete history of an application by looking at a git branch history. Even if the nondeterministic output is databased (for example, in a hydrated source branch in git), it is impossible for developers to confidently make changes to desired state, because they cannot know ahead of time what other configuration will be injected at deploy time. + +We believe that the problems of injecting external configuration are best solved by asking these two questions: + +1) Does the configuration belong in the developer's interface (i.e. the dry manifests)? +2) Does the configuration need to be mutable at runtime, or only at deploy time? + +If the configuration belongs in the developer's interface, write a tool to push the information to git. Image tags are a good example of such configuration, and the Argo CD Image Updater is a good example of such tooling. + +If the configuration doesn't belong in the developer's interface, and it needs to be updated at runtime, write a controller. The developer shouldn't be expected to maintain configuration which is not an immediate part of their desired state. An example would be an auto-sizing controller which eliminates the need for the developer to manage their own autoscaler config. + +If the configuration doesn't belong in the developer's interface and doesn't need to be updated at runtime (only at deploy time), write a mutating webhook. This is a great option for injecting cluster-specific configuration that the developer doesn't need to directly control. + +With these three options available (git-pushers, controllers, and mutating webhooks), we believe that it is not generally necessary to inject nondeterministic configuration into the manifest hydration process. Instead, we can have a full history of the developer's minimal intent (dry branch) and the full expression of that intent (hydrated branch) completely recorded in a series of commits on a git branch. + +By respecting these limitations, we unlock the ability to manage change promotion/reversion entirely via git. Change lineage is fully represented as a series of dry commit hashes. This makes it possible to write reliable rules around how these hashes are promoted to different environments and how they are reverted (i.e. we can meaningfully say "`prod` may never be more than one dry hash ahead of `test`"). If information about the lineage of an application is scattered among multiple sources, it is difficult or even impossible to meaningfully define rules about how one environment's lineage must relate to that of another environment. + +Being opinionated unlocks the full benefits of GitOps as well as the ability to build a reasonable, reliable preview/promotion/reversion system. + +These opinions will lock out use cases where configuration injection cannot be avoided by writing git-pushers, controllers, or mutating webhooks. We believe that the benefits of making an opinionated system outweigh the costs of compromising those opinions. + +## Motivation + +Many organizations have implemented their own manifest hydration system. By implementing it in Argo CD, we can lower the cost to our users of maintaining those systems, and we can encourage best practices related to the pattern. + +### Goals + +1) Make manifest hydration easy and intuitive for Argo CD users +2) Make it possible to implement a promotion system which relies on the manifest hydration's push-to-stage mode +3) Emphasize maintaining as much of the system's state as possible in git rather than in the Application CR (e.g. source hydrator config values, such as Helm values) +4) Every deployed change must have a corresponding dry commit - i.e. git is always the source of any changes +5) Developers should be able to easily reproduce the manifest hydration process locally, i.e. by running some commands + +#### Hydration Reproducibility + +One goal of this proposal is to make hydration reproducibility easy. Reproducibility brings a couple benefits: easy iteration/debugging and reliable previews. + +##### Easy Iteration/Debugging + +The hydration system should enable developers to easily reproduce the hydration process locally. The developer should be able to run a short series of commands and perform the exact same tasks that Argo CD would take to hydrate their manifests. This allows the developer to verify that Argo CD is behaving as expected and to quickly tweak inputs and see the results. This lets them iterate quickly and improves developer satisfaction and change velocity. + +To provide this experience, the hydrator needs to provide the developer with a few pieces of information: + +1) The input repo URL, path, and commit SHA +2) The hydration tool CLI version(s) (for example, the version of the Helm CLI used for hydration) +3) A series of commands and arguments which the developer can run locally + +Equipped with this information, the developer can perform the exact same steps as Argo CD and be confident that their dry manifest changes will produce the desired output. + +Ensuring that hydration is deterministic assures the developer that the output for a given dry state will be the same next week as it is today. + +###### Avoiding Esoteric Behavior + +We should avoid the developer needing to know Argo CD-specific behavior in order to reproduce hydration. Tools like Helm, Kustimize, etc. have excellent public-facing documentation which the developer should be able to take advantage of without needing to know quirks of Argo CD. + +##### Reliable Previews + +Deterministic hydration output allows Argo CD to produce a reliable change preview when a developer proposes a change to the dry manifests via a PR. + +If output is not deterministic, then a preview generated today might not be valid/correct a week, day, or even hour later. Non-determinism makes it so that developers can't trust that the change they review will be the change actually applied. + +### Non-Goals + +1) Implementing a change promotion system + +## Open Questions + +* The `sourceHydrator` field is mutually exclusive with the `source` and the `sources` field. Should we throw an error if they're both configured, or should we just pick one and ignore the others? +* How will/should this feature relate to the image updater? Is there an opportunity to share code, since both tools involve pushing to git? +* Should we enforce a naming convention for hydrated manifest branches, e.g. `argo/...`? This would make it easier to recommend branch protection rules, for example, only allow pushes to `argo/*` from the argo bot. +* Should we enforce setting a `sourceHydrator.syncSource.path` to something besides `.`? Setting a path makes it easier to add/remove other apps later if desired. + +## Proposal + +Today, Argo CD watches one or more git repositories (configured in the `spec.source` or `spec.sources` field). When a new commit appears, Argo CD updates the desired state by rendering the manifests with the configured manifest hydration tool. If auto-sync is enabled, Argo CD applies the new manifests to the cluster. + +With the introduction of this change, Argo CD will watch two revisions in the same git repository: the first is the "dry source", i.e. the git repo/revision where the un-rendered manifests reside, and the second is the "hydrated source," where the rendered manifests are places and retrieved for syncing to the cluster. + +### New `spec.sourceHydrator` Application Field + +A `sourceHydrator` field will be added to the Argo CD Application spec: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: example +spec: + # The sourceHydrator field is mutually-exclusive with `source` and with `sources`. If this field is configured, we + # should either throw an error or ignore the other two. + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + targetRevision: main + # This assumes the Application's environments are modeled as directories. + path: environments/e2e + syncSource: + targetBranch: environments/e2e + path: . + # The hydrateTo field is optional. If specified, Argo CD will write hydrated manifests to this branch instead of the + # syncSource.targetBranch. This allows the user to "stage" a hydrated commit before actually deploying the changes + # by merging them into the syncSource branch. A complete change promotion system can be built around this feature. + hydrateTo: + targetBranch: environments/e2e-next + # The path is assumed to be the same as that in syncSource. +``` + +When the Argo CD application controller detects a new commit on the `drySource`, it queue up the hydration process. + +When the application controller detects a new (hydrated) commit on the `syncSource.targetBranch`, it will sync the manifests. + +### Processing a New Dry Commit + +On noticing a new dry commit, Argo CD will first collect all Applications which have the same `drySource` repo and targetRevision. + +Argo CD will then group those sources by the configured `syncSource` targetBranch. + +```go +package hydrator + +import "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + +type DrySource struct { + repoURL string + targetRevision string +} + +type SyncSource struct { + targetBranch string +} + +var appGroups map[DrySource]map[SyncSource][]v1alpha1.Application +``` + +Then Argo CD will loop over the apps in each group. For each group, it will run manifest hydration on the configured `drySource.path` and write the result to the configured `syncSource.path`. After looping over all apps in the group and writing all their manifests, it will commit the changes to the configured `syncSource` repoURL and targetBranch (or, if configured, the `hydratedTo` targetBranch). Finally, it will push those changes to git. Then it will repeat this process for the remaining groups. + +The actual push operation should be delegated to the [commit server](./manifest-hydrator/commit-server/README.md). + +To understand how this would work for a simple dev/test/prod setup with two regions, consider this example: + +```yaml +### DEV APPS ### +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dev-west +spec: + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + targetRevision: main + path: environments/dev/west + syncSource: + targetBranch: environments/dev + path: west +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dev-east +spec: + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + targetRevision: main + path: environments/dev/east + syncSource: + targetBranch: environments/dev + path: east +--- +### TEST APPS ### +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: test-west +spec: + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + targetRevision: main + path: environments/test/west + syncSource: + targetBranch: environments/test + path: west +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: test-east +spec: + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + targetRevision: main + path: environments/test/east + syncSource: + targetBranch: environments/prod + path: east +--- +### PROD APPS ### +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: prod-west +spec: + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + targetRevision: main + path: environments/prod/west + syncSource: + targetBranch: environments/prod + path: west +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: prod-east +spec: + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + targetRevision: main + path: environments/prod/east + syncSource: + targetBranch: environments/prod + path: east +--- +``` + +Each commit to the dry branch will result in a commit to up to three branches. Each commit to an environment branch will contain changes for west, east, or both (depending on which is affected). Changes originating from a single dry commit are always grouped into a single hydrated commit. + +### Handling External Values Files + +Since only one source may be used in as the dry source, the multi-source approach to external Helm values files will not work here. Instead, we'll recommend that users use the umbrella chart approach. The main reasons for multi-source as an alternative were convenience (no need to maintain the parent chart) and resolving issues with authentication to dependency charts. We believe the simplification is worth the cost of convenience, and we can address the auth issues as standalone bugs. + +An earlier iteration of this proposal attempted to preserve the multi-source style of external value file inclusion by introducing a "magic" `.argocd-hydrator.yaml` file containing `additionalSources` to reference the Helm chart. In the end, it felt like we were re-implementing Helm's dependencies feature or git submodules. It's better to just rely on one of those existing tools. + +### `.argocd-source.yaml` Support + +The `spec.sourceHydrator.drySource` field contains only three fields: `repoURL`, `targetRevision`, and `path`. + +`spec.source` contains a number of fields for configuring manifest hydration tools (`helm`, `kustomize`, and `directory`). That functionality is still available for `spec.sourceHydrator`. But instead of being configured in the Application CR, those values are set in `.argocd-source.yaml`, an existing "override" mechanism for `spec.source`. By requiring that this configuration be set in `.argocd-source.yaml`, we respect the principle that all changes must be made in git instead of in the Application CR. + +### `spec.destination.namespace` Behavior + +The Application `spec.destination.namespace` field is used to set the `metadata.namespace` field of any namespace resources for which that field is not set in the manifests. + +The hydrator will not inject `metadata.namespace` into the hydrated manifests pushed to git. Instead, Argo CD's behavior of injecting that value immediately before applying to the cluster will continue to be used with the `spec.sourceHydrator.syncSource`. + +### Build Environment Support + +For sources specified in `spec.source` or `spec.sources`, Argo CD [sets certain environment variables](https://argo-cd.readthedocs.io/en/stable/user-guide/build-environment/) before running the manifest hydration tool. + +Some of these environment variables may change independently of the dry source and therefore break the reproducibility of manifest hydration (see the [Opinions](#opinions) section). Therefore, only some environment variables will be populated for the `spec.sourceHydrator` source. + +These environment variables will **not** be set: + +* `ARGOCD_APP_NAME` +* `ARGOCD_APP_NAMESPACE` +* `KUBE_VERSION` +* `KUBE_API_VERSIONS` + +These environment variables will be set because they are commit SHAs and are directly and immutably tied to the dry manifest commit: + +* `ARGOCD_APP_REVISION` +* `ARGOCD_APP_REVISION_SHORT` + +These environment variables will be set because they are inherently tied to the manifest hydrator configuration. If these fields set in `spec.sourceHydrator.drySource` change, we are breaking the connection to the original hydrator configuration anyway. + +* `ARGOCD_APP_SOURCE_PATH` +* `ARGOCD_APP_SOURCE_REPO_URL` +* `ARGOCD_APP_SOURCE_TARGET_REVISION` + +### Support for Helm-Specific Features + +#### App Name / Release Name + +By default, Argo CD's `source` and `sources` fields use the Application's name as the release name when hydrating Helm manifests. + +To centralize the source of truth when using `spec.sourceHydrator`, the default release name will be an empty string, and any different release name should be specified in the `helm.releaseName` field in `.argocd-source.yaml`. + +#### Kube API Versions + +`helm install` supports dynamically reading Kube API versions from the destination cluster to adjust manifest output. `helm template` accepts a list of Kube API versions to simulate the same behavior, and Argo CD's `spec.source` and `spec.sources` fields set those API versions when running `helm template`. + +To centralize the source of truth when using `spec.sourceHydrator`, the Kube API versions will not be populated by default. + +Instead, a new field will be added to the Application's `spec.source.helm` field: + +```yaml +kind: Application +spec: + source: + helm: + apiVersions: + - admissionregistration.k8s.io/v1/MutatingWebhookConfiguration + - admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration + - ... etc. +``` + +That field will also be available in `.argocd-source.yaml`: + +```yaml +helm: + apiVersions: + - admissionregistration.k8s.io/v1/MutatingWebhookConfiguration + - admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration + - ... etc. +``` + +So the appropriate way to set Kube API versions for the source hydrator will be to populate the `.argocd-source.yaml` file. + +#### Hydrated Environment Branches + +Representing the dry manifests of environments as branches has well-documented downsides for developer experience. Specifically, it's toilsome for developers to manage moving changes from one branch to another and avoid drift. + +So environments-as-directories has emerged as the standard for good GitOps practices. Change management across directories in a single branch is much easier to perform and reason about. + +**This proposal does not suggest using branches to represent the dry manifests of environments.** As a matter of fact, this proposal codifies the current best practice of representing the dry manifests as directories in a single branch. + +This proposal recommends using different branches for the _hydrated_ representation of environments only. Using different branches has some benefits: + +1) Intuitive grouping of "changes to ship at once" - for example, if you have app-1-east and app-1-west, it makes sense to merge a single hydrated PR to deploy to both of those apps at once +2) Easy-to-read history of a single environment via the commits history +3) Easy comparison between environments using the SCMs' "compare" interfaces + +In other words, branches make a very nice _read_ interface for _hydrated_ manifests while preserving the best-practice of using _directories_ for the _write_ interface. + +### Commit Metadata + +Each output directory should contain two files: manifest.yaml and README.md. manifest.yaml should contain the plain hydrated manifests. The resources should be sorted by namespace, name, group, and kind (in that order). + +The README will be built using the following template: + +````gotemplate +{{ if eq (len .applications) 1 }} +{{ $appName := (index .applications 0).metadata.name }} +# {{ $appName }} Manifests + +[manifest.yaml](./manifest.yaml) contains the hydrated manifests for the {{ $appName }} application. +{{ end }} +{{ if gt (len .applications) 1 }} +{{ $appName := (index .applications 0).metadata.name }} +# Manifests for {{ len .applications }} Applications + +[manifest.yaml](./manifest.yaml) contains the hydrated manifests for these applications: +{{ range $i, $app := .applications }} +- {{ $app.name }} +{{ end }} +{{ end }} + +These are the details of the most recent change; +* Author: {{ .commitAuthor }} +* Message: {{ .commitMessage }} +* Time: {{ .commitTime }} + +To reproduce the manifest hydration, do the following: + +``` +git clone {{ .repoURL }} +cd {{ .repoName }} +git checkout {{ .dryShortSHA }} +{{ range $i, $command := .commands }} +{{ $command }} +{{ end }} +``` +```` + +This template should be admin-configurable. + +Example output might look like this: + +````markdown +# dev-west Manifests + +[manifest.yaml](./manifest.yaml) contains the hydrated manifests for the dev-west application. + +These are the details of the most recent change; +* Author: Michael Crenshaw +* Message: chore: bumped image tag to v0.0.2 +* Time: 2024-03-27 10:32:04 UTC + +To reproduce the manifest hydration, do the following: + +``` +git clone https://github.com/argoproj/argocd-example-apps +cd argocd-example-apps +git checkout ab2382f +kustomize edit set image my-app:v0.0.2 +kustomize build environments/dev/west +``` +```` + +The hydrator will also write a `hydrator.metadata` file containing a JSON representation of all the values available for README templating. This metadata can be used by external systems (e.g. a PR-based promoter system) to generate contextual information about the hydrated manifest's provenance. + +```json +{ + "commands": ["kustomize edit set image my-app:v0.0.2", "kustomize build ."], + "drySHA": "ab2382f", + "commitAuthor": "Michael Crenshaw ", + "commitMessage": "chore: bump Helm dependency chart to 32.1.12", + "repoURL": "https://github.com/argoproj/argocd-example-apps" +} +``` + +To request a commit to the hydrated branch, the application controller will make a call to the CommitManifests service. + +A single call will bundle all the changes destined for a given targetBranch. + +It's the application controller's job to ensure that the user has write access to the repo before making the call. + +```protobuf +// CommitManifests represents the caller's request for some Kubernetes manifests to be pushed to a git repository. +message CommitManifests { + // repoURL is the URL of the repo we're pushing to. HTTPS or SSH URLs are acceptable. + required string repoURL = 1; + // targetBranch is the name of the branch we're pushing to. + required string targetBranch = 2; + // drySHA is the full SHA256 hash of the "dry commit" from which the manifests were hydrated. + required string drySHA = 3; + // commitAuthor is the name of the author of the dry commit. + required string commitAuthor = 4; + // commitMessage is the short commit message from the dry commit. + required string commitMessage = 5; + // commitTime is the dry commit timestamp. + required string commitTime = 6; + // details holds the information about the actual hydrated manifests. + repeated CommitPathDetails details = 7; +} + +// CommitManifestDetails represents the details about a +message CommitPathDetails { + // path is the path to the directory to which these manifests should be written. + required string path = 1; + // manifests is a list of JSON documents representing the Kubernetes manifests. + repeated string manifests = 2; + // readme is a string which will be written to a README.md alongside the manifest.yaml. + required string readme = 3; +} + +message CommitManifestsResponse { +} +``` + +### Push access + +The hydrator will need to push to the git repository. This will require a secret containing the git credentials. + +Write access will be configured via a Kubernetes secret with the following structure: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + labels: + argocd.argoproj.io/secret-type: repository-write +stringData: + url: 'https://github.com/argoproj/argocd-example-apps' + githubAppID: '123456' + githubInstallationID: '123456' + githubAppPrivateKey: | + ----- +``` + +### Use cases + +#### Use case 1: + +An organization with strong requirements around change auditing might enable manifest hydration in order to generate a full history of changes. + +#### Use case 2: + +### Implementation Details/Notes/Constraints + +### Detailed examples + +### Security Considerations + +This proposal would involve introducing a component capable of pushing to git. + +We'll need to consider what git permissions setup to recommend, what security features we should recommend enabling (e.g. branch protection), etc. + +We'll also need to consider how to store the git push secrets. It's probable that they'll need to be stored in a namespace separate from the other Argo CD components to provide a bit extra protection. + +### Risks and Mitigations + +### Upgrade / Downgrade Strategy + +## Drawbacks + +## Alternatives diff --git a/docs/proposals/manifest-hydrator/README.md b/docs/proposals/manifest-hydrator/README.md new file mode 100644 index 0000000000000..e2af5481e4596 --- /dev/null +++ b/docs/proposals/manifest-hydrator/README.md @@ -0,0 +1,44 @@ +# Argo CD Manifest Hydrator + +Most Argo CD Applications don't directly use plain Kubernetes manifests. They reference a Helm chart or some Kustomize manifests, and then Argo CD transforms those sources into their final form (plain Kubernetes manifests). + +Having Argo CD quietly do this transformation behind the scenes is convenient. But it can make it harder for developers to understand the full state of their application, both current and past. Hydrating (also known as "rendering") the sources and pushing the hydrated manifests to git is a common technique to preserve a full history of an Application's state. + +Argo CD provides first-class tooling to hydrate manifests and push them to git. This document explains how to take advantage of that tooling. + +## Setting up git Push Access + +To use Argo CD's source hydration tooling, you have to grant Argo CD push access to all the repositories for apps using the source hydrator. + +### Security Considerations + +Argo CD stores git push secrets separately from the main Argo CD components and separately from git pull credentials to minimize the possibility of a malicious actor stealing the secrets or hijacking Argo CD components to push malicious changes. + +Pushing hydrated manifests to git can improve security by ensuring that all state changes are stored and auditable. If a malicious actor does manage to produce malicious changes in manifests, those changes will be discoverable in git instead of living only in the live cluster state. + +You should use your SCM's security mechanisms to ensure that Argo CD can only push to the allowed repositories and branches. + +### Adding the Access Credentials + +To set up push access, add a secret to the `argocd-push` namespace with the following format: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: argocd-example-apps + labels: + # Note that this is "repository-push" instead of "repository". The same secret should never be used for both push and pull access. + argocd.argoproj.io/secret-type: repository-push +type: Opaque +stringData: + url: https://github.com/argoproj/argocd-example-apps.git + username: '****' + password: '****' +``` + +Once the secret is available, any Application which has pull access to a given repo will be able to use the source hydration tooling to also push to that repo. + +## Using the `sourceHydrator` Field + +## Migrating from the `source` or `sources` Field diff --git a/docs/proposals/manifest-hydrator/commit-server/README.md b/docs/proposals/manifest-hydrator/commit-server/README.md new file mode 100644 index 0000000000000..b87a6ef0a2445 --- /dev/null +++ b/docs/proposals/manifest-hydrator/commit-server/README.md @@ -0,0 +1,38 @@ +# Commit Server + +The Argo CD Commit Server provides push access to git repositories for hydrated manifests. + +The server exposes a gRPC service which accepts requests to push hydrated manifests to a git repository. This is the interface: + +```protobuf +// CommitManifests represents the caller's request for some Kubernetes manifests to be pushed to a git repository. +message CommitManifests { + // repoURL is the URL of the repo we're pushing to. HTTPS or SSH URLs are acceptable. + required string repoURL = 1; + // targetBranch is the name of the branch we're pushing to. + required string targetBranch = 2; + // drySHA is the full SHA256 hash of the "dry commit" from which the manifests were hydrated. + required string drySHA = 3; + // commitAuthor is the name of the author of the dry commit. + required string commitAuthor = 4; + // commitMessage is the short commit message from the dry commit. + required string commitMessage = 5; + // commitTime is the dry commit timestamp. + required string commitTime = 6; + // details holds the information about the actual hydrated manifests. + repeated CommitPathDetails details = 7; +} + +// CommitManifestDetails represents the details about a +message CommitPathDetails { + // path is the path to the directory to which these manifests should be written. + required string path = 1; + // manifests is a list of JSON documents representing the Kubernetes manifests. + repeated string manifests = 2; + // readme is a string which will be written to a README.md alongside the manifest.yaml. + required string readme = 3; +} + +message CommitManifestsResponse { +} +``` diff --git a/docs/requirements.txt b/docs/requirements.txt index ad1dcf32ff1ea..cc472f5a8395a 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,6 +4,6 @@ mkdocs==1.6.1 mkdocs-material==7.1.8 markdown_include==0.8.1 pygments==2.18.0 -jinja2==3.1.4 +jinja2==3.1.5 markdown==3.7 pymdown-extensions==10.12 \ No newline at end of file diff --git a/docs/snyk/index.md b/docs/snyk/index.md index e0845af0d40f2..2af9868187af5 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -18,61 +18,62 @@ recent minor releases. | [dex:v2.41.1](master/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 2 | | [haproxy:2.6.17-alpine](master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | | [redis:7.0.15-alpine](master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 2 | 10 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 10 | | [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.13.0-rc5 +### v2.14.0-rc3 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.13.0-rc5/argocd-test.html) | 0 | 0 | 7 | 2 | -| [ui/yarn.lock](v2.13.0-rc5/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.41.1](v2.13.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 2 | -| [haproxy:2.6.17-alpine](v2.13.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | -| [redis:7.0.15-alpine](v2.13.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [argocd:v2.13.0-rc5](v2.13.0-rc5/quay.io_argoproj_argocd_v2.13.0-rc5.html) | 0 | 0 | 2 | 10 | -| [redis:7.0.15-alpine](v2.13.0-rc5/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.13.0-rc5/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.13.0-rc5/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.14.0-rc3/argocd-test.html) | 0 | 1 | 6 | 0 | +| [ui/yarn.lock](v2.14.0-rc3/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.41.1](v2.14.0-rc3/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 2 | +| [haproxy:2.6.17-alpine](v2.14.0-rc3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | +| [redis:7.0.15-alpine](v2.14.0-rc3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [argocd:v2.14.0-rc3](v2.14.0-rc3/quay.io_argoproj_argocd_v2.14.0-rc3.html) | 0 | 0 | 3 | 10 | +| [redis:7.0.15-alpine](v2.14.0-rc3/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.14.0-rc3/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.14.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.12.7 +### v2.13.2 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.12.7/argocd-test.html) | 0 | 0 | 8 | 2 | -| [ui/yarn.lock](v2.12.7/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.12.7/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 7 | -| [haproxy:2.6.17-alpine](v2.12.7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | -| [redis:7.0.15-alpine](v2.12.7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [argocd:v2.12.7](v2.12.7/quay.io_argoproj_argocd_v2.12.7.html) | 0 | 0 | 2 | 10 | -| [redis:7.0.15-alpine](v2.12.7/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.12.7/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.12.7/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.13.2/argocd-test.html) | 1 | 1 | 7 | 2 | +| [ui/yarn.lock](v2.13.2/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.41.1](v2.13.2/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 0 | 0 | 2 | +| [haproxy:2.6.17-alpine](v2.13.2/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | +| [redis:7.0.15-alpine](v2.13.2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [argocd:v2.13.2](v2.13.2/quay.io_argoproj_argocd_v2.13.2.html) | 0 | 0 | 3 | 11 | +| [redis:7.0.15-alpine](v2.13.2/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.13.2/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.13.2/argocd-iac-namespace-install.html) | - | - | - | - | + +### v2.12.8 + +| | Critical | High | Medium | Low | +|---:|:--------:|:----:|:------:|:---:| +| [go.mod](v2.12.8/argocd-test.html) | 1 | 1 | 8 | 2 | +| [ui/yarn.lock](v2.12.8/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.38.0](v2.12.8/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 7 | +| [haproxy:2.6.17-alpine](v2.12.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 4 | +| [redis:7.0.15-alpine](v2.12.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [argocd:v2.12.8](v2.12.8/quay.io_argoproj_argocd_v2.12.8.html) | 0 | 0 | 3 | 11 | +| [redis:7.0.15-alpine](v2.12.8/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.12.8/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.12.8/argocd-iac-namespace-install.html) | - | - | - | - | ### v2.11.12 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.11.12/argocd-test.html) | 0 | 1 | 9 | 2 | +| [go.mod](v2.11.12/argocd-test.html) | 1 | 2 | 9 | 2 | | [ui/yarn.lock](v2.11.12/argocd-test.html) | 0 | 0 | 1 | 0 | | [dex:v2.38.0](v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 7 | | [haproxy:2.6.14-alpine](v2.11.12/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 7 | -| [argocd:v2.11.12](v2.11.12/quay.io_argoproj_argocd_v2.11.12.html) | 0 | 0 | 3 | 19 | +| [argocd:v2.11.12](v2.11.12/quay.io_argoproj_argocd_v2.11.12.html) | 0 | 0 | 4 | 21 | | [redis:7.0.15-alpine](v2.11.12/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | | [install.yaml](v2.11.12/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.11.12/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.10.18 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.10.18/argocd-test.html) | 0 | 1 | 9 | 2 | -| [ui/yarn.lock](v2.10.18/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.10.18/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 10 | 7 | -| [haproxy:2.6.14-alpine](v2.10.18/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 7 | -| [argocd:v2.10.18](v2.10.18/quay.io_argoproj_argocd_v2.10.18.html) | 0 | 0 | 3 | 19 | -| [redis:7.0.15-alpine](v2.10.18/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.10.18/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.10.18/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 0c22234c5ed22..02056cedc3616 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

November 10th 2024, 12:20:55 am (UTC+00:00)

+

December 22nd 2024, 12:21:32 am (UTC+00:00)

Scanned the following path: @@ -507,7 +507,7 @@

Role or ClusterRole with dangerous permissions

  • - Line number: 22556 + Line number: 23952
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22237 + Line number: 23633
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22324 + Line number: 23720
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22352 + Line number: 23748
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22382 + Line number: 23778
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22400 + Line number: 23796
    • @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22418 + Line number: 23814
    • @@ -829,7 +829,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22440 + Line number: 23836
    • @@ -881,7 +881,7 @@

    Container could be running with outdated image

  • - Line number: 23531 + Line number: 24926
    • @@ -933,7 +933,7 @@

    Container could be running with outdated image

  • - Line number: 23838 + Line number: 25233
    • @@ -991,7 +991,7 @@

    Container has no CPU limit

  • - Line number: 23050 + Line number: 24445
    • @@ -1049,7 +1049,7 @@

    Container has no CPU limit

  • - Line number: 23333 + Line number: 24728
    • @@ -1107,7 +1107,7 @@

    Container has no CPU limit

  • - Line number: 23287 + Line number: 24682
    • @@ -1165,7 +1165,7 @@

    Container has no CPU limit

  • - Line number: 23395 + Line number: 24790
    • @@ -1223,7 +1223,7 @@

    Container has no CPU limit

  • - Line number: 23502 + Line number: 24897
    • @@ -1281,7 +1281,7 @@

    Container has no CPU limit

  • - Line number: 23526 + Line number: 24921
    • @@ -1339,7 +1339,7 @@

    Container has no CPU limit

  • - Line number: 23838 + Line number: 25233
    • @@ -1397,7 +1397,7 @@

    Container has no CPU limit

  • - Line number: 23585 + Line number: 24980
    • @@ -1455,7 +1455,7 @@

    Container has no CPU limit

  • - Line number: 23925 + Line number: 25320
    • @@ -1513,7 +1513,7 @@

    Container has no CPU limit

  • - Line number: 24317 + Line number: 25718
    • @@ -1565,7 +1565,7 @@

    Container is running with multiple open ports

  • - Line number: 23313 + Line number: 24708
    • @@ -1617,7 +1617,7 @@

    Container is running without liveness probe

  • - Line number: 23050 + Line number: 24445
    • @@ -1669,7 +1669,7 @@

    Container is running without liveness probe

  • - Line number: 23287 + Line number: 24682
    • @@ -1721,7 +1721,7 @@

    Container is running without liveness probe

  • - Line number: 23502 + Line number: 24897
    • @@ -1779,7 +1779,7 @@

    Container is running without memory limit

  • - Line number: 23050 + Line number: 24445
    • @@ -1837,7 +1837,7 @@

    Container is running without memory limit

  • - Line number: 23287 + Line number: 24682
    • @@ -1895,7 +1895,7 @@

    Container is running without memory limit

  • - Line number: 23333 + Line number: 24728
    • @@ -1953,7 +1953,7 @@

    Container is running without memory limit

  • - Line number: 23395 + Line number: 24790
    • @@ -2011,7 +2011,7 @@

    Container is running without memory limit

  • - Line number: 23502 + Line number: 24897
    • @@ -2069,7 +2069,7 @@

    Container is running without memory limit

  • - Line number: 23526 + Line number: 24921
    • @@ -2127,7 +2127,7 @@

    Container is running without memory limit

  • - Line number: 23838 + Line number: 25233
    • @@ -2185,7 +2185,7 @@

    Container is running without memory limit

  • - Line number: 23585 + Line number: 24980
    • @@ -2243,7 +2243,7 @@

    Container is running without memory limit

  • - Line number: 23925 + Line number: 25320
    • @@ -2301,7 +2301,7 @@

    Container is running without memory limit

  • - Line number: 24317 + Line number: 25718
    • @@ -2357,7 +2357,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23209 + Line number: 24604
    • @@ -2413,7 +2413,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23341 + Line number: 24736
    • @@ -2469,7 +2469,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23316 + Line number: 24711
    • @@ -2525,7 +2525,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23434 + Line number: 24829
    • @@ -2581,7 +2581,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23519 + Line number: 24914
    • @@ -2637,7 +2637,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23533 + Line number: 24928
    • @@ -2693,7 +2693,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23845 + Line number: 25240
    • @@ -2749,7 +2749,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23811 + Line number: 25206
    • @@ -2805,7 +2805,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24216 + Line number: 25617
    • @@ -2861,7 +2861,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24538 + Line number: 25951
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 43b35b43cd5eb..15fb585d9abb1 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:21:05 am (UTC+00:00)

    +

    December 22nd 2024, 12:21:41 am (UTC+00:00)

    Scanned the following path: @@ -1467,7 +1467,7 @@

    Container has no CPU limit

  • - Line number: 1942 + Line number: 1948
    • @@ -2255,7 +2255,7 @@

    Container is running without memory limit

  • - Line number: 1942 + Line number: 1948
    • @@ -2759,7 +2759,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1841 + Line number: 1847
    • @@ -2815,7 +2815,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 2163 + Line number: 2181
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index abe96d6f62ba0..b55cbe608b43c 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:18:46 am (UTC+00:00)

    +

    December 22nd 2024, 12:19:28 am (UTC+00:00)

    Scanned the following paths: @@ -470,7 +470,7 @@

    Snyk test report

    7 known vulnerabilities
    26 vulnerable dependency paths
    -
    2149 dependencies
    +
    2160 dependencies
    @@ -504,7 +504,7 @@

    LGPL-3.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.1.4 and others + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.1.6 and others
    • @@ -518,9 +518,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/Azure/kubelogin/pkg/token@0.1.4 + github.com/Azure/kubelogin/pkg/token@0.1.6 - github.com/Azure/kubelogin/pkg/internal/token@0.1.4 + github.com/Azure/kubelogin/pkg/internal/token@0.1.6 gopkg.in/retry.v1@1.0.3 @@ -724,7 +724,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.113.0 + gitlab.com/gitlab-org/api/client-go@0.116.0 github.com/hashicorp/go-retryablehttp@0.7.7 @@ -930,7 +930,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.113.0 + gitlab.com/gitlab-org/api/client-go@0.116.0 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -941,7 +941,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.113.0 + gitlab.com/gitlab-org/api/client-go@0.116.0 github.com/hashicorp/go-retryablehttp@0.7.7 diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html index 7d71f02577f94..5e63b41d90ab5 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.41.1.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:18:54 am (UTC+00:00)

    +

    December 22nd 2024, 12:19:36 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    22 known vulnerabilities
    -
    43 vulnerable dependency paths
    +
    24 known vulnerabilities
    +
    45 vulnerable dependency paths
    969 dependencies
    @@ -479,6 +479,163 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and golang.org/x/crypto/ssh@v0.24.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + golang.org/x/crypto/ssh@v0.24.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.27.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.27.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Insertion of Sensitive Information into Log File

    @@ -1913,6 +2070,9 @@

    References

  • https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
  • https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
  • https://openssl-library.org/news/secadv/20240903.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/09/03/4
    • +
  • https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
    • +
  • https://security.netapp.com/advisory/ntap-20240912-0001/
    • @@ -2072,6 +2232,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html index 5fd3c8d102ae8..a77ff2be6395d 100644 --- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html +++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:18:59 am (UTC+00:00)

    +

    December 22nd 2024, 12:19:40 am (UTC+00:00)

    Scanned the following path: @@ -871,9 +871,43 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause + memory to be accessed that was previously freed in some situations

    +

    Impact summary: A use after free can have a range of potential consequences such + as the corruption of valid data, crashes or execution of arbitrary code. + However, only applications that directly call the SSL_free_buffers function are + affected by this issue. Applications that do not call this function are not + vulnerable. Our investigations indicate that this function is rarely used by + applications.

    +

    The SSL_free_buffers function is used to free the internal OpenSSL buffer used + when processing an incoming record from the network. The call is only expected + to succeed if the buffer is not currently in use. However, two scenarios have + been identified where the buffer is freed even when still in use.

    +

    The first scenario occurs where a record header has been received from the + network and processed by OpenSSL, but the full record body has not yet arrived. + In this case calling SSL_free_buffers will succeed even though a record has only + been partially processed and the buffer is still in use.

    +

    The second scenario occurs where a full record containing application data has + been received and processed by OpenSSL but the application has only read part of + this data. Again a call to SSL_free_buffers will succeed even though the buffer + is still in use.

    +

    While these scenarios could occur accidentally during normal operation a + malicious attacker could attempt to engineer a stituation where this occurs. + We are not aware of this issue being actively exploited.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    Remediation

    Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

    +

    References

    +
    @@ -1091,16 +1125,17 @@

    Remediation

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    References

    @@ -1288,6 +1323,9 @@

    References

  • https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
  • https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
  • https://openssl-library.org/news/secadv/20240903.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/09/03/4
    • +
  • https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
    • +
  • https://security.netapp.com/advisory/ntap-20240912-0001/
    • @@ -1480,6 +1518,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html index a76f683a5509e..c6b67deeacea4 100644 --- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:19:04 am (UTC+00:00)

    +

    December 22nd 2024, 12:19:45 am (UTC+00:00)

    Scanned the following paths: @@ -649,6 +649,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 33bed19711d0d..93f0a6e561638 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:19:23 am (UTC+00:00)

    +

    December 22nd 2024, 12:20:03 am (UTC+00:00)

    Scanned the following paths: @@ -470,9 +470,9 @@

    Snyk test report

    -
    19 known vulnerabilities
    -
    73 vulnerable dependency paths
    -
    2358 dependencies
    +
    21 known vulnerabilities
    +
    101 vulnerable dependency paths
    +
    2383 dependencies
    @@ -480,8 +480,91 @@

    Snyk test report

    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/html@v0.26.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    -

    Information Exposure

    +

    Insecure Storage of Sensitive Information

    @@ -500,12 +583,12 @@

    Information Exposure

  • Vulnerable module: - libgcrypt20 + pam/libpam0g
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.10.3-2build1 + docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-5ubuntu5.1
    • @@ -520,7 +603,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1 @@ -529,9 +612,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/dirmngr@2.4.4-2ubuntu17 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1 @@ -540,9 +623,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg@2.4.4-2ubuntu17 + util-linux@2.39.3-9ubuntu6.1 - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1 @@ -551,9 +634,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg-agent@2.4.4-2ubuntu17 + apt@2.7.14build2 - libgcrypt20@1.10.3-2build1 + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1 @@ -564,9 +651,328 @@

    Detailed paths

    apt@2.7.14build2 - apt/libapt-pkg6.0t64@2.7.14build2 + adduser@3.137ubuntu1 - libgcrypt20@1.10.3-2build1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
    • + + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 pam.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + pam/libpam0g +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-5ubuntu5.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + util-linux@2.39.3-9ubuntu6.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 @@ -577,9 +983,11 @@

      Detailed paths

      apt@2.7.14build2 - gnupg2/gpgv@2.4.4-2ubuntu17 + adduser@3.137ubuntu1 - libgcrypt20@1.10.3-2build1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 @@ -588,11 +996,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg@2.4.4-2ubuntu17 - - gnupg2/gpgconf@2.4.4-2ubuntu17 - - libgcrypt20@1.10.3-2build1 + pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -601,17 +1005,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.7.14build2 - - adduser@3.137ubuntu1 - - shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - - pam/libpam-modules@1.5.3-5ubuntu5.1 - - systemd/libsystemd0@255.4-1ubuntu8.4 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.10.3-2build1 + pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -623,23 +1019,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      -

      A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

      +

      A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

      Remediation

      -

      There is no fixed version for Ubuntu:24.04 libgcrypt20.

      +

      There is no fixed version for Ubuntu:24.04 pam.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -685,11 +1080,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 @@ -700,13 +1095,13 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 @@ -717,11 +1112,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -732,13 +1127,13 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -749,15 +1144,15 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -768,11 +1163,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 @@ -783,7 +1178,7 @@

    Detailed paths

    openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -794,9 +1189,9 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -807,11 +1202,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -820,7 +1215,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -1524,7 +1919,7 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 libssh/libssh-4@0.10.6-2build2 @@ -1539,11 +1934,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 openssl/libssl3t64@3.0.13-0ubuntu3.4 @@ -1556,9 +1951,9 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 + openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.1 cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1 @@ -1613,6 +2008,170 @@

    References

    More about this vulnerability

    +
    +
    +

    Information Exposure

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + libgcrypt20 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.10.3-2build1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/dirmngr@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/gpg@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/gpg-agent@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + apt/libapt-pkg6.0t64@2.7.14build2 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + gnupg2/gpgv@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/gpg@2.4.4-2ubuntu17 + + gnupg2/gpgconf@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + systemd/libsystemd0@255.4-1ubuntu8.4 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 libgcrypt20.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2024-26458

    @@ -1656,11 +2215,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 @@ -1671,13 +2230,13 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 @@ -1688,11 +2247,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -1703,13 +2262,13 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -1720,15 +2279,15 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -1739,11 +2298,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 @@ -1754,7 +2313,7 @@

    Detailed paths

    openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -1765,9 +2324,9 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -1778,11 +2337,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -1791,7 +2350,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -1864,11 +2423,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 @@ -1879,13 +2438,13 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 @@ -1896,11 +2455,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -1911,13 +2470,13 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -1928,15 +2487,15 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2 @@ -1947,11 +2506,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 @@ -1962,7 +2521,7 @@

    Detailed paths

    openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -1973,9 +2532,9 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -1986,11 +2545,11 @@

    Detailed paths

    git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 @@ -1999,7 +2558,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -2349,99 +2908,6 @@

    References

    More about this vulnerability

    -
    -
    -

    CVE-2024-9681

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3t64-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    When curl is asked to use HSTS, the expiry time for a subdomain might - overwrite a parent domain's cache entry, making it end sooner or later than - otherwise intended.

    -

    This affects curl using applications that enable HSTS and use URLs with the - insecure HTTP:// scheme and perform transfers with hosts like - x.example.com as well as example.com where the first host is a subdomain - of the second host.

    -

    (The HSTS cache either needs to have been populated manually or there needs to - have been previous HTTPS accesses done as the cache needs to have entries for - the domains involved to trigger this problem.)

    -

    When x.example.com responds with Strict-Transport-Security: headers, this - bug can make the subdomain's expiry timeout bleed over and get set for the - parent domain example.com in curl's HSTS cache.

    -

    The result of a triggered bug is that HTTP accesses to example.com get - converted to HTTPS for a different period of time than what was asked for by - the origin server. If example.com for example stops supporting HTTPS at its - expiry time, curl might then fail to access http://example.com until the - (wrongly set) timeout expires. This bug can also expire the parent's entry - earlier, thus making curl inadvertently switch back to insecure HTTP earlier - than otherwise intended.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 curl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Improper Input Validation

    diff --git a/docs/snyk/master/redis_7.0.15-alpine.html b/docs/snyk/master/redis_7.0.15-alpine.html index 75a88a49ff42e..06a95f0bdca0d 100644 --- a/docs/snyk/master/redis_7.0.15-alpine.html +++ b/docs/snyk/master/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:19:28 am (UTC+00:00)

    +

    December 22nd 2024, 12:20:08 am (UTC+00:00)

    Scanned the following paths: @@ -649,6 +649,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.10.18/argocd-test.html b/docs/snyk/v2.10.18/argocd-test.html deleted file mode 100644 index 2c92b4b344d6e..0000000000000 --- a/docs/snyk/v2.10.18/argocd-test.html +++ /dev/null @@ -1,4592 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    November 10th 2024, 12:28:35 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    13 known vulnerabilities
    -
    182 vulnerable dependency paths
    -
    2042 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.46.1 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b6ec82aedce5 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b6ec82aedce5 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b6ec82aedce5 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#b6ec82aedce5 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#b6ec82aedce5 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#b6ec82aedce5 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b6ec82aedce5 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#b6ec82aedce5 - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#b6ec82aedce5 - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b6ec82aedce5 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b6ec82aedce5 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/rs/cors -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - github.com/rs/cors@1.9.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the processing of malicious preflight requests that include a Access-Control-Request-Headers header with excessive commas. An attacker can induce excessive memory consumption and potentially crash the server by sending specially crafted requests.

    -

    PoC

    - 
    
-        func BenchmarkPreflightAdversarialACRH(b *testing.B) {
-            resps := makeFakeResponses(b.N)
-            req, _ := http.NewRequest(http.MethodOptions, dummyEndpoint, nil)
-            req.Header.Add(headerOrigin, dummyOrigin)
-            req.Header.Add(headerACRM, http.MethodGet)
-            req.Header[headerACRH] = adversarialACRH
-            handler := Default().Handler(testHandler)
-        
-            b.ReportAllocs()
-            b.ResetTimer()
-            for i := 0; i < b.N; i++ {
-                handler.ServeHTTP(resps[i], req)
-            }
-        }
-        
-        var adversarialACRH []string
-        
-        func init() { // populates adversarialACRH
-            n := int(math.Floor(math.Sqrt(http.DefaultMaxHeaderBytes)))
-            commas := strings.Repeat(",", n)
-            res := make([]string, n)
-            for i := range res {
-                res[i] = commas
-            }
-            adversarialACRH = res
-        }
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/rs/cors to version 1.11.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.7 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - foundation-sites -
      • - -
    • Introduced through: - - argo-cd-ui@1.0.0 and foundation-sites@6.7.5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - foundation-sites@6.7.5 - - - -
      • -
    • - Introduced through: - argo-cd-ui@1.0.0 - - argo-ui@1.0.0 - - foundation-sites@6.7.5 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    foundation-sites is a responsive front-end framework

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.

    -

    PoC

    - 
    https://www.''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for foundation-sites.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insufficient Documentation of Error Handling Techniques

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/golang-jwt/jwt/v4 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/golang-jwt/jwt/v4@4.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/Azure/go-autorest/autorest/azure@0.11.27 - - github.com/Azure/go-autorest/autorest@0.11.27 - - github.com/Azure/go-autorest/autorest/adal@0.9.20 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

    -

    Workaround

    -

    Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

    -

    Remediation

    -

    Upgrade github.com/golang-jwt/jwt/v4 to version 4.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insufficient Documentation of Error Handling Techniques

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/golang-jwt/jwt -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential@0.5.2 - - github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens@0.5.2 - - github.com/golang-jwt/jwt@3.2.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

    -

    Workaround

    -

    Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

    -

    Remediation

    -

    A fix was pushed into the master branch but not yet published.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.18/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.10.18/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index e7324a052bafd..0000000000000 --- a/docs/snyk/v2.10.18/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,6050 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    November 10th 2024, 12:28:42 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
      • -
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/dex (gomodules)
      • -
    -
    - -
    -
    56 known vulnerabilities
    -
    188 vulnerable dependency paths
    -
    786 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Path Traversal

    -
    - -
    - critical severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-git/go-git/v5 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5@v5.4.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/go-git/go-git/v5@v5.4.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

    -

    Notes:

    -
      -

    1. This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.

      -
      2. -

    2. Applications using BoundOS or in-memory filesystems are not affected by this issue.

      -
      3. -

    3. Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

      -
      4. -
    -

    Workaround

    -

    This vulnerability can be mitigated by limiting the client's use to trustworthy Git servers.

    -

    Remediation

    -

    Upgrade github.com/go-git/go-git/v5 to version 5.11.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - critical severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-5363

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

    -

    Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

    -

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    -

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

    -

    Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

    -

    Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

    -

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/grpc -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/grpc@v1.46.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/grpc@v1.46.2 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/grpc@v1.56.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    google.golang.org/grpc is a Go implementation of gRPC

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    -

    Remediation

    -

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running, by rapidly creating requests and - immediately resetting them. A a handler is started until one of the existing handlers exits.

    -

    Note:

    -

    This issue is related to CVE-2023-44487

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Heap-based Buffer Overflow

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/mattn/go-sqlite3 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/mattn/go-sqlite3@v1.14.17 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/mattn/go-sqlite3@v1.14.17 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the sessionReadRecord function in the ext/session/sqlite3session.c file. An attacker can cause a program crash or execute arbitrary code by manipulating the input to trigger a heap-based buffer overflow.

    -

    Remediation

    -

    Upgrade github.com/mattn/go-sqlite3 to version 1.14.18 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Path Traversal

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/consul/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/consul/api@v1.13.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Path Traversal due to a lack of path normalization, when using URL paths in L7 traffic intentions. An attacker could bypass HTTP request path-based access rules, using URL-encoded paths and/or multiple slashes.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/consul/api to version 1.20.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Authentication

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

    -

    Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be misled by removing, - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

    -

    The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

    -

    As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Inefficient Regular Expression Complexity

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

    -

    The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

    -

    However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

    -

    An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

    -

    The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

    -

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Excessive Iteration

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

    -

    The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

    -

    An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

    -

    The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

    -

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Check for Unusual or Exceptional Conditions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

    -

    While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

    -

    Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

    -

    An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

    -

    Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.28.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/internal/encoding/json@v1.28.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function, by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function, by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Cross-site Scripting (XSS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/html -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/html@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    -

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

    -

    Details

    -

    A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

    -

    This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

    -

    Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

    -

    Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

    -

    The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

    -

    Types of attacks

    -

    There are a few methods by which XSS can be manipulated:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    TypeOriginDescription
    StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
    ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
    DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
    MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
    -

    Affected environments

    -

    The following environments are susceptible to an XSS attack:

    -
      -
    • Web servers
      • -
    • Application servers
      • -
    • Web application environments
      • -
    -

    How to prevent

    -

    This section describes the top best practices designed to specifically protect your code:

    -
      -
    • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
      • -
    • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
      • -
    • Give users the option to disable client-side scripts.
      • -
    • Redirect invalid requests.
      • -
    • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
      • -
    • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
      • -
    • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
      • -
    -

    Remediation

    -

    Upgrade golang.org/x/net/html to version 0.13.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Authentication Bypass by Capture-replay

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/crypto/ssh -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    -

    Note:

    -
      -

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      -
      2. -

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      -
      3. -
    -

    Impact:

    -

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    -

    Workaround

    -

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/consts@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/physical@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/physical/inmem@v0.5.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/vault/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/api@v1.6.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/serf/coordinate -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/hcl/v2 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/hcl -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl@v1.0.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/parser@v1.0.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/strconv@v1.0.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/json/parser@v1.0.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/golang-lru/simplelru -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-version@v1.5.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-sockaddr -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-rootcerts -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-plugin -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin@v1.4.4 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-immutable-radix -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/errwrap -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/errwrap@v1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Access Control Bypass

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/consul/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/consul/api@v1.13.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Access Control Bypass due to a lack of header normalization while using Headers in L7 traffic intentions. By exploiting this, an attacker could bypass HTTP header based access rules.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/consul/api to version 1.20.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/consul/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/consul/api@v1.13.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/gosimple/slug@v1.12.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/go-sql-driver/mysql -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-sql-driver/mysql@v1.7.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Resource Consumption ('Resource Exhaustion')

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5/plumbing@v5.4.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/go-git/go-git/v5/plumbing@v5.4.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

    -

    Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

    -

    Note - This is only exploitable if the client is not using the in-memory filesystem supported by the library.

    -

    Workaround

    -

    In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/go-git/go-git/v5/plumbing to version 5.11.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-6119

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Applications performing certificate name checks (e.g., TLS - clients checking server certificates) may attempt to read an invalid memory - address resulting in abnormal termination of the application process.

    -

    Impact summary: Abnormal termination of an application can a cause a denial of - service.

    -

    Applications performing certificate name checks (e.g., TLS clients checking - server certificates) may attempt to read an invalid memory address when - comparing the expected name with an otherName subject alternative name of an - X.509 certificate. This may result in an exception that terminates the - application program.

    -

    Note that basic certificate chain validation (signatures, dates, ...) is not - affected, the denial of service can occur only when the application also - specifies an expected DNS name, Email address or IP address.

    -

    TLS servers rarely solicit client certificates, and even when they do, they - generally don't perform a name check against a reference identifier (expected - identity), but rather extract the presented identity after checking the - certificate chain. So TLS servers are generally not affected and the severity - of the issue is Moderate.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.7-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-9143

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted - explicit values for the field polynomial can lead to out-of-bounds memory reads - or writes.

    -

    Impact summary: Out of bound memory writes can lead to an application crash or - even a possibility of a remote code execution, however, in all the protocols - involving Elliptic Curve Cryptography that we're aware of, either only "named - curves" are supported, or, if explicit curve parameters are supported, they - specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent - problematic input values. Thus the likelihood of existence of a vulnerable - application is low.

    -

    In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, - so problematic inputs cannot occur in the context of processing X.509 - certificates. Any problematic use-cases would have to be using an "exotic" - curve encoding.

    -

    The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), - and various supporting BN_GF2m_*() functions.

    -

    Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, - that make it possible to represent invalid field polynomials with a zero - constant term, via the above or similar APIs, may terminate abruptly as a - result of reading or writing outside of array bounds. Remote code execution - cannot easily be ruled out.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.7-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.18/haproxy_2.6.14-alpine.html b/docs/snyk/v2.10.18/haproxy_2.6.14-alpine.html deleted file mode 100644 index aacc9da6757f8..0000000000000 --- a/docs/snyk/v2.10.18/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,2922 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    November 10th 2024, 12:28:46 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • haproxy:2.6.14-alpine (apk)
      • -
    -
    - -
    -
    15 known vulnerabilities
    -
    119 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    CVE-2023-5363

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

    -

    Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

    -

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    -

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

    -

    Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

    -

    Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

    -

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Check for Unusual or Exceptional Conditions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

    -

    While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

    -

    Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

    -

    An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

    -

    Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-6119

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Applications performing certificate name checks (e.g., TLS - clients checking server certificates) may attempt to read an invalid memory - address resulting in abnormal termination of the application process.

    -

    Impact summary: Abnormal termination of an application can a cause a denial of - service.

    -

    Applications performing certificate name checks (e.g., TLS clients checking - server certificates) may attempt to read an invalid memory address when - comparing the expected name with an otherName subject alternative name of an - X.509 certificate. This may result in an exception that terminates the - application program.

    -

    Note that basic certificate chain validation (signatures, dates, ...) is not - affected, the denial of service can occur only when the application also - specifies an expected DNS name, Email address or IP address.

    -

    TLS servers rarely solicit client certificates, and even when they do, they - generally don't perform a name check against a reference identifier (expected - identity), but rather extract the presented identity after checking the - certificate chain. So TLS servers are generally not affected and the severity - of the issue is Moderate.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.7-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-9143

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted - explicit values for the field polynomial can lead to out-of-bounds memory reads - or writes.

    -

    Impact summary: Out of bound memory writes can lead to an application crash or - even a possibility of a remote code execution, however, in all the protocols - involving Elliptic Curve Cryptography that we're aware of, either only "named - curves" are supported, or, if explicit curve parameters are supported, they - specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent - problematic input values. Thus the likelihood of existence of a vulnerable - application is low.

    -

    In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, - so problematic inputs cannot occur in the context of processing X.509 - certificates. Any problematic use-cases would have to be using an "exotic" - curve encoding.

    -

    The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), - and various supporting BN_GF2m_*() functions.

    -

    Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, - that make it possible to represent invalid field polynomials with a zero - constant term, via the above or similar APIs, may terminate abruptly as a - result of reading or writing outside of array bounds. Remote code execution - cannot easily be ruled out.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.7-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.12/argocd-iac-install.html b/docs/snyk/v2.11.12/argocd-iac-install.html index e318052d5f6fe..c8313d79cdb86 100644 --- a/docs/snyk/v2.11.12/argocd-iac-install.html +++ b/docs/snyk/v2.11.12/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:28:15 am (UTC+00:00)

    +

    December 22nd 2024, 12:30:57 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.11.12/argocd-iac-namespace-install.html b/docs/snyk/v2.11.12/argocd-iac-namespace-install.html index 3516aaed20090..fae0b0aeee281 100644 --- a/docs/snyk/v2.11.12/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.11.12/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:28:25 am (UTC+00:00)

    +

    December 22nd 2024, 12:31:06 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.11.12/argocd-test.html b/docs/snyk/v2.11.12/argocd-test.html index 945ecf06e400d..cf1b2ca375827 100644 --- a/docs/snyk/v2.11.12/argocd-test.html +++ b/docs/snyk/v2.11.12/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:26:12 am (UTC+00:00)

    +

    December 22nd 2024, 12:29:06 am (UTC+00:00)

    Scanned the following paths: @@ -467,8 +467,8 @@

    Snyk test report

    -
    13 known vulnerabilities
    -
    188 vulnerable dependency paths
    +
    15 known vulnerabilities
    +
    1089 vulnerable dependency paths
    2041 dependencies
    @@ -477,6 +477,17133 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.19.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.19.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.19.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.19.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.19.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.19.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.19.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.19.0 + + golang.org/x/crypto/ssh@0.19.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + k8s.io/apimachinery/pkg/util/runtime +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and k8s.io/apimachinery/pkg/util/runtime@0.26.11 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/portforward@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/rbac/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/equality@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/errors@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/internal/controller@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/rbac/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/errors@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/util/retry@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/managedfields@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/resource@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 + + k8s.io/apimachinery/pkg/api/equality@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/util/retry@0.26.11 + + k8s.io/apimachinery/pkg/api/errors@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/validation@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/managedfields@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/portforward@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/portforward@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/managedfields@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/util/retry@0.26.11 + + k8s.io/apimachinery/pkg/api/errors@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/rbac/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/errors@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/util/managedfields@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/internal/controller@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/config@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/config@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/config@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd/api/v1@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/resource@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/equality@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/client-go/tools/reference@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/equality@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/testing@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/resource@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/util/retry@0.26.11 + + k8s.io/apimachinery/pkg/api/errors@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/util/managedfields@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/portforward@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1/fake@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/config@0.14.7 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset@0.26.11 + + k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1@0.26.11 + + k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset@0.26.11 + + k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1@0.26.11 + + k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/recorder@0.14.7 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/recorder@0.14.7 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/recorder@0.14.7 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/internal/controller@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/conversion@0.14.7 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/conversion@0.14.7 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/validation@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/client-go/tools/reference@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 + + k8s.io/apimachinery/pkg/api/equality@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 + + k8s.io/apimachinery/pkg/api/equality@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/api/validation@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/client-go/tools/reference@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/v1@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 + + k8s.io/api/storage/v1alpha1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/rest/watch@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/validation@0.26.11 + + k8s.io/cli-runtime/pkg/resource@0.26.11 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers@0.26.11 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/apps/v1@0.26.11 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1/fake@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/v1@0.26.11 + + k8s.io/client-go/tools/clientcmd/api@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 + + k8s.io/api/storage/v1alpha1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 + + k8s.io/api/storage/v1alpha1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/discovery/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes/fake@0.26.11 + + k8s.io/client-go/testing@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/validation@0.26.11 + + k8s.io/cli-runtime/pkg/resource@0.26.11 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admission/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/admissionregistration/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/apps/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authentication/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/authorization/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/autoscaling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/batch/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/certificates/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/coordination/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/core/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/discovery/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/events/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/extensions/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/flowcontrol/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/imagepolicy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/networking/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/node/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/policy/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/rbac/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/scheduling/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/kubernetes/typed/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/scale@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/kubernetes/typed/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/validation@0.26.11 + + k8s.io/cli-runtime/pkg/resource@0.26.11 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/kubernetes@0.26.11 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/metadata@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/internalversion/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/runtime@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/api/storage/v1beta1@0.26.11 + + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/validation@0.26.11 + + k8s.io/cli-runtime/pkg/resource@0.26.11 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/cli-runtime/pkg/genericclioptions@0.26.11 + + k8s.io/client-go/discovery/cached/disk@0.26.11 + + k8s.io/client-go/discovery/cached/memory@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/validation@0.26.11 + + k8s.io/cli-runtime/pkg/resource@0.26.11 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/validation@0.26.11 + + k8s.io/cli-runtime/pkg/resource@0.26.11 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 + + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 + + k8s.io/client-go/restmapper@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#18ba62e1f1fb + + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 + + k8s.io/kubernetes/pkg/apis/storage/v1beta1@1.26.11 + + k8s.io/kubernetes/pkg/features@1.26.11 + + k8s.io/apiserver/pkg/features@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/wait@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/kubernetes/typed/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/client-go/pkg/apis/clientauthentication/install@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/util/openapi@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 + + k8s.io/client-go/dynamic@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/transport@0.26.11 + + k8s.io/client-go/util/workqueue@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/kubernetes/typed/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/kubernetes/typed/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/util@0.26.11 + + k8s.io/kubectl/pkg/util/templates@0.26.11 + + k8s.io/kubectl/pkg/util/term@0.26.11 + + k8s.io/client-go/tools/remotecommand@0.26.11 + + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/rest@0.26.11 + + k8s.io/client-go/plugin/pkg/client/auth/exec@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 + + k8s.io/client-go/tools/leaderelection@0.26.11 + + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 + + k8s.io/client-go/kubernetes/typed/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/core/v1@0.26.11 + + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 + + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/sync/common@#18ba62e1f1fb + + github.com/argoproj/gitops-engine/pkg/utils/kube@#18ba62e1f1fb + + k8s.io/kubectl/pkg/cmd/replace@0.26.11 + + k8s.io/kubectl/pkg/cmd/delete@0.26.11 + + k8s.io/kubectl/pkg/util/completion@0.26.11 + + k8s.io/kubectl/pkg/polymorphichelpers@0.26.11 + + k8s.io/kubectl/pkg/describe@0.26.11 + + k8s.io/client-go/util/certificate/csr@0.26.11 + + k8s.io/client-go/tools/watch@0.26.11 + + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/util/runtime@0.26.11 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade k8s.io/apimachinery/pkg/util/runtime to version 0.29.0-alpha.3, 1.29.0-alpha.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Allocation of Resources Without Limits or Throttling

    @@ -3131,6 +20258,7 @@

    References

  • GitHub Commit
  • GitHub Issue
  • Go Advisory
    • +
  • PoC
    • diff --git a/docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html index bb6be89398125..9c1cb6cafa031 100644 --- a/docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/v2.11.12/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:26:18 am (UTC+00:00)

    +

    December 22nd 2024, 12:29:16 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    41 known vulnerabilities
    -
    129 vulnerable dependency paths
    +
    43 known vulnerabilities
    +
    131 vulnerable dependency paths
    829 dependencies
    @@ -479,6 +479,80 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.18.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + golang.org/x/crypto/ssh@v0.18.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Allocation of Resources Without Limits or Throttling

    @@ -550,6 +624,7 @@

    References

  • GitHub Commit
  • GitHub Issue
  • Go Advisory
    • +
  • PoC
    • @@ -558,6 +633,89 @@

    References

    More about this vulnerability

    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.20.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.20.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Path Traversal

    @@ -776,15 +934,15 @@

    Remediation

    References

    @@ -931,14 +1089,14 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2816,6 +2974,7 @@

    Remediation

    References

    @@ -3290,12 +3449,12 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    References

    @@ -3441,13 +3600,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    References

    @@ -3601,13 +3760,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

    References

    @@ -3793,16 +3952,17 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

    References

    @@ -3927,9 +4087,43 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause + memory to be accessed that was previously freed in some situations

    +

    Impact summary: A use after free can have a range of potential consequences such + as the corruption of valid data, crashes or execution of arbitrary code. + However, only applications that directly call the SSL_free_buffers function are + affected by this issue. Applications that do not call this function are not + vulnerable. Our investigations indicate that this function is rarely used by + applications.

    +

    The SSL_free_buffers function is used to free the internal OpenSSL buffer used + when processing an incoming record from the network. The call is only expected + to succeed if the buffer is not currently in use. However, two scenarios have + been identified where the buffer is freed even when still in use.

    +

    The first scenario occurs where a record header has been received from the + network and processed by OpenSSL, but the full record body has not yet arrived. + In this case calling SSL_free_buffers will succeed even though a record has only + been partially processed and the buffer is still in use.

    +

    The second scenario occurs where a full record containing application data has + been received and processed by OpenSSL but the application has only read part of + this data. Again a call to SSL_free_buffers will succeed even though the buffer + is still in use.

    +

    While these scenarios could occur accidentally during normal operation a + malicious attacker could attempt to engineer a stituation where this occurs. + We are not aware of this issue being actively exploited.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

    +

    References

    +
    @@ -4083,6 +4277,9 @@

    References

  • https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
  • https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
  • https://openssl-library.org/news/secadv/20240903.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/09/03/4
    • +
  • https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
    • +
  • https://security.netapp.com/advisory/ntap-20240912-0001/
    • @@ -4242,6 +4439,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html b/docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html index 426f14c8f09bf..8373a296875f7 100644 --- a/docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.11.12/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:26:25 am (UTC+00:00)

    +

    December 22nd 2024, 12:29:20 am (UTC+00:00)

    Scanned the following path: @@ -661,13 +661,13 @@

    Remediation

    References

    @@ -845,13 +845,13 @@

    Remediation

    References

    @@ -1032,15 +1032,15 @@

    Remediation

    References

    @@ -1209,14 +1209,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1325,6 +1325,7 @@

    Remediation

    References

    @@ -1821,12 +1822,12 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    References

    @@ -1994,13 +1995,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    References

    @@ -2176,13 +2177,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    References

    @@ -2390,16 +2391,17 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    References

    @@ -2546,9 +2548,43 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause + memory to be accessed that was previously freed in some situations

    +

    Impact summary: A use after free can have a range of potential consequences such + as the corruption of valid data, crashes or execution of arbitrary code. + However, only applications that directly call the SSL_free_buffers function are + affected by this issue. Applications that do not call this function are not + vulnerable. Our investigations indicate that this function is rarely used by + applications.

    +

    The SSL_free_buffers function is used to free the internal OpenSSL buffer used + when processing an incoming record from the network. The call is only expected + to succeed if the buffer is not currently in use. However, two scenarios have + been identified where the buffer is freed even when still in use.

    +

    The first scenario occurs where a record header has been received from the + network and processed by OpenSSL, but the full record body has not yet arrived. + In this case calling SSL_free_buffers will succeed even though a record has only + been partially processed and the buffer is still in use.

    +

    The second scenario occurs where a full record containing application data has + been received and processed by OpenSSL but the application has only read part of + this data. Again a call to SSL_free_buffers will succeed even though the buffer + is still in use.

    +

    While these scenarios could occur accidentally during normal operation a + malicious attacker could attempt to engineer a stituation where this occurs. + We are not aware of this issue being actively exploited.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    +

    References

    +
    @@ -2724,6 +2760,9 @@

    References

  • https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
  • https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
  • https://openssl-library.org/news/secadv/20240903.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/09/03/4
    • +
  • https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
    • +
  • https://security.netapp.com/advisory/ntap-20240912-0001/
    • @@ -2905,6 +2944,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html b/docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html index 378686910e144..6d5f6d76bbced 100644 --- a/docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html +++ b/docs/snyk/v2.11.12/quay.io_argoproj_argocd_v2.11.12.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:26:48 am (UTC+00:00)

    +

    December 22nd 2024, 12:29:38 am (UTC+00:00)

    Scanned the following paths: @@ -470,8 +470,8 @@

    Snyk test report

    -
    34 known vulnerabilities
    -
    180 vulnerable dependency paths
    +
    40 known vulnerabilities
    +
    212 vulnerable dependency paths
    2280 dependencies
    @@ -480,6 +480,174 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.19.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + golang.org/x/crypto/ssh@v0.19.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + k8s.io/apimachinery/pkg/util/runtime +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and k8s.io/apimachinery/pkg/util/runtime@v0.26.11 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + k8s.io/apimachinery/pkg/util/runtime@v0.26.11 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade k8s.io/apimachinery/pkg/util/runtime to version 0.29.0-alpha.3, 1.29.0-alpha.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Allocation of Resources Without Limits or Throttling

    @@ -551,6 +719,7 @@

    References

  • GitHub Commit
  • GitHub Issue
  • Go Advisory
    • +
  • PoC
    • @@ -559,9 +728,92 @@

    References

    More about this vulnerability

    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.12/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/html@v0.17.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/html@v0.17.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +
    -

    Information Exposure

    +

    Insecure Storage of Sensitive Information

    @@ -580,12 +832,12 @@

    Information Exposure

  • Vulnerable module: - libgcrypt20 + pam/libpam0g
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.11.12 and pam/libpam0g@1.4.0-11ubuntu2.4
    • @@ -600,7 +852,107 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam0g@1.4.0-11ubuntu2.4 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + shadow/login@1:4.8.1-2ubuntu2.2 + + pam/libpam0g@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + util-linux@2.37.2-4ubuntu3.4 + + pam/libpam0g@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam0g@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + pam/libpam0g@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + pam/libpam-modules-bin@1.4.0-11ubuntu2.4 + + pam/libpam0g@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + pam/libpam-modules-bin@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + pam/libpam-modules-bin@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -609,9 +961,162 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 + pam/libpam-runtime@1.4.0-11ubuntu2.4 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + shadow/login@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + pam/libpam-runtime@1.4.0-11ubuntu2.4 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + shadow/login@1:4.8.1-2ubuntu2.2 + + pam/libpam-runtime@1.4.0-11ubuntu2.4 + + + +
    • + + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 pam.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + pam/libpam0g +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.11.12 and pam/libpam0g@1.4.0-11ubuntu2.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + pam/libpam0g@1.4.0-11ubuntu2.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + shadow/login@1:4.8.1-2ubuntu2.2 + + pam/libpam0g@1.4.0-11ubuntu2.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + util-linux@2.37.2-4ubuntu3.4 + + pam/libpam0g@1.4.0-11ubuntu2.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam0g@1.4.0-11ubuntu2.4 @@ -620,9 +1125,13 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - gnupg2/gpg@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - libgcrypt20@1.9.4-3ubuntu3 + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + pam/libpam0g@1.4.0-11ubuntu2.4 @@ -631,11 +1140,15 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - apt@2.4.13 + adduser@3.118ubuntu5 - apt/libapt-pkg6.0@2.4.13 + shadow/passwd@1:4.8.1-2ubuntu2.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.4.0-11ubuntu2.4 + + pam/libpam-modules-bin@1.4.0-11ubuntu2.4 + + pam/libpam0g@1.4.0-11ubuntu2.4 @@ -644,11 +1157,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - apt@2.4.13 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules-bin@1.4.0-11ubuntu2.4 @@ -657,11 +1166,13 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - gnupg2/gpg@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.4.0-11ubuntu2.4 + + pam/libpam-modules-bin@1.4.0-11ubuntu2.4 @@ -670,11 +1181,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -683,11 +1190,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + pam/libpam-runtime@1.4.0-11ubuntu2.4 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -696,11 +1201,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + shadow/login@1:4.8.1-2ubuntu2.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -709,11 +1212,11 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -722,11 +1225,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-runtime@1.4.0-11ubuntu2.4 @@ -735,13 +1234,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - apt@2.4.13 - - apt/libapt-pkg6.0@2.4.13 - - systemd/libsystemd0@249.11-0ubuntu3.12 + shadow/login@1:4.8.1-2ubuntu2.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-runtime@1.4.0-11ubuntu2.4 @@ -753,23 +1248,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

      +

      A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 libgcrypt20.

      +

      There is no fixed version for Ubuntu:22.04 pam.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1878,14 +2372,15 @@

    Remediation

    References

    @@ -2323,12 +2818,188 @@

    CVE-2024-41996

  • Vulnerable module: - openssl/libssl3 + openssl/libssl3 +
    • + +
  • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.11.12 and openssl/libssl3@3.0.2-0ubuntu1.18 + +
    • + + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + openssl/libssl3@3.0.2-0ubuntu1.18 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + + openssl/libssl3@3.0.2-0ubuntu1.18 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.18 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + openssh/openssh-client@1:8.9p1-3ubuntu0.10 + + openssl/libssl3@3.0.2-0ubuntu1.18 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + ca-certificates@20240203~22.04.1 + + openssl@3.0.2-0ubuntu1.18 + + openssl/libssl3@3.0.2-0ubuntu1.18 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + git@1:2.34.1-1ubuntu1.11 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + openssl/libssl3@3.0.2-0ubuntu1.18 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + + krb5/libkrb5-3@1.19.2-2ubuntu0.4 + + openssl/libssl3@3.0.2-0ubuntu1.18 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + openssl@3.0.2-0ubuntu1.18 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + ca-certificates@20240203~22.04.1 + + openssl@3.0.2-0ubuntu1.18 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-50495

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and openssl/libssl3@3.0.2-0ubuntu1.18 + docker-image|quay.io/argoproj/argocd@v2.11.12 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2343,7 +3014,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - openssl/libssl3@3.0.2-0ubuntu1.18 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2352,9 +3023,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 + bash@5.1-6ubuntu1.1 - openssl/libssl3@3.0.2-0ubuntu1.18 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2363,9 +3034,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - libfido2/libfido2-1@1.10.0-1 + ncurses/libncursesw6@6.3-2ubuntu0.1 - openssl/libssl3@3.0.2-0ubuntu1.18 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2374,9 +3045,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - openssh/openssh-client@1:8.9p1-3ubuntu0.10 + less@590-1ubuntu0.22.04.3 - openssl/libssl3@3.0.2-0ubuntu1.18 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2385,11 +3056,20 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - ca-certificates@20240203~22.04.1 + libedit/libedit2@3.1-20210910-1build1 - openssl@3.0.2-0ubuntu1.18 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 - openssl/libssl3@3.0.2-0ubuntu1.18 + ncurses/libncurses6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2398,13 +3078,20 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - git@1:2.34.1-1ubuntu1.11 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + procps@2:3.3.17-6ubuntu2.1 - openssl/libssl3@3.0.2-0ubuntu1.18 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2413,21 +3100,39 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - adduser@3.118ubuntu5 + util-linux@2.37.2-4ubuntu3.4 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 - pam/libpam-modules@1.4.0-11ubuntu2.4 + gnupg2/gpg@2.2.27-3ubuntu2.1 - libnsl/libnsl2@1.3.0-2build2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + readline/libreadline8@8.1.2-1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 - krb5/libkrb5-3@1.19.2-2ubuntu0.4 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - openssl/libssl3@3.0.2-0ubuntu1.18 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -2436,7 +3141,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - openssl@3.0.2-0ubuntu1.18 + ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -2445,9 +3150,62 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - ca-certificates@20240203~22.04.1 + procps@2:3.3.17-6ubuntu2.1 - openssl@3.0.2-0ubuntu1.18 + ncurses/libncursesw6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -2459,28 +3217,29 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. +

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

    +

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    +

    There is no fixed version for Ubuntu:22.04 ncurses.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    CVE-2023-50495

    +

    CVE-2023-45918

    @@ -2724,27 +3483,26 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

    +

    Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

    Remediation

    There is no fixed version for Ubuntu:22.04 ncurses.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    CVE-2023-45918

    +

    Resource Exhaustion

    @@ -2763,12 +3521,12 @@

    CVE-2023-45918

  • Vulnerable module: - ncurses/libtinfo6 + libzstd/libzstd1
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.11.12 and libzstd/libzstd1@1.4.8+dfsg-3build1
    • @@ -2783,29 +3541,84 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - ncurses/libtinfo6@6.3-2ubuntu0.1 + libzstd/libzstd1@1.4.8+dfsg-3build1 -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - + + +
    • + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libzstd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libgcrypt20 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.11.12 and libgcrypt20@1.9.4-3ubuntu3 + +
      • +
    + +
    + + +

    Detailed paths

    - +
    • Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2814,9 +3627,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - less@590-1ubuntu0.22.04.3 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2825,9 +3638,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - libedit/libedit2@3.1-20210910-1build1 + gnupg2/gpg@2.2.27-3ubuntu2.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2836,20 +3649,11 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + apt@2.4.13 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + apt/libapt-pkg6.0@2.4.13 - ncurses/libtinfo6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2858,20 +3662,11 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + apt@2.4.13 - util-linux@2.37.2-4ubuntu3.4 + gnupg2/gpgv@2.2.27-3ubuntu2.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2884,9 +3679,7 @@

      Detailed paths

      gnupg2/gpgconf@2.2.27-3ubuntu2.1 - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2897,11 +3690,9 @@

      Detailed paths

      gnupg2/gnupg@2.2.27-3ubuntu2.1 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 + gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2910,18 +3701,11 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - procps@2:3.3.17-6ubuntu2.1 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - ncurses/libncursesw6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2932,11 +3716,9 @@

      Detailed paths

      gnupg2/gnupg@2.2.27-3ubuntu2.1 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - ncurses/libncursesw6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2945,18 +3727,11 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - procps@2:3.3.17-6ubuntu2.1 + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - ncurses/libncurses6@6.3-2ubuntu0.1 + libgcrypt20@1.9.4-3ubuntu3 @@ -2965,88 +3740,26 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@v2.11.12 - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.12 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + gnupg2/gpgsm@2.2.27-3ubuntu2.1 + + libgcrypt20@1.9.4-3ubuntu3
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.12 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    @@ -4556,7 +5265,7 @@

    References

    -

    CVE-2024-9681

    +

    Insufficient Comparison

    @@ -4632,13 +5341,15 @@

    NVD Description

    earlier, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 curl.

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.19 or higher.

    References

    @@ -4647,6 +5358,86 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2024-11053

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.12/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.11.12, git@1:2.34.1-1ubuntu1.11 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.12 + + git@1:2.34.1-1ubuntu1.11 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    When asked to both use a .netrc file for credentials and to follow HTTP + redirects, curl could leak the password used for the first host to the + followed-to host under certain circumstances.

    +

    This flaw only manifests itself if the netrc file has an entry that matches + the redirect target hostname but the entry either omits just the password or + omits both login and password.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 curl to version 7.81.0-1ubuntu1.20 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    diff --git a/docs/snyk/v2.11.12/redis_7.0.15-alpine.html b/docs/snyk/v2.11.12/redis_7.0.15-alpine.html index 20cb4c1eb9299..a0eb9c0f47aab 100644 --- a/docs/snyk/v2.11.12/redis_7.0.15-alpine.html +++ b/docs/snyk/v2.11.12/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:26:52 am (UTC+00:00)

    +

    December 22nd 2024, 12:29:42 am (UTC+00:00)

    Scanned the following paths: @@ -649,6 +649,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.12.7/argocd-iac-install.html b/docs/snyk/v2.12.8/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.12.7/argocd-iac-install.html rename to docs/snyk/v2.12.8/argocd-iac-install.html index b3389f9086828..02bc2c33d81f2 100644 --- a/docs/snyk/v2.12.7/argocd-iac-install.html +++ b/docs/snyk/v2.12.8/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:25:49 am (UTC+00:00)

    +

    December 22nd 2024, 12:28:39 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.12.7/argocd-iac-namespace-install.html b/docs/snyk/v2.12.8/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.12.7/argocd-iac-namespace-install.html rename to docs/snyk/v2.12.8/argocd-iac-namespace-install.html index ca9f51bba0de9..ba810bf268d2f 100644 --- a/docs/snyk/v2.12.7/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.12.8/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:25:59 am (UTC+00:00)

    +

    December 22nd 2024, 12:28:50 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.12.8/argocd-test.html b/docs/snyk/v2.12.8/argocd-test.html new file mode 100644 index 0000000000000..b9b64d196d91b --- /dev/null +++ b/docs/snyk/v2.12.8/argocd-test.html @@ -0,0 +1,2398 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    December 22nd 2024, 12:26:42 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • +
    • /argo-cd/ui/yarn.lock (yarn)
      • +
    +
    + +
    +
    13 known vulnerabilities
    +
    66 vulnerable dependency paths
    +
    2061 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.23.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.18.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.23.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.18.0 + + github.com/go-fed/httpsig@1.1.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.18.0 + + golang.org/x/crypto/ssh/agent@0.23.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.23.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.23.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.23.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.23.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.23.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.23.0 + + golang.org/x/crypto/ssh@0.23.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/transport/spdy@0.29.6 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/sync/common@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/sync/common@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/sync/common@#adb68bcaab73 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#adb68bcaab73 + + k8s.io/kubectl/pkg/cmd/util@0.29.6 + + k8s.io/kubectl/pkg/util/templates@0.29.6 + + k8s.io/kubectl/pkg/util/term@0.29.6 + + k8s.io/client-go/tools/remotecommand@0.29.6 + + k8s.io/client-go/transport/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.29.6 + + k8s.io/apimachinery/pkg/util/proxy@0.29.6 + + golang.org/x/net/html@0.25.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    LGPL-3.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + gopkg.in/retry.v1 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + gopkg.in/retry.v1@1.0.3 + + + +
      • +
    + +
    + +
    + +

    LGPL-3.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/rs/cors +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + github.com/rs/cors@1.9.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the processing of malicious preflight requests that include a Access-Control-Request-Headers header with excessive commas. An attacker can induce excessive memory consumption and potentially crash the server by sending specially crafted requests.

    +

    PoC

    + 
    
+        func BenchmarkPreflightAdversarialACRH(b *testing.B) {
+            resps := makeFakeResponses(b.N)
+            req, _ := http.NewRequest(http.MethodOptions, dummyEndpoint, nil)
+            req.Header.Add(headerOrigin, dummyOrigin)
+            req.Header.Add(headerACRM, http.MethodGet)
+            req.Header[headerACRH] = adversarialACRH
+            handler := Default().Handler(testHandler)
+        
+            b.ReportAllocs()
+            b.ResetTimer()
+            for i := 0; i < b.N; i++ {
+                handler.ServeHTTP(resps[i], req)
+            }
+        }
+        
+        var adversarialACRH []string
+        
+        func init() { // populates adversarialACRH
+            n := int(math.Floor(math.Sqrt(http.DefaultMaxHeaderBytes)))
+            commas := strings.Repeat(",", n)
+            res := make([]string, n)
+            for i := range res {
+                res[i] = commas
+            }
+            adversarialACRH = res
+        }
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/rs/cors to version 1.11.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/r3labs/diff@1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.18.0 + + github.com/hashicorp/go-version@1.6.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.91.1 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.91.1 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.91.1 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.7 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/gosimple/slug@1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/Azure/azure-sdk-for-go/sdk/azidentity +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    +

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    +

    Notes:

    +
      +

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      +
      2. +

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      +
      3. +

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      +
      4. +

    4. The vulnerability exists in the following credential types:

      +
      5. +
    +

    ManagedIdentityApplication (.NET)

    +

    ManagedIdentityApplication (Java)

    +

    ManagedIdentityApplication (Node.js)

    +

    Remediation

    +

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd ui/yarn.lock +
      • +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + foundation-sites +
      • + +
    • Introduced through: + + argo-cd-ui@1.0.0 and foundation-sites@6.8.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + foundation-sites@6.8.1 + + + +
      • +
    • + Introduced through: + argo-cd-ui@1.0.0 + + argo-ui@1.0.0 + + foundation-sites@6.8.1 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    foundation-sites is a responsive front-end framework

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.

    +

    PoC

    + 
    https://www.''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    There is no fixed version for foundation-sites.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Insufficient Documentation of Error Handling Techniques

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/golang-jwt/jwt/v4 +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/golang-jwt/jwt/v4@4.5.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + github.com/Azure/go-autorest/autorest/azure@0.11.29 + + github.com/Azure/go-autorest/autorest@0.11.29 + + github.com/Azure/go-autorest/autorest/adal@0.9.23 + + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + + github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + + github.com/bradleyfalzon/ghinstallation/v2@2.6.0 + + github.com/golang-jwt/jwt/v4@4.5.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

    +

    Workaround

    +

    Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

    +

    Remediation

    +

    Upgrade github.com/golang-jwt/jwt/v4 to version 4.5.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Insufficient Documentation of Error Handling Techniques

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/golang-jwt/jwt +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential@0.5.2 + + github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens@0.5.2 + + github.com/golang-jwt/jwt@3.2.2 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

    +

    Workaround

    +

    Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

    +

    Remediation

    +

    A fix was pushed into the master branch but not yet published.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.12.7/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.12.8/ghcr.io_dexidp_dex_v2.38.0.html similarity index 93% rename from docs/snyk/v2.12.7/ghcr.io_dexidp_dex_v2.38.0.html rename to docs/snyk/v2.12.8/ghcr.io_dexidp_dex_v2.38.0.html index 83551524a2823..b94b788bcce58 100644 --- a/docs/snyk/v2.12.7/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/v2.12.8/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:23:58 am (UTC+00:00)

    +

    December 22nd 2024, 12:26:52 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    41 known vulnerabilities
    -
    129 vulnerable dependency paths
    +
    43 known vulnerabilities
    +
    131 vulnerable dependency paths
    829 dependencies
    @@ -479,6 +479,80 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.18.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + golang.org/x/crypto/ssh@v0.18.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Allocation of Resources Without Limits or Throttling

    @@ -550,6 +624,7 @@

    References

  • GitHub Commit
  • GitHub Issue
  • Go Advisory
    • +
  • PoC
    • @@ -558,6 +633,89 @@

    References

    More about this vulnerability

    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.20.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.20.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Path Traversal

    @@ -776,15 +934,15 @@

    Remediation

    References

    @@ -931,14 +1089,14 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2816,6 +2974,7 @@

    Remediation

    References

    @@ -3290,12 +3449,12 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    References

    @@ -3441,13 +3600,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    References

    @@ -3601,13 +3760,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

    References

    @@ -3793,16 +3952,17 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

    References

    @@ -3927,9 +4087,43 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause + memory to be accessed that was previously freed in some situations

    +

    Impact summary: A use after free can have a range of potential consequences such + as the corruption of valid data, crashes or execution of arbitrary code. + However, only applications that directly call the SSL_free_buffers function are + affected by this issue. Applications that do not call this function are not + vulnerable. Our investigations indicate that this function is rarely used by + applications.

    +

    The SSL_free_buffers function is used to free the internal OpenSSL buffer used + when processing an incoming record from the network. The call is only expected + to succeed if the buffer is not currently in use. However, two scenarios have + been identified where the buffer is freed even when still in use.

    +

    The first scenario occurs where a record header has been received from the + network and processed by OpenSSL, but the full record body has not yet arrived. + In this case calling SSL_free_buffers will succeed even though a record has only + been partially processed and the buffer is still in use.

    +

    The second scenario occurs where a full record containing application data has + been received and processed by OpenSSL but the application has only read part of + this data. Again a call to SSL_free_buffers will succeed even though the buffer + is still in use.

    +

    While these scenarios could occur accidentally during normal operation a + malicious attacker could attempt to engineer a stituation where this occurs. + We are not aware of this issue being actively exploited.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

    +

    References

    +
    @@ -4083,6 +4277,9 @@

    References

  • https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
  • https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
  • https://openssl-library.org/news/secadv/20240903.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/09/03/4
    • +
  • https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
    • +
  • https://security.netapp.com/advisory/ntap-20240912-0001/
    • @@ -4242,6 +4439,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.12.7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.12.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html similarity index 93% rename from docs/snyk/v2.12.7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html rename to docs/snyk/v2.12.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html index 4fb2ae7f6fa77..f651ccc635624 100644 --- a/docs/snyk/v2.12.7/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html +++ b/docs/snyk/v2.12.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:24:02 am (UTC+00:00)

    +

    December 22nd 2024, 12:26:56 am (UTC+00:00)

    Scanned the following path: @@ -871,9 +871,43 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause + memory to be accessed that was previously freed in some situations

    +

    Impact summary: A use after free can have a range of potential consequences such + as the corruption of valid data, crashes or execution of arbitrary code. + However, only applications that directly call the SSL_free_buffers function are + affected by this issue. Applications that do not call this function are not + vulnerable. Our investigations indicate that this function is rarely used by + applications.

    +

    The SSL_free_buffers function is used to free the internal OpenSSL buffer used + when processing an incoming record from the network. The call is only expected + to succeed if the buffer is not currently in use. However, two scenarios have + been identified where the buffer is freed even when still in use.

    +

    The first scenario occurs where a record header has been received from the + network and processed by OpenSSL, but the full record body has not yet arrived. + In this case calling SSL_free_buffers will succeed even though a record has only + been partially processed and the buffer is still in use.

    +

    The second scenario occurs where a full record containing application data has + been received and processed by OpenSSL but the application has only read part of + this data. Again a call to SSL_free_buffers will succeed even though the buffer + is still in use.

    +

    While these scenarios could occur accidentally during normal operation a + malicious attacker could attempt to engineer a stituation where this occurs. + We are not aware of this issue being actively exploited.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    Remediation

    Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

    +

    References

    +
    @@ -1091,16 +1125,17 @@

    Remediation

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    References

    @@ -1288,6 +1323,9 @@

    References

  • https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
  • https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
  • https://openssl-library.org/news/secadv/20240903.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/09/03/4
    • +
  • https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
    • +
  • https://security.netapp.com/advisory/ntap-20240912-0001/
    • @@ -1480,6 +1518,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.12.7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.12.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html similarity index 97% rename from docs/snyk/v2.12.7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html rename to docs/snyk/v2.12.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html index 60cbd58479369..d15e132034857 100644 --- a/docs/snyk/v2.12.7/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ b/docs/snyk/v2.12.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:24:06 am (UTC+00:00)

    +

    December 22nd 2024, 12:27:00 am (UTC+00:00)

    Scanned the following paths: @@ -649,6 +649,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.10.18/quay.io_argoproj_argocd_v2.10.18.html b/docs/snyk/v2.12.8/quay.io_argoproj_argocd_v2.12.8.html similarity index 55% rename from docs/snyk/v2.10.18/quay.io_argoproj_argocd_v2.10.18.html rename to docs/snyk/v2.12.8/quay.io_argoproj_argocd_v2.12.8.html index e839cadc32ca2..26084f119de2e 100644 --- a/docs/snyk/v2.10.18/quay.io_argoproj_argocd_v2.10.18.html +++ b/docs/snyk/v2.12.8/quay.io_argoproj_argocd_v2.12.8.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    November 10th 2024, 12:29:10 am (UTC+00:00)

    +

    December 22nd 2024, 12:27:19 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.10.18/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.18//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.18/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.18/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.12.8/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.12.8//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.12.8/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.12.8/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    33 known vulnerabilities
    -
    179 vulnerable dependency paths
    -
    2278 dependencies
    +
    26 known vulnerabilities
    +
    107 vulnerable dependency paths
    +
    2292 dependencies
    @@ -480,8 +480,82 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.23.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + golang.org/x/crypto/ssh@v0.23.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -492,7 +566,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -500,12 +574,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + golang.org/x/net/html
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.25.0
    • @@ -520,7 +594,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.19.0 + golang.org/x/net/html@v0.25.0 @@ -529,7 +603,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.17.0 + golang.org/x/net/html@v0.23.0 @@ -541,27 +615,39 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Information Exposure

    +

    Insecure Storage of Sensitive Information

    @@ -572,20 +658,20 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: - libgcrypt20 + pam/libpam0g
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.12.8 and pam/libpam0g@1.5.3-5ubuntu5.1
    @@ -598,150 +684,174 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gpg@2.2.27-3ubuntu2.1 + util-linux@2.39.3-9ubuntu6.1 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + apt@2.7.14build2 - apt@2.4.13 + adduser@3.137ubuntu1 - apt/libapt-pkg6.0@2.4.13 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - apt@2.4.13 + apt@2.7.14build2 - gnupg2/gpgv@2.2.27-3ubuntu2.1 + adduser@3.137ubuntu1 - libgcrypt20@1.9.4-3ubuntu3 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 - gnupg2/gpg@2.2.27-3ubuntu2.1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + pam/libpam-modules@1.5.3-5ubuntu5.1 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules-bin@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + apt@2.7.14build2 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + adduser@3.137ubuntu1 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + pam/libpam-runtime@1.5.3-5ubuntu5.1 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + apt@2.7.14build2 - gnupg2/gpgsm@2.2.27-3ubuntu2.1 + adduser@3.137ubuntu1 - libgcrypt20@1.9.4-3ubuntu3 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - apt@2.4.13 + docker-image|quay.io/argoproj/argocd@v2.12.8 - apt/libapt-pkg6.0@2.4.13 + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 - systemd/libsystemd0@249.11-0ubuntu3.12 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.9.4-3ubuntu3 + pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -753,28 +863,30 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

      +

      Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      +

      A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 libgcrypt20.

      +

      There is no fixed version for Ubuntu:24.04 pam.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26462

    +

    Improper Authentication

    @@ -785,20 +897,20 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: - krb5/libk5crypto3 + pam/libpam0g
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.4 + docker-image|quay.io/argoproj/argocd@v2.12.8 and pam/libpam0g@1.5.3-5ubuntu5.1
    @@ -811,159 +923,174 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - krb5/libk5crypto3@1.19.2-2ubuntu0.4 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - adduser@3.118ubuntu5 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - shadow/passwd@1:4.8.1-2ubuntu2.2 + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 - pam/libpam-modules@1.4.0-11ubuntu2.4 + util-linux@2.39.3-9ubuntu6.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 - libnsl/libnsl2@1.3.0-2build2 + apt@2.7.14build2 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + adduser@3.137ubuntu1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.4 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - adduser@3.118ubuntu5 + pam/libpam-modules@1.5.3-5ubuntu5.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 - pam/libpam-modules@1.4.0-11ubuntu2.4 + apt@2.7.14build2 - libnsl/libnsl2@1.3.0-2build2 + adduser@3.137ubuntu1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + pam/libpam-modules@1.5.3-5ubuntu5.1 - krb5/libkrb5-3@1.19.2-2ubuntu0.4 + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.4 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - krb5/libkrb5-3@1.19.2-2ubuntu0.4 + pam/libpam-modules-bin@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.12.8 - pam/libpam-modules@1.4.0-11ubuntu2.4 + apt@2.7.14build2 - libnsl/libnsl2@1.3.0-2build2 + adduser@3.137ubuntu1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + pam/libpam-modules@1.5.3-5ubuntu5.1 - krb5/libkrb5-3@1.19.2-2ubuntu0.4 + pam/libpam-modules-bin@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.10 + pam/libpam-runtime@1.5.3-5ubuntu5.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - git@1:2.34.1-1ubuntu1.11 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - git@1:2.34.1-1ubuntu1.11 + apt@2.7.14build2 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + adduser@3.137ubuntu1 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 + docker-image|quay.io/argoproj/argocd@v2.12.8 - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + pam/libpam-runtime@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - krb5/libkrb5support0@1.19.2-2ubuntu0.4 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -975,27 +1102,27 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      +

      Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      +

      A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      +

      There is no fixed version for Ubuntu:24.04 pam.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    LGPL-3.0 license

    +

    CVE-2024-26462

    @@ -1006,21 +1133,21 @@

    LGPL-3.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:24.04
    • - Module: + Vulnerable module: - gopkg.in/retry.v1 + krb5/libk5crypto3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + docker-image|quay.io/argoproj/argocd@v2.12.8, git@1:2.43.0-1ubuntu7.1 and others
    @@ -1032,9 +1159,146 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.12.8 - gopkg.in/retry.v1@v1.0.3 + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libk5crypto3@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libkrb5-3@1.20.1-6ubuntu2.2 + + krb5/libk5crypto3@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libkrb5support0@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libkrb5-3@1.20.1-6ubuntu2.2 + + krb5/libkrb5support0@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libkrb5-3@1.20.1-6ubuntu2.2 + + krb5/libk5crypto3@1.20.1-6ubuntu2.2 + + krb5/libkrb5support0@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libkrb5-3@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + openssh/openssh-client@1:9.6p1-3ubuntu13.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + libssh/libssh-4@0.10.6-2build2 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -1045,17 +1309,28 @@

      Detailed paths

      -

      LGPL-3.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      +

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:24.04 krb5.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Denial of Service (DoS)

    +

    LGPL-3.0 license

    @@ -1066,13 +1341,73 @@

    Denial of Service (DoS)

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Vulnerable module: + Module: + + gopkg.in/retry.v1 +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + gopkg.in/retry.v1@v1.0.3 + + + +
      • +
    + +
    + +
    + +

    LGPL-3.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: github.com/rs/cors
      • @@ -1176,7 +1511,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -1236,7 +1571,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -1249,7 +1584,7 @@

          MPL-2.0 license

        • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
        @@ -1264,7 +1599,7 @@

        Detailed paths

        Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-version@v1.2.1 + github.com/hashicorp/go-version@v1.6.0 @@ -1296,7 +1631,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -1356,7 +1691,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.10.18/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.12.8/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -1416,7 +1751,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1476,7 +1811,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -1524,32 +1859,32 @@

                Detailed paths

    -
    -

    CVE-2023-4039

    +
    +

    Release of Invalid Pointer or Reference

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: - gcc-12/libstdc++6 + patch
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.12.8 and patch@2.7.6-7build3
    @@ -1562,51 +1897,79 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + patch@2.7.6-7build3
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - apt@2.4.13 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - apt@2.4.13 - - apt/libapt-pkg6.0@2.4.13 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 patch.

    +

    References

    + -
    • +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Double Free

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + patch +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.12.8 and patch@2.7.6-7build3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -

    CVE-2023-7008

    +

    CVE-2024-41996

    @@ -1661,20 +2016,20 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: - systemd/libsystemd0 + openssl/libssl3t64
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.12.8 and openssl/libssl3t64@3.0.13-0ubuntu3.4
    @@ -1687,110 +2042,135 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - apt@2.4.13 + coreutils@9.4-3ubuntu6 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - procps/libprocps8@2:3.3.17-6ubuntu2.1 + cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - util-linux@2.37.2-4ubuntu3.4 + libfido2/libfido2-1@1.14.0-1build3 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + openssh/openssh-client@1:9.6p1-3ubuntu13.5 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - apt@2.4.13 + ca-certificates@20240203 - apt/libapt-pkg6.0@2.4.13 + openssl@3.0.13-0ubuntu3.4 - systemd/libsystemd0@249.11-0ubuntu3.12 + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 - systemd/libudev1@249.11-0ubuntu3.12 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + libssh/libssh-4@0.10.6-2build2 + + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - libfido2/libfido2-1@1.10.0-1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - systemd/libudev1@249.11-0ubuntu3.12 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 + + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.1 - util-linux@2.37.2-4ubuntu3.4 + cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1 - systemd/libudev1@249.11-0ubuntu3.12 + openssl/libssl3t64@3.0.13-0ubuntu3.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - apt@2.4.13 + openssl@3.0.13-0ubuntu3.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 - apt/libapt-pkg6.0@2.4.13 + ca-certificates@20240203 - systemd/libudev1@249.11-0ubuntu3.12 + openssl@3.0.13-0ubuntu3.4 @@ -1802,33 +2182,28 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      +

      Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      There is no fixed version for Ubuntu:24.04 openssl.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Arbitrary Code Injection

    +

    Information Exposure

    @@ -1839,20 +2214,20 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: - shadow/passwd + libgcrypt20
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.12.8 and libgcrypt20@1.10.3-2build1
    @@ -1865,124 +2240,100 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - shadow/passwd@1:4.8.1-2ubuntu2.2 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - adduser@3.118ubuntu5 + gnupg2/dirmngr@2.4.4-2ubuntu17 - shadow/passwd@1:4.8.1-2ubuntu2.2 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.10 + gnupg2/gpg@2.4.4-2ubuntu17 - shadow/passwd@1:4.8.1-2ubuntu2.2 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - shadow/login@1:4.8.1-2ubuntu2.2 + gnupg2/gpg-agent@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre3/libpcre3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
      • -
    - -
    - +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + apt@2.7.14build2 + + apt/libapt-pkg6.0t64@2.7.14build2 + + libgcrypt20@1.10.3-2build1 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.12.8 + + apt@2.7.14build2 + + gnupg2/gpgv@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + -
    • -
    -

    Integer Overflow or Wraparound

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - pcre2/libpcre2-8-0 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and pcre2/libpcre2-8-0@10.39-3ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - pcre2/libpcre2-8-0@10.39-3ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream pcre2 package and not the pcre2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - patch@2.7.6-7build2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-41996

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and openssl/libssl3@3.0.2-0ubuntu1.18 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - openssl/libssl3@3.0.2-0ubuntu1.18 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.18 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.18 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - openssh/openssh-client@1:8.9p1-3ubuntu0.10 - - openssl/libssl3@3.0.2-0ubuntu1.18 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ca-certificates@20240203~22.04.1 - - openssl@3.0.2-0ubuntu1.18 - - openssl/libssl3@3.0.2-0ubuntu1.18 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.18 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - krb5/libkrb5-3@1.19.2-2ubuntu0.4 - - openssl/libssl3@3.0.2-0ubuntu1.18 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - openssl@3.0.2-0ubuntu1.18 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ca-certificates@20240203~22.04.1 - - openssl@3.0.2-0ubuntu1.18 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-50495

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-45918

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - ncurses/libtinfo6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libzstd.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Integer Overflow or Wraparound

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - krb5/libk5crypto3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - krb5/libk5crypto3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - krb5/libkrb5-3@1.19.2-2ubuntu0.4 - - krb5/libk5crypto3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - krb5/libkrb5-3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - krb5/libkrb5-3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - openssh/openssh-client@1:8.9p1-3ubuntu0.10 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - krb5/libkrb5support0@1.19.2-2ubuntu0.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26461

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - krb5/libk5crypto3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - krb5/libk5crypto3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - krb5/libkrb5-3@1.19.2-2ubuntu0.4 - - krb5/libk5crypto3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - krb5/libkrb5-3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - krb5/libkrb5-3@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - openssh/openssh-client@1:8.9p1-3ubuntu0.10 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - krb5/libkrb5support0@1.19.2-2ubuntu0.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    +

    Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    There is no fixed version for Ubuntu:24.04 libgcrypt20.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -3472,10 +2378,10 @@

    CVE-2024-26458

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: @@ -3485,8 +2391,8 @@

      CVE-2024-26458

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and krb5/libk5crypto3@1.19.2-2ubuntu0.4 + docker-image|quay.io/argoproj/argocd@v2.12.8, git@1:2.43.0-1ubuntu7.1 and others
    @@ -3498,159 +2404,146 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + git@1:2.43.0-1ubuntu7.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.12.8 - pam/libpam-modules@1.4.0-11ubuntu2.4 + git@1:2.43.0-1ubuntu7.1 - libnsl/libnsl2@1.3.0-2build2 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.4 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 + docker-image|quay.io/argoproj/argocd@v2.12.8 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + git@1:2.43.0-1ubuntu7.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libkrb5-3@1.19.2-2ubuntu0.4 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.4 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - krb5/libkrb5-3@1.19.2-2ubuntu0.4 + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libkrb5-3@1.20.1-6ubuntu2.2 + + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - adduser@3.118ubuntu5 + git@1:2.43.0-1ubuntu7.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - pam/libpam-modules@1.4.0-11ubuntu2.4 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - libnsl/libnsl2@1.3.0-2build2 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - krb5/libkrb5-3@1.19.2-2ubuntu0.4 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - openssh/openssh-client@1:8.9p1-3ubuntu0.10 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + krb5/libkrb5-3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - git@1:2.34.1-1ubuntu1.11 + openssh/openssh-client@1:9.6p1-3ubuntu13.5 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - git@1:2.34.1-1ubuntu1.11 + docker-image|quay.io/argoproj/argocd@v2.12.8 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + git@1:2.43.0-1ubuntu7.1 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.12.8 - pam/libpam-modules@1.4.0-11ubuntu2.4 + git@1:2.43.0-1ubuntu7.1 - libnsl/libnsl2@1.3.0-2build2 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.4 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - krb5/libkrb5support0@1.19.2-2ubuntu0.4 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -3663,10 +2556,10 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      +

      There is no fixed version for Ubuntu:24.04 krb5.

      References

    -

    Out-of-bounds Write

    +

    CVE-2024-26461

    @@ -3693,21 +2586,21 @@

    Out-of-bounds Write

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: - gnupg2/gpgv + krb5/libk5crypto3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.12.8, git@1:2.43.0-1ubuntu7.1 and others
    @@ -3719,313 +2612,288 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - apt@2.4.13 + git@1:2.43.0-1ubuntu7.1 - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - gnupg2/gpgv@2.2.27-3ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7.1 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - gnupg2/gpg@2.2.27-3ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7.1 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gpgsm@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7.1 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7.1 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + git@1:2.43.0-1ubuntu7.1 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - gnupg2/gpg@2.2.27-3ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + openssh/openssh-client@1:9.6p1-3ubuntu13.5 - gnupg2/gpg@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7.1 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - gnupg2/gpg@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7.1 - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + libssh/libssh-4@0.10.6-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - +
    - +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Out-of-bounds Write

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + gnupg2/gpgv +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.12.8 and gnupg2/gpgv@2.4.4-2ubuntu17 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + gnupg2/gpgv@2.4.4-2ubuntu17
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + apt@2.7.14build2 + + gnupg2/gpgv@2.4.4-2ubuntu17
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + gnupg2/dirmngr@2.4.4-2ubuntu17 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + gnupg2/gpgconf@2.4.4-2ubuntu17
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 + + gnupg2/gpg-agent@2.4.4-2ubuntu17 - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + gnupg2/gpgconf@2.4.4-2ubuntu17
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + gnupg2/gpg@2.4.4-2ubuntu17 - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + gnupg2/gpgconf@2.4.4-2ubuntu17
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gpgsm@2.2.27-3ubuntu2.1 + gnupg2/dirmngr@2.4.4-2ubuntu17
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 + gnupg2/gpg@2.4.4-2ubuntu17
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -4038,10 +2906,10 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 gnupg2.

      +

      There is no fixed version for Ubuntu:24.04 gnupg2.

      References

    @@ -4072,10 +2940,10 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: @@ -4085,7 +2953,7 @@

    Allocation of Resources Without Limits or Throttling

    Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and glibc/libc-bin@2.35-0ubuntu3.8 + docker-image|quay.io/argoproj/argocd@v2.12.8 and glibc/libc-bin@2.39-0ubuntu8.3
    • @@ -4098,18 +2966,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - glibc/libc-bin@2.35-0ubuntu3.8 + glibc/libc-bin@2.39-0ubuntu8.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - glibc/libc6@2.35-0ubuntu3.8 + glibc/libc6@2.39-0ubuntu8.3 @@ -4122,10 +2990,10 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 glibc.

      +

      There is no fixed version for Ubuntu:24.04 glibc.

      References

    @@ -4153,7 +3021,7 @@

    Insufficient Documentation of Error Handling Techniques<
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -4222,7 +3090,7 @@

      Insufficient Documentation of Error Handling Techniques<
      • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -4291,10 +3159,10 @@

        Improper Input Validation

        • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
        • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
        • Vulnerable module: @@ -4305,7 +3173,7 @@

          Improper Input Validation

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18, git@1:2.34.1-1ubuntu1.11 and others + docker-image|quay.io/argoproj/argocd@v2.12.8, git@1:2.43.0-1ubuntu7.1 and others
        @@ -4317,31 +3185,31 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - git@1:2.34.1-1ubuntu1.11 + git@1:2.43.0-1ubuntu7.1 - git/git-man@1:2.34.1-1ubuntu1.11 + git/git-man@1:2.43.0-1ubuntu7.1
        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - git@1:2.34.1-1ubuntu1.11 + git@1:2.43.0-1ubuntu7.1
        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - git-lfs@3.0.2-1ubuntu0.2 + git-lfs@3.4.1-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.11 + git@1:2.43.0-1ubuntu7.1 @@ -4354,10 +3222,10 @@

          Detailed paths

          NVD Description

          Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

          + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

          GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

          Remediation

          -

          There is no fixed version for Ubuntu:22.04 git.

          +

          There is no fixed version for Ubuntu:24.04 git.

          References

    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gcc-12/libstdc++6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.18 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - apt@2.4.13 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - apt@2.4.13 - - apt/libapt-pkg6.0@2.4.13 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 - - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gcc-12.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    CVE-2024-9681

    +

    CVE-2024-11053

    @@ -4499,21 +3252,21 @@

    CVE-2024-9681

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: - curl/libcurl3-gnutls + curl/libcurl3t64-gnutls
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18, git@1:2.34.1-1ubuntu1.11 and others + docker-image|quay.io/argoproj/argocd@v2.12.8, git@1:2.43.0-1ubuntu7.1 and others
    @@ -4525,11 +3278,11 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - git@1:2.34.1-1ubuntu1.11 + git@1:2.43.0-1ubuntu7.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.18 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 @@ -4542,41 +3295,28 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      When curl is asked to use HSTS, the expiry time for a subdomain might - overwrite a parent domain's cache entry, making it end sooner or later than - otherwise intended.

      -

      This affects curl using applications that enable HSTS and use URLs with the - insecure HTTP:// scheme and perform transfers with hosts like - x.example.com as well as example.com where the first host is a subdomain - of the second host.

      -

      (The HSTS cache either needs to have been populated manually or there needs to - have been previous HTTPS accesses done as the cache needs to have entries for - the domains involved to trigger this problem.)

      -

      When x.example.com responds with Strict-Transport-Security: headers, this - bug can make the subdomain's expiry timeout bleed over and get set for the - parent domain example.com in curl's HSTS cache.

      -

      The result of a triggered bug is that HTTP accesses to example.com get - converted to HTTPS for a different period of time than what was asked for by - the origin server. If example.com for example stops supporting HTTPS at its - expiry time, curl might then fail to access http://example.com until the - (wrongly set) timeout expires. This bug can also expire the parent's entry - earlier, thus making curl inadvertently switch back to insecure HTTP earlier - than otherwise intended.

      + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      +

      When asked to both use a .netrc file for credentials and to follow HTTP + redirects, curl could leak the password used for the first host to the + followed-to host under certain circumstances.

      +

      This flaw only manifests itself if the netrc file has an entry that matches + the redirect target hostname but the entry either omits just the password or + omits both login and password.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 curl.

      +

      Upgrade Ubuntu:24.04 curl to version 8.5.0-2ubuntu10.6 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -4592,10 +3332,10 @@

    Improper Input Validation

    • - Manifest file: quay.io/argoproj/argocd:v2.10.18/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.12.8/argoproj/argocd Dockerfile
    • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
    • Vulnerable module: @@ -4605,7 +3345,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.12.8 and coreutils@9.4-3ubuntu6
    @@ -4618,9 +3358,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.18 + docker-image|quay.io/argoproj/argocd@v2.12.8 - coreutils@8.32-4.1ubuntu1.2 + coreutils@9.4-3ubuntu6 @@ -4633,10 +3373,10 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 coreutils.

      +

      There is no fixed version for Ubuntu:24.04 coreutils.

      References

    diff --git a/docs/snyk/v2.10.18/redis_7.0.15-alpine.html b/docs/snyk/v2.12.8/redis_7.0.15-alpine.html similarity index 97% rename from docs/snyk/v2.10.18/redis_7.0.15-alpine.html rename to docs/snyk/v2.12.8/redis_7.0.15-alpine.html index ccaf63c03b6da..fec28c7f4844b 100644 --- a/docs/snyk/v2.10.18/redis_7.0.15-alpine.html +++ b/docs/snyk/v2.12.8/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:29:15 am (UTC+00:00)

    +

    December 22nd 2024, 12:27:23 am (UTC+00:00)

    Scanned the following paths: @@ -649,6 +649,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.10.18/argocd-iac-install.html b/docs/snyk/v2.13.2/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.10.18/argocd-iac-install.html rename to docs/snyk/v2.13.2/argocd-iac-install.html index 5e9db95df46a0..03df567ad1bbb 100644 --- a/docs/snyk/v2.10.18/argocd-iac-install.html +++ b/docs/snyk/v2.13.2/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:30:37 am (UTC+00:00)

    +

    December 22nd 2024, 12:26:13 am (UTC+00:00)

    Scanned the following path: @@ -507,7 +507,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20895 + Line number: 22402
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20580 + Line number: 22083
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20665 + Line number: 22170
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20693 + Line number: 22198
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20723 + Line number: 22228
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20741 + Line number: 22246
    • @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20759 + Line number: 22264
    • @@ -829,7 +829,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20781 + Line number: 22286
    • @@ -881,7 +881,7 @@

    Container could be running with outdated image

  • - Line number: 21827 + Line number: 23358
    • @@ -933,7 +933,7 @@

    Container could be running with outdated image

  • - Line number: 22108 + Line number: 23657
    • @@ -991,7 +991,7 @@

    Container has no CPU limit

  • - Line number: 21388 + Line number: 22895
    • @@ -1049,7 +1049,7 @@

    Container has no CPU limit

  • - Line number: 21639 + Line number: 23164
    • @@ -1107,7 +1107,7 @@

    Container has no CPU limit

  • - Line number: 21605 + Line number: 23118
    • @@ -1165,7 +1165,7 @@

    Container has no CPU limit

  • - Line number: 21699 + Line number: 23224
    • @@ -1223,7 +1223,7 @@

    Container has no CPU limit

  • - Line number: 21798 + Line number: 23329
    • @@ -1281,7 +1281,7 @@

    Container has no CPU limit

  • - Line number: 21822 + Line number: 23353
    • @@ -1339,7 +1339,7 @@

    Container has no CPU limit

  • - Line number: 22108 + Line number: 23657
    • @@ -1397,7 +1397,7 @@

    Container has no CPU limit

  • - Line number: 21879 + Line number: 23410
    • @@ -1455,7 +1455,7 @@

    Container has no CPU limit

  • - Line number: 22193 + Line number: 23742
    • @@ -1513,7 +1513,7 @@

    Container has no CPU limit

  • - Line number: 22544 + Line number: 24132
    • @@ -1565,7 +1565,7 @@

    Container is running with multiple open ports

  • - Line number: 21619 + Line number: 23144
    • @@ -1617,7 +1617,7 @@

    Container is running without liveness probe

  • - Line number: 21388 + Line number: 22895
    • @@ -1669,7 +1669,7 @@

    Container is running without liveness probe

  • - Line number: 21605 + Line number: 23118
    • @@ -1721,7 +1721,7 @@

    Container is running without liveness probe

  • - Line number: 21798 + Line number: 23329
    • @@ -1779,7 +1779,7 @@

    Container is running without memory limit

  • - Line number: 21388 + Line number: 22895
    • @@ -1837,7 +1837,7 @@

    Container is running without memory limit

  • - Line number: 21605 + Line number: 23118
    • @@ -1895,7 +1895,7 @@

    Container is running without memory limit

  • - Line number: 21639 + Line number: 23164
    • @@ -1953,7 +1953,7 @@

    Container is running without memory limit

  • - Line number: 21699 + Line number: 23224
    • @@ -2011,7 +2011,7 @@

    Container is running without memory limit

  • - Line number: 21798 + Line number: 23329
    • @@ -2069,7 +2069,7 @@

    Container is running without memory limit

  • - Line number: 21822 + Line number: 23353
    • @@ -2127,7 +2127,7 @@

    Container is running without memory limit

  • - Line number: 22108 + Line number: 23657
    • @@ -2185,7 +2185,7 @@

    Container is running without memory limit

  • - Line number: 21879 + Line number: 23410
    • @@ -2243,7 +2243,7 @@

    Container is running without memory limit

  • - Line number: 22193 + Line number: 23742
    • @@ -2301,7 +2301,7 @@

    Container is running without memory limit

  • - Line number: 22544 + Line number: 24132
    • @@ -2357,7 +2357,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21529 + Line number: 23042
    • @@ -2413,7 +2413,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21647 + Line number: 23172
    • @@ -2469,7 +2469,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21622 + Line number: 23147
    • @@ -2525,7 +2525,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21732 + Line number: 23263
    • @@ -2581,7 +2581,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21815 + Line number: 23346
    • @@ -2637,7 +2637,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21829 + Line number: 23360
    • @@ -2693,7 +2693,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22115 + Line number: 23664
    • @@ -2749,7 +2749,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22081 + Line number: 23630
    • @@ -2805,7 +2805,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22454 + Line number: 24033
    • @@ -2861,7 +2861,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22745 + Line number: 24351
    • diff --git a/docs/snyk/v2.13.0-rc5/argocd-iac-namespace-install.html b/docs/snyk/v2.13.2/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.13.0-rc5/argocd-iac-namespace-install.html rename to docs/snyk/v2.13.2/argocd-iac-namespace-install.html index 456e14e052b13..c27eaf9b5c33b 100644 --- a/docs/snyk/v2.13.0-rc5/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.13.2/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:23:31 am (UTC+00:00)

    +

    December 22nd 2024, 12:26:22 am (UTC+00:00)

    Scanned the following path: @@ -2815,7 +2815,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 2113 + Line number: 2131
    • diff --git a/docs/snyk/v2.13.0-rc5/argocd-test.html b/docs/snyk/v2.13.2/argocd-test.html similarity index 60% rename from docs/snyk/v2.13.0-rc5/argocd-test.html rename to docs/snyk/v2.13.2/argocd-test.html index 8c4e7426644e4..e730af771b5fb 100644 --- a/docs/snyk/v2.13.0-rc5/argocd-test.html +++ b/docs/snyk/v2.13.2/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:21:16 am (UTC+00:00)

    +

    December 22nd 2024, 12:24:14 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    10 known vulnerabilities
    -
    36 vulnerable dependency paths
    -
    2132 dependencies
    +
    12 known vulnerabilities
    +
    66 vulnerable dependency paths
    +
    2131 dependencies

    @@ -477,6 +477,705 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.27.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.19.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.27.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.19.0 + + github.com/go-fed/httpsig@1.1.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.19.0 + + golang.org/x/crypto/ssh/agent@0.27.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.27.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.27.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.27.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.27.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.27.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.12.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.12.0 + + github.com/skeema/knownhosts@1.2.2 + + golang.org/x/crypto/ssh/knownhosts@0.27.0 + + golang.org/x/crypto/ssh@0.27.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/tools/portforward@0.31.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/portforward@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/sync/common@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/sync/common@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/sync/hook@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/sync/common@#bd7681ae3f8b + + github.com/argoproj/gitops-engine/pkg/utils/kube@#bd7681ae3f8b + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/proxy@0.31.0 + + golang.org/x/net/html@0.29.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    LGPL-3.0 license

    diff --git a/docs/snyk/v2.13.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.13.2/ghcr.io_dexidp_dex_v2.41.1.html similarity index 88% rename from docs/snyk/v2.13.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html rename to docs/snyk/v2.13.2/ghcr.io_dexidp_dex_v2.41.1.html index bf86cfa3ca03b..8edc14c209863 100644 --- a/docs/snyk/v2.13.0-rc5/ghcr.io_dexidp_dex_v2.41.1.html +++ b/docs/snyk/v2.13.2/ghcr.io_dexidp_dex_v2.41.1.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:21:23 am (UTC+00:00)

    +

    December 22nd 2024, 12:24:21 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    22 known vulnerabilities
    -
    43 vulnerable dependency paths
    +
    24 known vulnerabilities
    +
    45 vulnerable dependency paths
    969 dependencies
    @@ -479,6 +479,163 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and golang.org/x/crypto/ssh@v0.24.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + golang.org/x/crypto/ssh@v0.24.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.27.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.27.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Insertion of Sensitive Information into Log File

    @@ -1913,6 +2070,9 @@

    References

  • https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
  • https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
  • https://openssl-library.org/news/secadv/20240903.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/09/03/4
    • +
  • https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
    • +
  • https://security.netapp.com/advisory/ntap-20240912-0001/
    • @@ -2072,6 +2232,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.13.2/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html similarity index 93% rename from docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html rename to docs/snyk/v2.13.2/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html index 9ac748745c730..d63a46cdfc52e 100644 --- a/docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html +++ b/docs/snyk/v2.13.2/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:21:27 am (UTC+00:00)

    +

    December 22nd 2024, 12:24:25 am (UTC+00:00)

    Scanned the following path: @@ -871,9 +871,43 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause + memory to be accessed that was previously freed in some situations

    +

    Impact summary: A use after free can have a range of potential consequences such + as the corruption of valid data, crashes or execution of arbitrary code. + However, only applications that directly call the SSL_free_buffers function are + affected by this issue. Applications that do not call this function are not + vulnerable. Our investigations indicate that this function is rarely used by + applications.

    +

    The SSL_free_buffers function is used to free the internal OpenSSL buffer used + when processing an incoming record from the network. The call is only expected + to succeed if the buffer is not currently in use. However, two scenarios have + been identified where the buffer is freed even when still in use.

    +

    The first scenario occurs where a record header has been received from the + network and processed by OpenSSL, but the full record body has not yet arrived. + In this case calling SSL_free_buffers will succeed even though a record has only + been partially processed and the buffer is still in use.

    +

    The second scenario occurs where a full record containing application data has + been received and processed by OpenSSL but the application has only read part of + this data. Again a call to SSL_free_buffers will succeed even though the buffer + is still in use.

    +

    While these scenarios could occur accidentally during normal operation a + malicious attacker could attempt to engineer a stituation where this occurs. + We are not aware of this issue being actively exploited.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    Remediation

    Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

    +

    References

    +
    @@ -1091,16 +1125,17 @@

    Remediation

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    References

    @@ -1288,6 +1323,9 @@

    References

  • https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2
  • https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
  • https://openssl-library.org/news/secadv/20240903.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/09/03/4
    • +
  • https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html
    • +
  • https://security.netapp.com/advisory/ntap-20240912-0001/
    • @@ -1480,6 +1518,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.13.2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html similarity index 97% rename from docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html rename to docs/snyk/v2.13.2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html index 8b93fdc0a82d2..3db1b9d0e21e7 100644 --- a/docs/snyk/v2.13.0-rc5/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ b/docs/snyk/v2.13.2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:21:32 am (UTC+00:00)

    +

    December 22nd 2024, 12:24:30 am (UTC+00:00)

    Scanned the following paths: @@ -649,6 +649,10 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
  • https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
  • https://openssl-library.org/news/secadv/20241016.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/16/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/23/1
    • +
  • http://www.openwall.com/lists/oss-security/2024/10/24/1
    • +
  • https://security.netapp.com/advisory/ntap-20241101-0001/
    • diff --git a/docs/snyk/v2.13.0-rc5/quay.io_argoproj_argocd_v2.13.0-rc5.html b/docs/snyk/v2.13.2/quay.io_argoproj_argocd_v2.13.2.html similarity index 72% rename from docs/snyk/v2.13.0-rc5/quay.io_argoproj_argocd_v2.13.0-rc5.html rename to docs/snyk/v2.13.2/quay.io_argoproj_argocd_v2.13.2.html index 0874602721cf7..3085226e26dc4 100644 --- a/docs/snyk/v2.13.0-rc5/quay.io_argoproj_argocd_v2.13.0-rc5.html +++ b/docs/snyk/v2.13.2/quay.io_argoproj_argocd_v2.13.2.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    November 10th 2024, 12:21:50 am (UTC+00:00)

    +

    December 22nd 2024, 12:24:47 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.13.0-rc5//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.13.0-rc5/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.13.0-rc5/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.13.2/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.13.2//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.13.2/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.13.2/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    21 known vulnerabilities
    -
    75 vulnerable dependency paths
    -
    2355 dependencies
    +
    25 known vulnerabilities
    +
    106 vulnerable dependency paths
    +
    2354 dependencies
    @@ -480,8 +480,413 @@

    Snyk test report

    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.27.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + golang.org/x/crypto/ssh@v0.27.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.29.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + golang.org/x/net/html@v0.29.0 + + + +
      • +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/html@v0.23.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Insecure Storage of Sensitive Information

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + pam/libpam0g +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.13.2 and pam/libpam0g@1.5.3-5ubuntu5.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + util-linux@2.39.3-9ubuntu6.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 pam.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    -

    Information Exposure

    +

    Improper Authentication

    @@ -492,7 +897,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -500,12 +905,12 @@

      Information Exposure

    • Vulnerable module: - libgcrypt20 + pam/libpam0g
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 and libgcrypt20@1.10.3-2build1 + docker-image|quay.io/argoproj/argocd@v2.13.2 and pam/libpam0g@1.5.3-5ubuntu5.1
    @@ -518,88 +923,146 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - gnupg2/dirmngr@2.4.4-2ubuntu17 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - gnupg2/gpg@2.4.4-2ubuntu17 + util-linux@2.39.3-9ubuntu6.1 - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - gnupg2/gpg-agent@2.4.4-2ubuntu17 + apt@2.7.14build2 - libgcrypt20@1.10.3-2build1 + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 apt@2.7.14build2 - apt/libapt-pkg6.0t64@2.7.14build2 + adduser@3.137ubuntu1 - libgcrypt20@1.10.3-2build1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 apt@2.7.14build2 - gnupg2/gpgv@2.4.4-2ubuntu17 + adduser@3.137ubuntu1 - libgcrypt20@1.10.3-2build1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - gnupg2/gpg@2.4.4-2ubuntu17 + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 - gnupg2/gpgconf@2.4.4-2ubuntu17 + apt@2.7.14build2 - libgcrypt20@1.10.3-2build1 + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 apt@2.7.14build2 @@ -608,10 +1071,26 @@

      Detailed paths

      shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 pam/libpam-modules@1.5.3-5ubuntu5.1 + +       + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 - systemd/libsystemd0@255.4-1ubuntu8.4 + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 - libgcrypt20@1.10.3-2build1 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -623,23 +1102,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      -

      A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

      +

      A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

      Remediation

      -

      There is no fixed version for Ubuntu:24.04 libgcrypt20.

      +

      There is no fixed version for Ubuntu:24.04 pam.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -655,7 +1133,7 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -669,7 +1147,7 @@

      CVE-2024-26462

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.2, git@1:2.43.0-1ubuntu7.1 and others
    @@ -681,146 +1159,146 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -863,7 +1341,7 @@

      LGPL-3.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -923,7 +1401,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -983,7 +1461,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -1043,7 +1521,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1103,7 +1581,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.13.2/helm/v3 /usr/local/bin/helm
              • Package Manager: golang @@ -1163,7 +1641,7 @@

                MPL-2.0 license

                • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -1223,7 +1701,7 @@

                  MPL-2.0 license

                  • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
                  • Package Manager: golang @@ -1283,7 +1761,7 @@

                    Release of Invalid Pointer or Reference

                    • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:24.04 @@ -1296,7 +1774,7 @@

                      Release of Invalid Pointer or Reference

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.13.2 and patch@2.7.6-7build3
                    @@ -1309,7 +1787,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 patch@2.7.6-7build3 @@ -1353,7 +1831,7 @@

                      Double Free

                      • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
                      • Package Manager: ubuntu:24.04 @@ -1366,7 +1844,7 @@

                        Double Free

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.13.2 and patch@2.7.6-7build3
                      @@ -1379,7 +1857,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 patch@2.7.6-7build3 @@ -1428,7 +1906,7 @@

                        CVE-2024-41996

                        • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
                        • Package Manager: ubuntu:24.04 @@ -1441,7 +1919,7 @@

                          CVE-2024-41996

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 and openssl/libssl3t64@3.0.13-0ubuntu3.4 + docker-image|quay.io/argoproj/argocd@v2.13.2 and openssl/libssl3t64@3.0.13-0ubuntu3.4
                        @@ -1454,7 +1932,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 openssl/libssl3t64@3.0.13-0ubuntu3.4 @@ -1463,7 +1941,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 coreutils@9.4-3ubuntu6 @@ -1474,7 +1952,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1 @@ -1485,7 +1963,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 libfido2/libfido2-1@1.14.0-1build3 @@ -1496,7 +1974,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 openssh/openssh-client@1:9.6p1-3ubuntu13.5 @@ -1507,7 +1985,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 ca-certificates@20240203 @@ -1520,11 +1998,11 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 libssh/libssh-4@0.10.6-2build2 @@ -1535,15 +2013,15 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 openssl/libssl3t64@3.0.13-0ubuntu3.4 @@ -1552,13 +2030,13 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 + openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.1 cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1 @@ -1569,7 +2047,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 openssl@3.0.13-0ubuntu3.4 @@ -1578,7 +2056,7 @@

                          Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 ca-certificates@20240203 @@ -1613,6 +2091,170 @@

                          References

                          More about this vulnerability

    +
    +
    +

    Information Exposure

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + libgcrypt20 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.13.2 and libgcrypt20@1.10.3-2build1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + gnupg2/dirmngr@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + gnupg2/gpg@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + gnupg2/gpg-agent@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + apt@2.7.14build2 + + apt/libapt-pkg6.0t64@2.7.14build2 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + apt@2.7.14build2 + + gnupg2/gpgv@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + gnupg2/gpg@2.4.4-2ubuntu17 + + gnupg2/gpgconf@2.4.4-2ubuntu17 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.13.2 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + systemd/libsystemd0@255.4-1ubuntu8.4 + + libgcrypt20@1.10.3-2build1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 libgcrypt20.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2024-26458

    @@ -1626,7 +2268,7 @@

    CVE-2024-26458

    • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -1640,7 +2282,7 @@

      CVE-2024-26458

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.2, git@1:2.43.0-1ubuntu7.1 and others
    @@ -1652,146 +2294,146 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -1834,7 +2476,7 @@

      CVE-2024-26461

      • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:24.04 @@ -1848,7 +2490,7 @@

        CVE-2024-26461

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.2, git@1:2.43.0-1ubuntu7.1 and others
      @@ -1860,146 +2502,146 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -2042,7 +2684,7 @@

        Out-of-bounds Write

        • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:24.04 @@ -2055,7 +2697,7 @@

          Out-of-bounds Write

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 and gnupg2/gpgv@2.4.4-2ubuntu17 + docker-image|quay.io/argoproj/argocd@v2.13.2 and gnupg2/gpgv@2.4.4-2ubuntu17
        @@ -2068,7 +2710,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 gnupg2/gpgv@2.4.4-2ubuntu17 @@ -2077,7 +2719,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 apt@2.7.14build2 @@ -2088,7 +2730,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 gnupg2/dirmngr@2.4.4-2ubuntu17 @@ -2099,7 +2741,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -2110,7 +2752,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 gnupg2/gpg@2.4.4-2ubuntu17 @@ -2121,7 +2763,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 gnupg2/dirmngr@2.4.4-2ubuntu17 @@ -2130,7 +2772,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 gnupg2/gpg@2.4.4-2ubuntu17 @@ -2139,7 +2781,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -2188,7 +2830,7 @@

          Allocation of Resources Without Limits or Throttling

        • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:24.04 @@ -2201,7 +2843,7 @@

          Allocation of Resources Without Limits or Throttling

          Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 and glibc/libc-bin@2.39-0ubuntu8.3 + docker-image|quay.io/argoproj/argocd@v2.13.2 and glibc/libc-bin@2.39-0ubuntu8.3
        @@ -2214,7 +2856,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 glibc/libc-bin@2.39-0ubuntu8.3 @@ -2223,7 +2865,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 glibc/libc6@2.39-0ubuntu8.3 @@ -2269,7 +2911,7 @@

          Insufficient Documentation of Error Handling Techniques<
          • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -2338,7 +2980,7 @@

            Insufficient Documentation of Error Handling Techniques<
            • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -2407,7 +3049,7 @@

              Improper Input Validation

              • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
              • Package Manager: ubuntu:24.04 @@ -2421,7 +3063,7 @@

                Improper Input Validation

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.2, git@1:2.43.0-1ubuntu7.1 and others
              @@ -2433,7 +3075,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 @@ -2444,7 +3086,7 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 @@ -2453,9 +3095,9 @@

                Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 - git-lfs@3.4.1-1ubuntu0.1 + git-lfs@3.4.1-1ubuntu0.2 git@1:2.43.0-1ubuntu7.1 @@ -2489,7 +3131,7 @@

                References

    -

    CVE-2024-9681

    +

    CVE-2024-11053

    @@ -2500,7 +3142,7 @@

    CVE-2024-9681

    • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -2514,7 +3156,7 @@

      CVE-2024-9681

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.13.2, git@1:2.43.0-1ubuntu7.1 and others
    @@ -2526,11 +3168,11 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 + docker-image|quay.io/argoproj/argocd@v2.13.2 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.5 @@ -2544,40 +3186,27 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      -

      When curl is asked to use HSTS, the expiry time for a subdomain might - overwrite a parent domain's cache entry, making it end sooner or later than - otherwise intended.

      -

      This affects curl using applications that enable HSTS and use URLs with the - insecure HTTP:// scheme and perform transfers with hosts like - x.example.com as well as example.com where the first host is a subdomain - of the second host.

      -

      (The HSTS cache either needs to have been populated manually or there needs to - have been previous HTTPS accesses done as the cache needs to have entries for - the domains involved to trigger this problem.)

      -

      When x.example.com responds with Strict-Transport-Security: headers, this - bug can make the subdomain's expiry timeout bleed over and get set for the - parent domain example.com in curl's HSTS cache.

      -

      The result of a triggered bug is that HTTP accesses to example.com get - converted to HTTPS for a different period of time than what was asked for by - the origin server. If example.com for example stops supporting HTTPS at its - expiry time, curl might then fail to access http://example.com until the - (wrongly set) timeout expires. This bug can also expire the parent's entry - earlier, thus making curl inadvertently switch back to insecure HTTP earlier - than otherwise intended.

      +

      When asked to both use a .netrc file for credentials and to follow HTTP + redirects, curl could leak the password used for the first host to the + followed-to host under certain circumstances.

      +

      This flaw only manifests itself if the netrc file has an entry that matches + the redirect target hostname but the entry either omits just the password or + omits both login and password.

      Remediation

      -

      There is no fixed version for Ubuntu:24.04 curl.

      +

      Upgrade Ubuntu:24.04 curl to version 8.5.0-2ubuntu10.6 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -2593,7 +3222,7 @@

    Improper Input Validation

    • - Manifest file: quay.io/argoproj/argocd:v2.13.0-rc5/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.13.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -2606,7 +3235,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.13.0-rc5 and coreutils@9.4-3ubuntu6 + docker-image|quay.io/argoproj/argocd@v2.13.2 and coreutils@9.4-3ubuntu6
    @@ -2619,7 +3248,7 @@

    Detailed paths

    diff --git a/docs/snyk/v2.13.0-rc5/argocd-iac-install.html b/docs/snyk/v2.14.0-rc3/argocd-iac-install.html similarity index 98% rename from docs/snyk/v2.13.0-rc5/argocd-iac-install.html rename to docs/snyk/v2.14.0-rc3/argocd-iac-install.html index bbaeb7181f9ef..f08c746fff497 100644 --- a/docs/snyk/v2.13.0-rc5/argocd-iac-install.html +++ b/docs/snyk/v2.14.0-rc3/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:23:21 am (UTC+00:00)

    +

    December 22nd 2024, 12:23:51 am (UTC+00:00)

    Scanned the following path: @@ -507,7 +507,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22392 + Line number: 23952
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22073 + Line number: 23633
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22160 + Line number: 23720
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22188 + Line number: 23748
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22218 + Line number: 23778
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22236 + Line number: 23796
    • @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22254 + Line number: 23814
    • @@ -829,7 +829,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 22276 + Line number: 23836
    • @@ -881,7 +881,7 @@

    Container could be running with outdated image

  • - Line number: 23349 + Line number: 24926
    • @@ -933,7 +933,7 @@

    Container could be running with outdated image

  • - Line number: 23648 + Line number: 25233
    • @@ -991,7 +991,7 @@

    Container has no CPU limit

  • - Line number: 22886 + Line number: 24445
    • @@ -1049,7 +1049,7 @@

    Container has no CPU limit

  • - Line number: 23155 + Line number: 24728
    • @@ -1107,7 +1107,7 @@

    Container has no CPU limit

  • - Line number: 23109 + Line number: 24682
    • @@ -1165,7 +1165,7 @@

    Container has no CPU limit

  • - Line number: 23215 + Line number: 24790
    • @@ -1223,7 +1223,7 @@

    Container has no CPU limit

  • - Line number: 23320 + Line number: 24897
    • @@ -1281,7 +1281,7 @@

    Container has no CPU limit

  • - Line number: 23344 + Line number: 24921
    • @@ -1339,7 +1339,7 @@

    Container has no CPU limit

  • - Line number: 23648 + Line number: 25233
    • @@ -1397,7 +1397,7 @@

    Container has no CPU limit

  • - Line number: 23401 + Line number: 24980
    • @@ -1455,7 +1455,7 @@

    Container has no CPU limit

  • - Line number: 23733 + Line number: 25320
    • @@ -1513,7 +1513,7 @@

    Container has no CPU limit

  • - Line number: 24123 + Line number: 25718
    • @@ -1565,7 +1565,7 @@

    Container is running with multiple open ports

  • - Line number: 23135 + Line number: 24708
    • @@ -1617,7 +1617,7 @@

    Container is running without liveness probe

  • - Line number: 22886 + Line number: 24445
    • @@ -1669,7 +1669,7 @@

    Container is running without liveness probe

  • - Line number: 23109 + Line number: 24682
    • @@ -1721,7 +1721,7 @@

    Container is running without liveness probe

  • - Line number: 23320 + Line number: 24897
    • @@ -1779,7 +1779,7 @@

    Container is running without memory limit

  • - Line number: 22886 + Line number: 24445
    • @@ -1837,7 +1837,7 @@

    Container is running without memory limit

  • - Line number: 23109 + Line number: 24682
    • @@ -1895,7 +1895,7 @@

    Container is running without memory limit

  • - Line number: 23155 + Line number: 24728
    • @@ -1953,7 +1953,7 @@

    Container is running without memory limit

  • - Line number: 23215 + Line number: 24790
    • @@ -2011,7 +2011,7 @@

    Container is running without memory limit

  • - Line number: 23320 + Line number: 24897
    • @@ -2069,7 +2069,7 @@

    Container is running without memory limit

  • - Line number: 23344 + Line number: 24921
    • @@ -2127,7 +2127,7 @@

    Container is running without memory limit

  • - Line number: 23648 + Line number: 25233
    • @@ -2185,7 +2185,7 @@

    Container is running without memory limit

  • - Line number: 23401 + Line number: 24980
    • @@ -2243,7 +2243,7 @@

    Container is running without memory limit

  • - Line number: 23733 + Line number: 25320
    • @@ -2301,7 +2301,7 @@

    Container is running without memory limit

  • - Line number: 24123 + Line number: 25718
    • @@ -2357,7 +2357,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23033 + Line number: 24604
    • @@ -2413,7 +2413,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23163 + Line number: 24736
    • @@ -2469,7 +2469,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23138 + Line number: 24711
    • @@ -2525,7 +2525,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23254 + Line number: 24829
    • @@ -2581,7 +2581,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23337 + Line number: 24914
    • @@ -2637,7 +2637,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23351 + Line number: 24928
    • @@ -2693,7 +2693,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23655 + Line number: 25240
    • @@ -2749,7 +2749,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 23621 + Line number: 25206
    • @@ -2805,7 +2805,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24024 + Line number: 25617
    • @@ -2861,7 +2861,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 24324 + Line number: 25951
    • diff --git a/docs/snyk/v2.10.18/argocd-iac-namespace-install.html b/docs/snyk/v2.14.0-rc3/argocd-iac-namespace-install.html similarity index 98% rename from docs/snyk/v2.10.18/argocd-iac-namespace-install.html rename to docs/snyk/v2.14.0-rc3/argocd-iac-namespace-install.html index 6d8af0856a67c..c9f0c6cf38247 100644 --- a/docs/snyk/v2.10.18/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.14.0-rc3/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    November 10th 2024, 12:30:47 am (UTC+00:00)

    +

    December 22nd 2024, 12:24:01 am (UTC+00:00)

    Scanned the following path: @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 162 + Line number: 164
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 190 + Line number: 192
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 220 + Line number: 222
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 238 + Line number: 240
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 256 + Line number: 258
    • @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 278 + Line number: 280
    • @@ -835,7 +835,7 @@

    Container could be running with outdated image

  • - Line number: 1112 + Line number: 1156
    • @@ -887,7 +887,7 @@

    Container could be running with outdated image

  • - Line number: 1393 + Line number: 1463
    • @@ -945,7 +945,7 @@

    Container has no CPU limit

  • - Line number: 673 + Line number: 675
    • @@ -1003,7 +1003,7 @@

    Container has no CPU limit

  • - Line number: 924 + Line number: 958
    • @@ -1061,7 +1061,7 @@

    Container has no CPU limit

  • - Line number: 890 + Line number: 912
    • @@ -1119,7 +1119,7 @@

    Container has no CPU limit

  • - Line number: 984 + Line number: 1020
    • @@ -1177,7 +1177,7 @@

    Container has no CPU limit

  • - Line number: 1083 + Line number: 1127
    • @@ -1235,7 +1235,7 @@

    Container has no CPU limit

  • - Line number: 1107 + Line number: 1151
    • @@ -1293,7 +1293,7 @@

    Container has no CPU limit

  • - Line number: 1393 + Line number: 1463
    • @@ -1351,7 +1351,7 @@

    Container has no CPU limit

  • - Line number: 1164 + Line number: 1210
    • @@ -1409,7 +1409,7 @@

    Container has no CPU limit

  • - Line number: 1478 + Line number: 1550
    • @@ -1467,7 +1467,7 @@

    Container has no CPU limit

  • - Line number: 1829 + Line number: 1948
    • @@ -1519,7 +1519,7 @@

    Container is running with multiple open ports

  • - Line number: 904 + Line number: 938
    • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 673 + Line number: 675
    • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 890 + Line number: 912
    • @@ -1675,7 +1675,7 @@

    Container is running without liveness probe

  • - Line number: 1083 + Line number: 1127
    • @@ -1733,7 +1733,7 @@

    Container is running without memory limit

  • - Line number: 673 + Line number: 675
    • @@ -1791,7 +1791,7 @@

    Container is running without memory limit

  • - Line number: 890 + Line number: 912
    • @@ -1849,7 +1849,7 @@

    Container is running without memory limit

  • - Line number: 924 + Line number: 958
    • @@ -1907,7 +1907,7 @@

    Container is running without memory limit

  • - Line number: 984 + Line number: 1020
    • @@ -1965,7 +1965,7 @@

    Container is running without memory limit

  • - Line number: 1083 + Line number: 1127
    • @@ -2023,7 +2023,7 @@

    Container is running without memory limit

  • - Line number: 1107 + Line number: 1151
    • @@ -2081,7 +2081,7 @@

    Container is running without memory limit

  • - Line number: 1393 + Line number: 1463
    • @@ -2139,7 +2139,7 @@

    Container is running without memory limit

  • - Line number: 1164 + Line number: 1210
    • @@ -2197,7 +2197,7 @@

    Container is running without memory limit

  • - Line number: 1478 + Line number: 1550
    • @@ -2255,7 +2255,7 @@

    Container is running without memory limit

  • - Line number: 1829 + Line number: 1948
    • @@ -2311,7 +2311,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 814 + Line number: 834
    • @@ -2367,7 +2367,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 932 + Line number: 966
    • @@ -2423,7 +2423,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 907 + Line number: 941
    • @@ -2479,7 +2479,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1017 + Line number: 1059
    • @@ -2535,7 +2535,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1100 + Line number: 1144
    • @@ -2591,7 +2591,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1114 + Line number: 1158
    • @@ -2647,7 +2647,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1400 + Line number: 1470
    • @@ -2703,7 +2703,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1366 + Line number: 1436
    • @@ -2759,7 +2759,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1739 + Line number: 1847
    • @@ -2815,7 +2815,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 2030 + Line number: 2181
    • diff --git a/docs/snyk/v2.12.7/argocd-test.html b/docs/snyk/v2.14.0-rc3/argocd-test.html similarity index 75% rename from docs/snyk/v2.12.7/argocd-test.html rename to docs/snyk/v2.14.0-rc3/argocd-test.html index 9d42ca920526a..236035b9be62f 100644 --- a/docs/snyk/v2.12.7/argocd-test.html +++ b/docs/snyk/v2.14.0-rc3/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,20 +456,21 @@

    Snyk test report

    -

    November 10th 2024, 12:23:49 am (UTC+00:00)

    +

    December 22nd 2024, 12:21:52 am (UTC+00:00)

    Scanned the following paths:
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • +
    • /argo-cd/argoproj/argo-cd/get-previous-release/hack/get-previous-release/go.mod (gomodules)
    • /argo-cd/ui/yarn.lock (yarn)
    -
    11 known vulnerabilities
    -
    37 vulnerable dependency paths
    -
    2061 dependencies
    +
    8 known vulnerabilities
    +
    39 vulnerable dependency paths
    +
    2159 dependencies

    @@ -477,12 +478,12 @@

    Snyk test report

    -
    -

    LGPL-3.0 license

    +
    +

    Denial of Service (DoS)

    -
    - medium severity +
    + high severity
    @@ -495,15 +496,15 @@

    LGPL-3.0 license

    Package Manager: golang
  • - Module: + Vulnerable module: - gopkg.in/retry.v1 + golang.org/x/net/html
  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/tools/portforward@0.31.0 and others
    • @@ -517,9 +518,315 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/Azure/kubelogin/pkg/token@0.0.20 + k8s.io/client-go/tools/portforward@0.31.0 - gopkg.in/retry.v1@1.0.3 + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + + +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/diff@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/cache@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/health@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/common@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/sync/common@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/sync/common@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/gitops-engine/pkg/sync/ignore@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/sync/hook@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/sync/common@#54992bf42431 + + github.com/argoproj/gitops-engine/pkg/utils/kube@#54992bf42431 + + k8s.io/kubectl/pkg/cmd/util@0.31.0 + + k8s.io/kubectl/pkg/util/templates@0.31.0 + + k8s.io/kubectl/pkg/util/term@0.31.0 + + k8s.io/client-go/tools/remotecommand@0.31.0 + + k8s.io/client-go/transport/spdy@0.31.0 + + k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.2 + + k8s.io/apimachinery/pkg/util/proxy@0.31.2 + + golang.org/x/net/html@0.32.0 @@ -530,17 +837,40 @@

    Detailed paths

    -

    LGPL-3.0 license

    +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    Denial of Service (DoS)

    +

    LGPL-3.0 license

    @@ -557,15 +887,15 @@

    Denial of Service (DoS)

    Package Manager: golang
  • - Vulnerable module: + Module: - github.com/rs/cors + gopkg.in/retry.v1
  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 and others + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.1.6 and others
    • @@ -579,9 +909,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + github.com/Azure/kubelogin/pkg/token@0.1.6 - github.com/rs/cors@1.9.0 + github.com/Azure/kubelogin/pkg/internal/token@0.1.6 + + gopkg.in/retry.v1@1.0.3 @@ -592,62 +924,12 @@

    Detailed paths

    -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the processing of malicious preflight requests that include a Access-Control-Request-Headers header with excessive commas. An attacker can induce excessive memory consumption and potentially crash the server by sending specially crafted requests.

    -

    PoC

    - 
    
-        func BenchmarkPreflightAdversarialACRH(b *testing.B) {
-            resps := makeFakeResponses(b.N)
-            req, _ := http.NewRequest(http.MethodOptions, dummyEndpoint, nil)
-            req.Header.Add(headerOrigin, dummyOrigin)
-            req.Header.Add(headerACRM, http.MethodGet)
-            req.Header[headerACRH] = adversarialACRH
-            handler := Default().Handler(testHandler)
-        
-            b.ReportAllocs()
-            b.ResetTimer()
-            for i := 0; i < b.N; i++ {
-                handler.ServeHTTP(resps[i], req)
-            }
-        }
-        
-        var adversarialACRH []string
-        
-        func init() { // populates adversarialACRH
-            n := int(math.Floor(math.Sqrt(http.DefaultMaxHeaderBytes)))
-            commas := strings.Repeat(",", n)
-            res := make([]string, n)
-            for i := range res {
-                res[i] = commas
-            }
-            adversarialACRH = res
-        }
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/rs/cors to version 1.11.0 or higher.

    -

    References

    - +

    LGPL-3.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -737,7 +1019,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.19.0 and others
    • @@ -751,7 +1033,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - code.gitea.io/sdk/gitea@0.18.0 + code.gitea.io/sdk/gitea@0.19.0 github.com/hashicorp/go-version@1.6.0 @@ -822,7 +1104,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/hashicorp/go-retryablehttp@0.7.7 @@ -833,7 +1115,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.91.1 + github.com/xanzy/go-gitlab@0.114.0 github.com/hashicorp/go-retryablehttp@0.7.7 @@ -844,9 +1126,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/hashicorp/go-retryablehttp@0.7.7 @@ -857,9 +1139,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/cmd@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/hashicorp/go-retryablehttp@0.7.7 @@ -870,7 +1152,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -883,11 +1165,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/api@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/hashicorp/go-retryablehttp@0.7.7 @@ -898,11 +1180,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/controller@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/hashicorp/go-retryablehttp@0.7.7 @@ -913,9 +1195,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -928,9 +1210,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/cmd@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -943,11 +1225,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/api@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -960,11 +1242,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/controller@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1039,7 +1321,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.91.1 + github.com/xanzy/go-gitlab@0.114.0 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -1050,7 +1332,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.91.1 + github.com/xanzy/go-gitlab@0.114.0 github.com/hashicorp/go-retryablehttp@0.7.7 @@ -1063,7 +1345,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1078,9 +1360,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1095,9 +1377,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/cmd@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1112,11 +1394,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/api@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1131,11 +1413,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/controller@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2fef5c9049fd - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2fef5c9049fd github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -1186,7 +1468,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.14.0
    • @@ -1201,7 +1483,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/gosimple/slug@1.13.1 + github.com/gosimple/slug@1.14.0 @@ -1220,97 +1502,6 @@

    Detailed paths

    More about this vulnerability

    -
    -
    -

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Regular Expression Denial of Service (ReDoS)

    @@ -1457,255 +1648,6 @@

    References

    -
    -

    Insufficient Documentation of Error Handling Techniques

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/golang-jwt/jwt/v4 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/golang-jwt/jwt/v4@4.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/Azure/go-autorest/autorest/azure@0.11.29 - - github.com/Azure/go-autorest/autorest@0.11.29 - - github.com/Azure/go-autorest/autorest/adal@0.9.23 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/bradleyfalzon/ghinstallation/v2@2.6.0 - - github.com/golang-jwt/jwt/v4@4.5.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

    -

    Workaround

    -

    Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

    -

    Remediation

    -

    Upgrade github.com/golang-jwt/jwt/v4 to version 4.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insufficient Documentation of Error Handling Techniques

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/golang-jwt/jwt -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential@0.5.2 - - github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens@0.5.2 - - github.com/golang-jwt/jwt@3.2.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

    -

    Workaround

    -

    Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

    -

    Remediation

    -

    A fix was pushed into the master branch but not yet published.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/v2.14.0-rc3/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.0-rc3/ghcr.io_dexidp_dex_v2.41.1.html new file mode 100644 index 0000000000000..ea7cdb961ccd3 --- /dev/null +++ b/docs/snyk/v2.14.0-rc3/ghcr.io_dexidp_dex_v2.41.1.html @@ -0,0 +1,2253 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    December 22nd 2024, 12:21:57 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • ghcr.io/dexidp/dex:v2.41.1/dexidp/dex (apk)
      • +
    • ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4//usr/local/bin/gomplate (gomodules)
      • +
    • ghcr.io/dexidp/dex:v2.41.1/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
      • +
    • ghcr.io/dexidp/dex:v2.41.1/dexidp/dex//usr/local/bin/dex (gomodules)
      • +
    +
    + +
    +
    24 known vulnerabilities
    +
    45 vulnerable dependency paths
    +
    969 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Incorrect Implementation of Authentication Algorithm

    +
    + +
    + critical severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and golang.org/x/crypto/ssh@v0.24.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + golang.org/x/crypto/ssh@v0.24.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

    +

    Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and golang.org/x/net/html@v0.27.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/html@v0.27.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Insertion of Sensitive Information into Log File

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/grpc/metadata +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and google.golang.org/grpc/metadata@v1.64.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + google.golang.org/grpc/metadata@v1.64.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    google.golang.org/grpc/metadata is a package that defines the structure of the metadata supported by the gRPC library

    +

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of gRPC metadata. If the metadata contains sensitive information an attacker can expose it.

    +

    Remediation

    +

    Upgrade google.golang.org/grpc/metadata to version 1.64.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/vault/api +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/vault/api@v1.14.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/vault/api@v1.14.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/serf/coordinate +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/serf/coordinate@v0.10.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/serf/coordinate@v0.10.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/hcl/v2 +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/gohcl@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/hclparse@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/json@v2.13.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/hcl +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/hcl@v1.0.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/hcl@v1.0.0 + + + +
      • +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/hcl/hcl/token@v1.0.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/golang-lru/simplelru +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/golang-lru/simplelru@v1.0.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/golang-lru/simplelru@v1.0.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-uuid +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-uuid@v1.0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-uuid@v1.0.3 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-sockaddr +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-sockaddr@v1.0.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-sockaddr@v1.0.6 + + + +
      • +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-sockaddr/template@v1.0.6 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-secure-stdlib/strutil +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-secure-stdlib/parseutil +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-secure-stdlib/awsutil +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/awsutil@v0.3.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-secure-stdlib/awsutil@v0.3.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-rootcerts +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-rootcerts@v1.0.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-rootcerts@v1.0.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-retryablehttp@v0.7.7 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-retryablehttp@v0.7.7 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-multierror +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-multierror@v1.1.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-multierror@v1.1.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-immutable-radix +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-immutable-radix@v1.3.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-immutable-radix@v1.3.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/go-cleanhttp@v0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/errwrap +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/errwrap@v1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/errwrap@v1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/consul/api +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/consul/api@v1.29.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/hashicorp/consul/api@v1.29.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v4@* and github.com/gosimple/slug@v1.14.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v4@* + + github.com/gosimple/slug@v1.14.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/go-sql-driver/mysql +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.8.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/go-sql-driver/mysql@v1.8.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-6119

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + openssl/libcrypto3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libcrypto3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + busybox/ssl_client@1.36.1-r29 + + openssl/libcrypto3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.1-r3 + + openssl/libcrypto3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + openssl/libssl3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + busybox/ssl_client@1.36.1-r29 + + openssl/libssl3@3.3.1-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Applications performing certificate name checks (e.g., TLS + clients checking server certificates) may attempt to read an invalid memory + address resulting in abnormal termination of the application process.

    +

    Impact summary: Abnormal termination of an application can a cause a denial of + service.

    +

    Applications performing certificate name checks (e.g., TLS clients checking + server certificates) may attempt to read an invalid memory address when + comparing the expected name with an otherName subject alternative name of an + X.509 certificate. This may result in an exception that terminates the + application program.

    +

    Note that basic certificate chain validation (signatures, dates, ...) is not + affected, the denial of service can occur only when the application also + specifies an expected DNS name, Email address or IP address.

    +

    TLS servers rarely solicit client certificates, and even when they do, they + generally don't perform a name check against a reference identifier (expected + identity), but rather extract the presented identity after checking the + certificate chain. So TLS servers are generally not affected and the severity + of the issue is Moderate.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.20 openssl to version 3.3.2-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-9143

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + openssl/libcrypto3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libcrypto3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + busybox/ssl_client@1.36.1-r29 + + openssl/libcrypto3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.1-r3 + + openssl/libcrypto3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + openssl/libssl3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.1-r3 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.41.1 + + busybox/ssl_client@1.36.1-r29 + + openssl/libssl3@3.3.1-r3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted + explicit values for the field polynomial can lead to out-of-bounds memory reads + or writes.

    +

    Impact summary: Out of bound memory writes can lead to an application crash or + even a possibility of a remote code execution, however, in all the protocols + involving Elliptic Curve Cryptography that we're aware of, either only "named + curves" are supported, or, if explicit curve parameters are supported, they + specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent + problematic input values. Thus the likelihood of existence of a vulnerable + application is low.

    +

    In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, + so problematic inputs cannot occur in the context of processing X.509 + certificates. Any problematic use-cases would have to be using an "exotic" + curve encoding.

    +

    The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), + and various supporting BN_GF2m_*() functions.

    +

    Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, + that make it possible to represent invalid field polynomials with a zero + constant term, via the above or similar APIs, may terminate abruptly as a + result of reading or writing outside of array bounds. Remote code execution + cannot easily be ruled out.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.20 openssl to version 3.3.2-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.14.0-rc3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.0-rc3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html new file mode 100644 index 0000000000000..92d2db8bd5e79 --- /dev/null +++ b/docs/snyk/v2.14.0-rc3/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html @@ -0,0 +1,1539 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    December 22nd 2024, 12:22:01 am (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy (apk)
      • +
    +
    + +
    +
    6 known vulnerabilities
    +
    52 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|public.ecr.aws/docker/library/haproxy
    Path public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy
    Package Manager apk
    +
    +
    +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/busybox@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + alpine-baselayout/alpine-baselayout@3.6.5-r0 + + busybox/busybox-binsh@1.36.1-r28 + + busybox/busybox@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/busybox-binsh@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + alpine-baselayout/alpine-baselayout@3.6.5-r0 + + busybox/busybox-binsh@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + ca-certificates/ca-certificates@20240226-r0 + + busybox/busybox-binsh@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    +

    Remediation

    +

    Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/busybox@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + alpine-baselayout/alpine-baselayout@3.6.5-r0 + + busybox/busybox-binsh@1.36.1-r28 + + busybox/busybox@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/busybox-binsh@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + alpine-baselayout/alpine-baselayout@3.6.5-r0 + + busybox/busybox-binsh@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + ca-certificates/ca-certificates@20240226-r0 + + busybox/busybox-binsh@1.36.1-r28 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    +

    Remediation

    +

    Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-4741

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + ca-certificates/ca-certificates@20240226-r0 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libssl3@3.3.0-r2 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause + memory to be accessed that was previously freed in some situations

    +

    Impact summary: A use after free can have a range of potential consequences such + as the corruption of valid data, crashes or execution of arbitrary code. + However, only applications that directly call the SSL_free_buffers function are + affected by this issue. Applications that do not call this function are not + vulnerable. Our investigations indicate that this function is rarely used by + applications.

    +

    The SSL_free_buffers function is used to free the internal OpenSSL buffer used + when processing an incoming record from the network. The call is only expected + to succeed if the buffer is not currently in use. However, two scenarios have + been identified where the buffer is freed even when still in use.

    +

    The first scenario occurs where a record header has been received from the + network and processed by OpenSSL, but the full record body has not yet arrived. + In this case calling SSL_free_buffers will succeed even though a record has only + been partially processed and the buffer is still in use.

    +

    The second scenario occurs where a full record containing application data has + been received and processed by OpenSSL but the application has only read part of + this data. Again a call to SSL_free_buffers will succeed even though the buffer + is still in use.

    +

    While these scenarios could occur accidentally during normal operation a + malicious attacker could attempt to engineer a stituation where this occurs. + We are not aware of this issue being actively exploited.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-5535

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + ca-certificates/ca-certificates@20240226-r0 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libssl3@3.3.0-r2 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an + empty supported client protocols buffer may cause a crash or memory contents to + be sent to the peer.

    +

    Impact summary: A buffer overread can have a range of potential consequences + such as unexpected application beahviour or a crash. In particular this issue + could result in up to 255 bytes of arbitrary private data from memory being sent + to the peer leading to a loss of confidentiality. However, only applications + that directly call the SSL_select_next_proto function with a 0 length list of + supported client protocols are affected by this issue. This would normally never + be a valid scenario and is typically not under attacker control but may occur by + accident in the case of a configuration or programming error in the calling + application.

    +

    The OpenSSL API function SSL_select_next_proto is typically used by TLS + applications that support ALPN (Application Layer Protocol Negotiation) or NPN + (Next Protocol Negotiation). NPN is older, was never standardised and + is deprecated in favour of ALPN. We believe that ALPN is significantly more + widely deployed than NPN. The SSL_select_next_proto function accepts a list of + protocols from the server and a list of protocols from the client and returns + the first protocol that appears in the server list that also appears in the + client list. In the case of no overlap between the two lists it returns the + first item in the client list. In either case it will signal whether an overlap + between the two lists was found. In the case where SSL_select_next_proto is + called with a zero length client list it fails to notice this condition and + returns the memory immediately following the client list pointer (and reports + that there was no overlap in the lists).

    +

    This function is typically called from a server side application callback for + ALPN or a client side application callback for NPN. In the case of ALPN the list + of protocols supplied by the client is guaranteed by libssl to never be zero in + length. The list of server protocols comes from the application and should never + normally be expected to be of zero length. In this case if the + SSL_select_next_proto function has been called as expected (with the list + supplied by the client passed in the client/client_len parameters), then the + application will not be vulnerable to this issue. If the application has + accidentally been configured with a zero length server list, and has + accidentally passed that zero length server list in the client/client_len + parameters, and has additionally failed to correctly handle a "no overlap" + response (which would normally result in a handshake failure in ALPN) then it + will be vulnerable to this problem.

    +

    In the case of NPN, the protocol permits the client to opportunistically select + a protocol when there is no overlap. OpenSSL returns the first client protocol + in the no overlap case in support of this. The list of client protocols comes + from the application and should never normally be expected to be of zero length. + However if the SSL_select_next_proto function is accidentally called with a + client_len of 0 then an invalid memory pointer will be returned instead. If the + application uses this output as the opportunistic protocol then the loss of + confidentiality will occur.

    +

    This issue has been assessed as Low severity because applications are most + likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not + widely used. It also requires an application configuration or programming error. + Finally, this issue would not typically be under attacker control making active + exploitation unlikely.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Due to the low severity of this issue we are not issuing new releases of + OpenSSL at this time. The fix will be included in the next releases when they + become available.

    +

    Remediation

    +

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-6119

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + ca-certificates/ca-certificates@20240226-r0 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libssl3@3.3.0-r2 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Applications performing certificate name checks (e.g., TLS + clients checking server certificates) may attempt to read an invalid memory + address resulting in abnormal termination of the application process.

    +

    Impact summary: Abnormal termination of an application can a cause a denial of + service.

    +

    Applications performing certificate name checks (e.g., TLS clients checking + server certificates) may attempt to read an invalid memory address when + comparing the expected name with an otherName subject alternative name of an + X.509 certificate. This may result in an exception that terminates the + application program.

    +

    Note that basic certificate chain validation (signatures, dates, ...) is not + affected, the denial of service can occur only when the application also + specifies an expected DNS name, Email address or IP address.

    +

    TLS servers rarely solicit client certificates, and even when they do, they + generally don't perform a name check against a reference identifier (expected + identity), but rather extract the presented identity after checking the + certificate chain. So TLS servers are generally not affected and the severity + of the issue is Moderate.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.20 openssl to version 3.3.2-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-9143

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + ca-certificates/ca-certificates@20240226-r0 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libssl3@3.3.0-r2 + + openssl/libcrypto3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + .haproxy-rundeps@20240524.005458 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + + busybox/ssl_client@1.36.1-r28 + + openssl/libssl3@3.3.0-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted + explicit values for the field polynomial can lead to out-of-bounds memory reads + or writes.

    +

    Impact summary: Out of bound memory writes can lead to an application crash or + even a possibility of a remote code execution, however, in all the protocols + involving Elliptic Curve Cryptography that we're aware of, either only "named + curves" are supported, or, if explicit curve parameters are supported, they + specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent + problematic input values. Thus the likelihood of existence of a vulnerable + application is low.

    +

    In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, + so problematic inputs cannot occur in the context of processing X.509 + certificates. Any problematic use-cases would have to be using an "exotic" + curve encoding.

    +

    The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), + and various supporting BN_GF2m_*() functions.

    +

    Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, + that make it possible to represent invalid field polynomials with a zero + constant term, via the above or similar APIs, may terminate abruptly as a + result of reading or writing outside of array bounds. Remote code execution + cannot easily be ruled out.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.20 openssl to version 3.3.2-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.14.0-rc3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.0-rc3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html new file mode 100644 index 0000000000000..520e1938e8ab1 --- /dev/null +++ b/docs/snyk/v2.14.0-rc3/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -0,0 +1,670 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    December 22nd 2024, 12:22:04 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • public.ecr.aws/docker/library/redis:7.0.15-alpine/docker/library/redis (apk)
      • +
    • public.ecr.aws/docker/library/redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • +
    +
    + +
    +
    1 known vulnerabilities
    +
    9 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    CVE-2024-9143

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.20 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + openssl/libcrypto3@3.3.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + .redis-rundeps@20240906.232324 + + openssl/libcrypto3@3.3.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libcrypto3@3.3.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + busybox/ssl_client@1.36.1-r29 + + openssl/libcrypto3@3.3.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + .redis-rundeps@20240906.232324 + + openssl/libssl3@3.3.2-r0 + + openssl/libcrypto3@3.3.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + openssl/libssl3@3.3.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + .redis-rundeps@20240906.232324 + + openssl/libssl3@3.3.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + apk-tools/apk-tools@2.14.4-r0 + + openssl/libssl3@3.3.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine + + busybox/ssl_client@1.36.1-r29 + + openssl/libssl3@3.3.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.20 relevant fixed versions and status.

    +

    Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted + explicit values for the field polynomial can lead to out-of-bounds memory reads + or writes.

    +

    Impact summary: Out of bound memory writes can lead to an application crash or + even a possibility of a remote code execution, however, in all the protocols + involving Elliptic Curve Cryptography that we're aware of, either only "named + curves" are supported, or, if explicit curve parameters are supported, they + specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent + problematic input values. Thus the likelihood of existence of a vulnerable + application is low.

    +

    In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, + so problematic inputs cannot occur in the context of processing X.509 + certificates. Any problematic use-cases would have to be using an "exotic" + curve encoding.

    +

    The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), + and various supporting BN_GF2m_*() functions.

    +

    Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, + that make it possible to represent invalid field polynomials with a zero + constant term, via the above or similar APIs, may terminate abruptly as a + result of reading or writing outside of array bounds. Remote code execution + cannot easily be ruled out.

    +

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.20 openssl to version 3.3.2-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.12.7/quay.io_argoproj_argocd_v2.12.7.html b/docs/snyk/v2.14.0-rc3/quay.io_argoproj_argocd_v2.14.0-rc3.html similarity index 79% rename from docs/snyk/v2.12.7/quay.io_argoproj_argocd_v2.12.7.html rename to docs/snyk/v2.14.0-rc3/quay.io_argoproj_argocd_v2.14.0-rc3.html index ecff525d1fe42..e5d8f6a78c378 100644 --- a/docs/snyk/v2.12.7/quay.io_argoproj_argocd_v2.12.7.html +++ b/docs/snyk/v2.14.0-rc3/quay.io_argoproj_argocd_v2.14.0-rc3.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    November 10th 2024, 12:24:23 am (UTC+00:00)

    +

    December 22nd 2024, 12:22:23 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.12.7/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.12.7//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.12.7/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.12.7/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.14.0-rc3//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.14.0-rc3/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.14.0-rc3/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    22 known vulnerabilities
    -
    76 vulnerable dependency paths
    -
    2292 dependencies
    +
    21 known vulnerabilities
    +
    102 vulnerable dependency paths
    +
    2381 dependencies
    @@ -480,8 +480,100 @@

    Snyk test report

    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/html +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.32.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + golang.org/x/net/html@v0.32.0 + + + +
      • +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/html@v0.26.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions parseDoctype, htmlIntegrationPoint, inBodyIM and inTableIM due to inefficient usage of the method strings.ToLower combining with the == operator to convert strings to lowercase and then comparing them.

    +

    An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/html to version 0.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    -

    Information Exposure

    +

    Insecure Storage of Sensitive Information

    @@ -492,7 +584,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -500,12 +592,12 @@

      Information Exposure

    • Vulnerable module: - libgcrypt20 + pam/libpam0g
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 and libgcrypt20@1.10.3-2build1 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and pam/libpam0g@1.5.3-5ubuntu5.1
    @@ -518,88 +610,146 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - gnupg2/dirmngr@2.4.4-2ubuntu17 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - gnupg2/gpg@2.4.4-2ubuntu17 + util-linux@2.39.3-9ubuntu6.1 - libgcrypt20@1.10.3-2build1 + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - gnupg2/gpg-agent@2.4.4-2ubuntu17 + apt@2.7.14build2 - libgcrypt20@1.10.3-2build1 + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 apt@2.7.14build2 - apt/libapt-pkg6.0t64@2.7.14build2 + adduser@3.137ubuntu1 - libgcrypt20@1.10.3-2build1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 apt@2.7.14build2 - gnupg2/gpgv@2.4.4-2ubuntu17 + adduser@3.137ubuntu1 - libgcrypt20@1.10.3-2build1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - gnupg2/gpg@2.4.4-2ubuntu17 + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - gnupg2/gpgconf@2.4.4-2ubuntu17 + apt@2.7.14build2 - libgcrypt20@1.10.3-2build1 + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 apt@2.7.14build2 @@ -608,10 +758,265 @@

      Detailed paths

      shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 pam/libpam-modules@1.5.3-5ubuntu5.1 + +       + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 pam.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Authentication

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + pam/libpam0g +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and pam/libpam0g@1.5.3-5ubuntu5.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + util-linux@2.39.3-9ubuntu6.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + pam/libpam0g@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + pam/libpam-modules-bin@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + shadow/login@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + apt@2.7.14build2 + + adduser@3.137ubuntu1 + + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 + + pam/libpam-modules@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + pam/libpam-runtime@1.5.3-5ubuntu5.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - systemd/libsystemd0@255.4-1ubuntu8.4 + shadow/login@1:4.13+dfsg1-4ubuntu3.2 - libgcrypt20@1.10.3-2build1 + pam/libpam-runtime@1.5.3-5ubuntu5.1 @@ -623,23 +1028,22 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      -

      A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

      +

      A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

      Remediation

      -

      There is no fixed version for Ubuntu:24.04 libgcrypt20.

      +

      There is no fixed version for Ubuntu:24.04 pam.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -655,7 +1059,7 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -669,7 +1073,7 @@

      CVE-2024-26462

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3, git@1:2.43.0-1ubuntu7.1 and others
    @@ -681,146 +1085,146 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -863,7 +1267,7 @@

      LGPL-3.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -910,116 +1314,6 @@

        Detailed paths

        More about this vulnerability

    -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/rs/cors -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/rs/cors@v1.9.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/rs/cors@v1.9.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the processing of malicious preflight requests that include a Access-Control-Request-Headers header with excessive commas. An attacker can induce excessive memory consumption and potentially crash the server by sending specially crafted requests.

    -

    PoC

    - 
    
-        func BenchmarkPreflightAdversarialACRH(b *testing.B) {
-            resps := makeFakeResponses(b.N)
-            req, _ := http.NewRequest(http.MethodOptions, dummyEndpoint, nil)
-            req.Header.Add(headerOrigin, dummyOrigin)
-            req.Header.Add(headerACRM, http.MethodGet)
-            req.Header[headerACRH] = adversarialACRH
-            handler := Default().Handler(testHandler)
-        
-            b.ReportAllocs()
-            b.ResetTimer()
-            for i := 0; i < b.N; i++ {
-                handler.ServeHTTP(resps[i], req)
-            }
-        }
-        
-        var adversarialACRH []string
-        
-        func init() { // populates adversarialACRH
-            n := int(math.Floor(math.Sqrt(http.DefaultMaxHeaderBytes)))
-            commas := strings.Repeat(",", n)
-            res := make([]string, n)
-            for i := range res {
-                res[i] = commas
-            }
-            adversarialACRH = res
-        }
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/rs/cors to version 1.11.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -1033,7 +1327,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1093,7 +1387,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -1153,7 +1447,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -1213,7 +1507,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.12.7/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -1273,7 +1567,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1333,7 +1627,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -1346,7 +1640,7 @@

                MPL-2.0 license

              • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
              @@ -1361,7 +1655,7 @@

              Detailed paths

              Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/gosimple/slug@v1.13.1 + github.com/gosimple/slug@v1.14.0 @@ -1393,7 +1687,7 @@

              Release of Invalid Pointer or Reference

              • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
              • Package Manager: ubuntu:24.04 @@ -1406,7 +1700,7 @@

                Release of Invalid Pointer or Reference

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and patch@2.7.6-7build3
              @@ -1419,7 +1713,7 @@

              Detailed paths

              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 patch@2.7.6-7build3 @@ -1463,7 +1757,7 @@

                Double Free

                • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:24.04 @@ -1476,7 +1770,7 @@

                  Double Free

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and patch@2.7.6-7build3
                @@ -1489,7 +1783,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 patch@2.7.6-7build3 @@ -1538,7 +1832,7 @@

                  CVE-2024-41996

                  • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:24.04 @@ -1551,7 +1845,7 @@

                    CVE-2024-41996

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 and openssl/libssl3t64@3.0.13-0ubuntu3.4 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and openssl/libssl3t64@3.0.13-0ubuntu3.4
                  @@ -1564,135 +1858,298 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + openssl/libssl3t64@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + coreutils@9.4-3ubuntu6 + + openssl/libssl3t64@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1 + + openssl/libssl3t64@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + libfido2/libfido2-1@1.14.0-1build3 + + openssl/libssl3t64@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + openssh/openssh-client@1:9.6p1-3ubuntu13.5 + + openssl/libssl3t64@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + ca-certificates@20240203 + + openssl@3.0.13-0ubuntu3.4 + + openssl/libssl3t64@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 + + libssh/libssh-4@0.10.6-2build2 + + openssl/libssl3t64@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 + + krb5/libkrb5-3@1.20.1-6ubuntu2.2 + + openssl/libssl3t64@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + git@1:2.43.0-1ubuntu7.1 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 + + openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.1 + + cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1 openssl/libssl3t64@3.0.13-0ubuntu3.4 -
                    • + +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + openssl@3.0.13-0ubuntu3.4 + + + +
                    • +
                  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 + + ca-certificates@20240203 + + openssl@3.0.13-0ubuntu3.4 + + + +
                    • +
                  + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 openssl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + libgcrypt20 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and libgcrypt20@1.10.3-2build1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 - - coreutils@9.4-3ubuntu6 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - openssl/libssl3t64@3.0.13-0ubuntu3.4 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1 + gnupg2/dirmngr@2.4.4-2ubuntu17 - openssl/libssl3t64@3.0.13-0ubuntu3.4 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - libfido2/libfido2-1@1.14.0-1build3 + gnupg2/gpg@2.4.4-2ubuntu17 - openssl/libssl3t64@3.0.13-0ubuntu3.4 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - openssh/openssh-client@1:9.6p1-3ubuntu13.5 + gnupg2/gpg-agent@2.4.4-2ubuntu17 - openssl/libssl3t64@3.0.13-0ubuntu3.4 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - ca-certificates@20240203 + apt@2.7.14build2 - openssl@3.0.13-0ubuntu3.4 + apt/libapt-pkg6.0t64@2.7.14build2 - openssl/libssl3t64@3.0.13-0ubuntu3.4 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + apt@2.7.14build2 - libssh/libssh-4@0.10.6-2build2 + gnupg2/gpgv@2.4.4-2ubuntu17 - openssl/libssl3t64@3.0.13-0ubuntu3.4 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + gnupg2/gpg@2.4.4-2ubuntu17 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + gnupg2/gpgconf@2.4.4-2ubuntu17 - openssl/libssl3t64@3.0.13-0ubuntu3.4 + libgcrypt20@1.10.3-2build1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 - - git@1:2.43.0-1ubuntu7.1 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 - - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 + apt@2.7.14build2 - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1 + adduser@3.137ubuntu1 - openssl/libssl3t64@3.0.13-0ubuntu3.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + shadow/passwd@1:4.13+dfsg1-4ubuntu3.2 - openssl@3.0.13-0ubuntu3.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + pam/libpam-modules@1.5.3-5ubuntu5.1 - ca-certificates@20240203 + systemd/libsystemd0@255.4-1ubuntu8.4 - openssl@3.0.13-0ubuntu3.4 + libgcrypt20@1.10.3-2build1 @@ -1704,23 +2161,24 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      -

      Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

      +

      A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

      Remediation

      -

      There is no fixed version for Ubuntu:24.04 openssl.

      +

      There is no fixed version for Ubuntu:24.04 libgcrypt20.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1736,7 +2194,7 @@

    CVE-2024-26458

    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -1750,7 +2208,7 @@

      CVE-2024-26458

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3, git@1:2.43.0-1ubuntu7.1 and others
    @@ -1762,146 +2220,146 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -1944,7 +2402,7 @@

      CVE-2024-26461

      • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:24.04 @@ -1958,7 +2416,7 @@

        CVE-2024-26461

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3, git@1:2.43.0-1ubuntu7.1 and others
      @@ -1970,146 +2428,146 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2 - krb5/libk5crypto3@1.20.1-6ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2.2 - krb5/libkrb5support0@1.20.1-6ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2 - krb5/libkrb5-3@1.20.1-6ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 openssh/openssh-client@1:9.6p1-3ubuntu13.5 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6 libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.2
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 - krb5/krb5-locales@1.20.1-6ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2.2 @@ -2152,7 +2610,7 @@

        Out-of-bounds Write

        • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:24.04 @@ -2165,7 +2623,7 @@

          Out-of-bounds Write

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 and gnupg2/gpgv@2.4.4-2ubuntu17 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and gnupg2/gpgv@2.4.4-2ubuntu17
        @@ -2178,7 +2636,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 gnupg2/gpgv@2.4.4-2ubuntu17 @@ -2187,7 +2645,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 apt@2.7.14build2 @@ -2198,7 +2656,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 gnupg2/dirmngr@2.4.4-2ubuntu17 @@ -2209,7 +2667,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -2220,7 +2678,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 gnupg2/gpg@2.4.4-2ubuntu17 @@ -2231,7 +2689,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 gnupg2/dirmngr@2.4.4-2ubuntu17 @@ -2240,7 +2698,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 gnupg2/gpg@2.4.4-2ubuntu17 @@ -2249,7 +2707,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -2298,7 +2756,7 @@

          Allocation of Resources Without Limits or Throttling

        • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:24.04 @@ -2311,7 +2769,7 @@

          Allocation of Resources Without Limits or Throttling

          Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 and glibc/libc-bin@2.39-0ubuntu8.3 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and glibc/libc-bin@2.39-0ubuntu8.3
        @@ -2324,7 +2782,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 glibc/libc-bin@2.39-0ubuntu8.3 @@ -2333,7 +2791,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 glibc/libc6@2.39-0ubuntu8.3 @@ -2366,144 +2824,6 @@

          References

          More about this vulnerability

    -
    -
    -

    Insufficient Documentation of Error Handling Techniques

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/golang-jwt/jwt/v4 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/golang-jwt/jwt/v4@v4.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/golang-jwt/jwt/v4@v4.5.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

    -

    Workaround

    -

    Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

    -

    Remediation

    -

    Upgrade github.com/golang-jwt/jwt/v4 to version 4.5.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insufficient Documentation of Error Handling Techniques

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/golang-jwt/jwt -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/golang-jwt/jwt@v3.2.2+incompatible - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/golang-jwt/jwt@v3.2.2+incompatible - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the ParseWithClaims function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.

    -

    Workaround

    -

    Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see example_test.go

    -

    Remediation

    -

    A fix was pushed into the master branch but not yet published.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Improper Input Validation

    @@ -2517,7 +2837,7 @@

    Improper Input Validation

    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -2531,7 +2851,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7, git@1:2.43.0-1ubuntu7.1 and others + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3, git@1:2.43.0-1ubuntu7.1 and others
    @@ -2543,7 +2863,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 @@ -2554,7 +2874,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git@1:2.43.0-1ubuntu7.1 @@ -2563,7 +2883,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 git-lfs@3.4.1-1ubuntu0.2 @@ -2597,99 +2917,6 @@

      References

      More about this vulnerability

    -
    -
    -

    CVE-2024-9681

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - curl/libcurl3t64-gnutls -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.12.7, git@1:2.43.0-1ubuntu7.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    When curl is asked to use HSTS, the expiry time for a subdomain might - overwrite a parent domain's cache entry, making it end sooner or later than - otherwise intended.

    -

    This affects curl using applications that enable HSTS and use URLs with the - insecure HTTP:// scheme and perform transfers with hosts like - x.example.com as well as example.com where the first host is a subdomain - of the second host.

    -

    (The HSTS cache either needs to have been populated manually or there needs to - have been previous HTTPS accesses done as the cache needs to have entries for - the domains involved to trigger this problem.)

    -

    When x.example.com responds with Strict-Transport-Security: headers, this - bug can make the subdomain's expiry timeout bleed over and get set for the - parent domain example.com in curl's HSTS cache.

    -

    The result of a triggered bug is that HTTP accesses to example.com get - converted to HTTPS for a different period of time than what was asked for by - the origin server. If example.com for example stops supporting HTTPS at its - expiry time, curl might then fail to access http://example.com until the - (wrongly set) timeout expires. This bug can also expire the parent's entry - earlier, thus making curl inadvertently switch back to insecure HTTP earlier - than otherwise intended.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 curl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Improper Input Validation

    @@ -2703,7 +2930,7 @@

    Improper Input Validation

    • - Manifest file: quay.io/argoproj/argocd:v2.12.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.14.0-rc3/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:24.04 @@ -2716,7 +2943,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.7 and coreutils@9.4-3ubuntu6 + docker-image|quay.io/argoproj/argocd@v2.14.0-rc3 and coreutils@9.4-3ubuntu6
    @@ -2729,7 +2956,7 @@

    Detailed paths

    diff --git a/docs/try_argo_cd_locally.md b/docs/try_argo_cd_locally.md new file mode 100644 index 0000000000000..2d08105875551 --- /dev/null +++ b/docs/try_argo_cd_locally.md @@ -0,0 +1,53 @@ +# Try Argo CD Locally + +!!! tip + This guide assumes you have a grounding in the tools that Argo CD is based on. Please read [understanding the basics](understand_the_basics.md) to learn about these tools. + + +Follow these steps to install `Kind` for local development and set it up with Argo CD. + +To run an Argo CD development environment [review the developer guide for running locally](../developer-guide/running-locally). + +## Install Kind + +Install Kind Following Instructions [here](https://kind.sigs.k8s.io/docs/user/quick-start#installation). + +## Create a Kind Cluster +Once Kind is installed, create a new Kubernetes cluster with: +```bash +kind create cluster --name argocd-cluster +``` +This will create a local Kubernetes cluster named `argocd-cluster`. + +## Set Up kubectl to Use the Kind Cluster +After creating the cluster, set `kubectl` to use your new `kind` cluster: +```bash +kubectl cluster-info --context kind-argocd-cluster +``` +This command verifies that `kubectl` is pointed to the right cluster. + +## Install ArgoCD on the Cluster +You can now install Argo CD on your `kind` cluster. First, apply the Argo CD manifest to create the necessary resources: +```bash +kubectl create namespace argocd +kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml +``` + +## Expose ArgoCD API Server +By default, Argo CD's API server is not exposed outside the cluster. You need to expose it to access the UI locally. For development purposes, you can use Kubectl 'port-forward'. +```bash +kubectl port-forward svc/argocd-server -n argocd 8080:443 +``` +This will forward port 8080 on your local machine to the ArgoCD API server’s port 443 inside the Kubernetes cluster. + +## Access ArgoCD UI +Now, you can open your browser and navigate to http://localhost:8080 to access the ArgoCD UI. + +### Log in to ArgoCD +To log in to the ArgoCD UI, you'll need the default admin password. You can retrieve it from the Kubernetes cluster: +```bash +kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d +``` +Use the admin username and the retrieved password to log in. + +You can now move on to step #2 in the [Getting Started Guide](getting_started.md]. diff --git a/docs/user-guide/commands/argocd.md b/docs/user-guide/commands/argocd.md index a72d5c0264bd6..67f7dfdf7fd6f 100644 --- a/docs/user-guide/commands/argocd.md +++ b/docs/user-guide/commands/argocd.md @@ -56,6 +56,6 @@ argocd [flags] * [argocd proj](argocd_proj.md) - Manage projects * [argocd relogin](argocd_relogin.md) - Refresh an expired authenticate token * [argocd repo](argocd_repo.md) - Manage repository connection parameters -* [argocd repocreds](argocd_repocreds.md) - Manage repository connection parameters +* [argocd repocreds](argocd_repocreds.md) - Manage credential templates for repositories * [argocd version](argocd_version.md) - Print version information diff --git a/docs/user-guide/commands/argocd_account_can-i.md b/docs/user-guide/commands/argocd_account_can-i.md index 1ab95370a904c..150f90353e2d0 100644 --- a/docs/user-guide/commands/argocd_account_can-i.md +++ b/docs/user-guide/commands/argocd_account_can-i.md @@ -22,7 +22,7 @@ argocd account can-i update projects 'default' argocd account can-i create clusters '*' Actions: [get create update delete sync override action invoke] -Resources: [clusters projects applications applicationsets repositories certificates accounts gpgkeys logs exec extensions] +Resources: [clusters projects applications applicationsets repositories write-repositories certificates accounts gpgkeys logs exec extensions] ``` diff --git a/docs/user-guide/commands/argocd_admin_app_generate-spec.md b/docs/user-guide/commands/argocd_admin_app_generate-spec.md index 60ad136c4111f..c5e4ee3ac433b 100644 --- a/docs/user-guide/commands/argocd_admin_app_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_app_generate-spec.md @@ -45,6 +45,9 @@ argocd admin app generate-spec APPNAME [flags] --directory-exclude string Set glob expression used to exclude files from application source path --directory-include string Set glob expression used to include files from application source path --directory-recurse Recurse directory + --dry-source-path string Path in repository to the app directory for the dry source + --dry-source-repo string Repository URL of the app dry source + --dry-source-revision string Revision of the app dry source --env string Application environment to monitor -f, --file string Filename or URL to Kubernetes manifests for the app --helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster @@ -56,9 +59,11 @@ argocd admin app generate-spec APPNAME [flags] --helm-set-file stringArray Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2) --helm-set-string stringArray Helm set STRING values on the command line (can be repeated to set several values: --helm-set-string key1=val1 --helm-set-string key2=val2) --helm-skip-crds Skip helm crd installation step + --helm-skip-schema-validation Skip helm schema validation step --helm-skip-tests Skip helm test manifests installation step --helm-version string Helm version -h, --help help for generate-spec + --hydrate-to-branch string The branch to hydrate the app to --ignore-missing-value-files Ignore locally missing valueFiles when setting helm template --values -i, --inline If set then generated resource is written back to the file specified in --file flag --jsonnet-ext-var-code stringArray Jsonnet ext var @@ -100,6 +105,8 @@ argocd admin app generate-spec APPNAME [flags] --sync-retry-backoff-factor int Factor multiplies the base duration after each failed sync retry (default 2) --sync-retry-backoff-max-duration duration Max sync retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s) --sync-retry-limit int Max number of allowed sync retries + --sync-source-branch string The branch from which the app will sync + --sync-source-path string The path in the repository from which the app will sync --validate Validation of repo and cluster (default true) --values stringArray Helm values file(s) to use --values-literal-file string Filename or URL to import as a literal Helm values block diff --git a/docs/user-guide/commands/argocd_admin_proj_generate-spec.md b/docs/user-guide/commands/argocd_admin_proj_generate-spec.md index 92feec6bef3f2..c25d24f6bef73 100644 --- a/docs/user-guide/commands/argocd_admin_proj_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_proj_generate-spec.md @@ -12,13 +12,13 @@ argocd admin proj generate-spec PROJECT [flags] ``` # Generate a YAML configuration for a project named "myproject" - argocd admin projects generate-spec myproject + argocd admin proj generate-spec myproject # Generate a JSON configuration for a project named "anotherproject" and specify an output file - argocd admin projects generate-spec anotherproject --output json --file config.json + argocd admin proj generate-spec anotherproject --output json --file config.json # Generate a YAML configuration for a project named "someproject" and write it back to the input file - argocd admin projects generate-spec someproject --inline + argocd admin proj generate-spec someproject --inline ``` ### Options diff --git a/docs/user-guide/commands/argocd_admin_proj_update-role-policy.md b/docs/user-guide/commands/argocd_admin_proj_update-role-policy.md index c339ad43f311d..9e086f0281aca 100644 --- a/docs/user-guide/commands/argocd_admin_proj_update-role-policy.md +++ b/docs/user-guide/commands/argocd_admin_proj_update-role-policy.md @@ -12,10 +12,10 @@ argocd admin proj update-role-policy PROJECT_GLOB MODIFICATION ACTION [flags] ``` # Add policy that allows executing any action (action/*) to roles which name matches to *deployer* in all projects - argocd admin projects update-role-policy '*' set 'action/*' --role '*deployer*' --resource applications --scope '*' --permission allow + argocd admin proj update-role-policy '*' set 'action/*' --role '*deployer*' --resource applications --scope '*' --permission allow # Remove policy that which manages running (action/*) from all roles which name matches *deployer* in all projects - argocd admin projects update-role-policy '*' remove override --role '*deployer*' + argocd admin proj update-role-policy '*' remove override --role '*deployer*' ``` diff --git a/docs/user-guide/commands/argocd_app_add-source.md b/docs/user-guide/commands/argocd_app_add-source.md index 4597aa4a08035..72f2f98cf0616 100644 --- a/docs/user-guide/commands/argocd_app_add-source.md +++ b/docs/user-guide/commands/argocd_app_add-source.md @@ -28,6 +28,9 @@ argocd app add-source APPNAME [flags] --directory-exclude string Set glob expression used to exclude files from application source path --directory-include string Set glob expression used to include files from application source path --directory-recurse Recurse directory + --dry-source-path string Path in repository to the app directory for the dry source + --dry-source-repo string Repository URL of the app dry source + --dry-source-revision string Revision of the app dry source --env string Application environment to monitor --helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster --helm-chart string Helm Chart name @@ -38,9 +41,11 @@ argocd app add-source APPNAME [flags] --helm-set-file stringArray Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2) --helm-set-string stringArray Helm set STRING values on the command line (can be repeated to set several values: --helm-set-string key1=val1 --helm-set-string key2=val2) --helm-skip-crds Skip helm crd installation step + --helm-skip-schema-validation Skip helm schema validation step --helm-skip-tests Skip helm test manifests installation step --helm-version string Helm version -h, --help help for add-source + --hydrate-to-branch string The branch to hydrate the app to --ignore-missing-value-files Ignore locally missing valueFiles when setting helm template --values --jsonnet-ext-var-code stringArray Jsonnet ext var --jsonnet-ext-var-str stringArray Jsonnet string ext var @@ -77,6 +82,8 @@ argocd app add-source APPNAME [flags] --sync-retry-backoff-factor int Factor multiplies the base duration after each failed sync retry (default 2) --sync-retry-backoff-max-duration duration Max sync retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s) --sync-retry-limit int Max number of allowed sync retries + --sync-source-branch string The branch from which the app will sync + --sync-source-path string The path in the repository from which the app will sync --validate Validation of repo and cluster (default true) --values stringArray Helm values file(s) to use --values-literal-file string Filename or URL to import as a literal Helm values block diff --git a/docs/user-guide/commands/argocd_app_create.md b/docs/user-guide/commands/argocd_app_create.md index cf5393ab04ac8..0dc043f83febb 100644 --- a/docs/user-guide/commands/argocd_app_create.md +++ b/docs/user-guide/commands/argocd_app_create.md @@ -47,6 +47,9 @@ argocd app create APPNAME [flags] --directory-exclude string Set glob expression used to exclude files from application source path --directory-include string Set glob expression used to include files from application source path --directory-recurse Recurse directory + --dry-source-path string Path in repository to the app directory for the dry source + --dry-source-repo string Repository URL of the app dry source + --dry-source-revision string Revision of the app dry source --env string Application environment to monitor -f, --file string Filename or URL to Kubernetes manifests for the app --helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster @@ -58,9 +61,11 @@ argocd app create APPNAME [flags] --helm-set-file stringArray Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2) --helm-set-string stringArray Helm set STRING values on the command line (can be repeated to set several values: --helm-set-string key1=val1 --helm-set-string key2=val2) --helm-skip-crds Skip helm crd installation step + --helm-skip-schema-validation Skip helm schema validation step --helm-skip-tests Skip helm test manifests installation step --helm-version string Helm version -h, --help help for create + --hydrate-to-branch string The branch to hydrate the app to --ignore-missing-value-files Ignore locally missing valueFiles when setting helm template --values --jsonnet-ext-var-code stringArray Jsonnet ext var --jsonnet-ext-var-str stringArray Jsonnet string ext var @@ -100,6 +105,8 @@ argocd app create APPNAME [flags] --sync-retry-backoff-factor int Factor multiplies the base duration after each failed sync retry (default 2) --sync-retry-backoff-max-duration duration Max sync retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s) --sync-retry-limit int Max number of allowed sync retries + --sync-source-branch string The branch from which the app will sync + --sync-source-path string The path in the repository from which the app will sync --upsert Allows to override application with the same name even if supplied application spec is different from existing spec --validate Validation of repo and cluster (default true) --values stringArray Helm values file(s) to use diff --git a/docs/user-guide/commands/argocd_app_set.md b/docs/user-guide/commands/argocd_app_set.md index 7beefcac5955e..f877155d3ea7e 100644 --- a/docs/user-guide/commands/argocd_app_set.md +++ b/docs/user-guide/commands/argocd_app_set.md @@ -40,6 +40,9 @@ argocd app set APPNAME [flags] --directory-exclude string Set glob expression used to exclude files from application source path --directory-include string Set glob expression used to include files from application source path --directory-recurse Recurse directory + --dry-source-path string Path in repository to the app directory for the dry source + --dry-source-repo string Repository URL of the app dry source + --dry-source-revision string Revision of the app dry source --env string Application environment to monitor --helm-api-versions stringArray Helm api-versions (in format [group/]version/kind) to use when running helm template (Can be repeated to set several values: --helm-api-versions traefik.io/v1alpha1/TLSOption --helm-api-versions v1/Service). If not set, use the api-versions from the destination cluster --helm-chart string Helm Chart name @@ -50,9 +53,11 @@ argocd app set APPNAME [flags] --helm-set-file stringArray Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2) --helm-set-string stringArray Helm set STRING values on the command line (can be repeated to set several values: --helm-set-string key1=val1 --helm-set-string key2=val2) --helm-skip-crds Skip helm crd installation step + --helm-skip-schema-validation Skip helm schema validation step --helm-skip-tests Skip helm test manifests installation step --helm-version string Helm version -h, --help help for set + --hydrate-to-branch string The branch to hydrate the app to --ignore-missing-value-files Ignore locally missing valueFiles when setting helm template --values --jsonnet-ext-var-code stringArray Jsonnet ext var --jsonnet-ext-var-str stringArray Jsonnet string ext var @@ -90,6 +95,8 @@ argocd app set APPNAME [flags] --sync-retry-backoff-factor int Factor multiplies the base duration after each failed sync retry (default 2) --sync-retry-backoff-max-duration duration Max sync retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s) --sync-retry-limit int Max number of allowed sync retries + --sync-source-branch string The branch from which the app will sync + --sync-source-path string The path in the repository from which the app will sync --validate Validation of repo and cluster (default true) --values stringArray Helm values file(s) to use --values-literal-file string Filename or URL to import as a literal Helm values block diff --git a/docs/user-guide/commands/argocd_app_wait.md b/docs/user-guide/commands/argocd_app_wait.md index 8751c2228b93e..1d706d1c660e6 100644 --- a/docs/user-guide/commands/argocd_app_wait.md +++ b/docs/user-guide/commands/argocd_app_wait.md @@ -43,6 +43,7 @@ argocd app wait [APPNAME.. | -l selector] [flags] --delete Wait for delete --health Wait for health -h, --help help for wait + --hydrated Wait for hydration operations --operation Wait for pending operations -o, --output string Output format. One of: json|yaml|wide|tree|tree=detailed (default "wide") --resource stringArray Sync only specific resources as GROUP:KIND:NAME or !GROUP:KIND:NAME. Fields may be blank and '*' can be used. This option may be specified repeatedly diff --git a/docs/user-guide/commands/argocd_repocreds.md b/docs/user-guide/commands/argocd_repocreds.md index b8a7388be0acb..a5ddfde9c85d8 100644 --- a/docs/user-guide/commands/argocd_repocreds.md +++ b/docs/user-guide/commands/argocd_repocreds.md @@ -2,7 +2,7 @@ ## argocd repocreds -Manage repository connection parameters +Manage credential templates for repositories ``` argocd repocreds [flags] diff --git a/docs/user-guide/commands/argocd_repocreds_add.md b/docs/user-guide/commands/argocd_repocreds_add.md index d1399fc51fa6a..d0632c703c82b 100644 --- a/docs/user-guide/commands/argocd_repocreds_add.md +++ b/docs/user-guide/commands/argocd_repocreds_add.md @@ -84,5 +84,5 @@ argocd repocreds add REPOURL [flags] ### SEE ALSO -* [argocd repocreds](argocd_repocreds.md) - Manage repository connection parameters +* [argocd repocreds](argocd_repocreds.md) - Manage credential templates for repositories diff --git a/docs/user-guide/commands/argocd_repocreds_list.md b/docs/user-guide/commands/argocd_repocreds_list.md index e5ff56d731251..b38ea1a3a2960 100644 --- a/docs/user-guide/commands/argocd_repocreds_list.md +++ b/docs/user-guide/commands/argocd_repocreds_list.md @@ -63,5 +63,5 @@ argocd repocreds list [flags] ### SEE ALSO -* [argocd repocreds](argocd_repocreds.md) - Manage repository connection parameters +* [argocd repocreds](argocd_repocreds.md) - Manage credential templates for repositories diff --git a/docs/user-guide/commands/argocd_repocreds_rm.md b/docs/user-guide/commands/argocd_repocreds_rm.md index d549da3e6e2de..960c770907c6e 100644 --- a/docs/user-guide/commands/argocd_repocreds_rm.md +++ b/docs/user-guide/commands/argocd_repocreds_rm.md @@ -53,5 +53,5 @@ argocd repocreds rm CREDSURL [flags] ### SEE ALSO -* [argocd repocreds](argocd_repocreds.md) - Manage repository connection parameters +* [argocd repocreds](argocd_repocreds.md) - Manage credential templates for repositories diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index cae8ffdcefca2..938a1d318c309 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -499,6 +499,26 @@ spec: skipCrds: true ``` +## Helm `--skip-schema-validation` + +Helm validates the values.yaml file using a values.schema.json file. See [Schema files](https://helm.sh/docs/topics/charts/#schema-files) for details. + +If needed, it is possible to skip the schema validation step with the `helm-skip-schema-validation` flag on the cli: + +```bash +argocd app set helm-guestbook --helm-skip-schema-validation +``` + +Or using declarative syntax: + +```yaml +spec: + source: + helm: + skipSchemaValidation: true +``` + + ## Helm `--skip-tests` diff --git a/docs/user-guide/multiple_sources.md b/docs/user-guide/multiple_sources.md index f9be46d76f8fa..4d7f1f7ea4a3c 100644 --- a/docs/user-guide/multiple_sources.md +++ b/docs/user-guide/multiple_sources.md @@ -70,9 +70,11 @@ spec: ref: values ``` -In the above example, the `prometheus` chart will use the value file from `git.example.gom/org/value-files.git`. -`$values` resolves to the root of the `value-files` repository. The `$values` variable may only be specified at the -beginning of the value file path. +In the above example, the `prometheus` chart will use the value file from `git.example.com/org/value-files.git`. +For Argo to reference the external Git repository containing the value files, you must set the `ref` parameter on +the repository. In the above example, the parameter `ref: values` maps to the variable `$values`, which resolves +to the root of the `value-files` repository. +Note that the `$values` variable can only be used at the beginning of the value file path. If the `path` field is set in the `$values` source, Argo CD will attempt to generate resources from the git repository at that URL. If the `path` field is not set, Argo CD will use the repository solely as a source of value files. diff --git a/docs/user-guide/source-hydrator.md b/docs/user-guide/source-hydrator.md new file mode 100644 index 0000000000000..d5685f21d0e44 --- /dev/null +++ b/docs/user-guide/source-hydrator.md @@ -0,0 +1,192 @@ +# Source Hydrator + +**Current feature state**: Alpha + +Tools like Helm and Kustomize allow users to express their Kubernetes manifests in a more concise and reusable way +(keeping it DRY - Don't Repeat Yourself). However, these tools can obscure the actual Kubernetes manifests that are +applied to the cluster. + +The "rendered manifest pattern" is a way to push the hydrated manifests to git before syncing them to the cluster. This +allows users to see the actual Kubernetes manifests that are applied to the cluster. + +The source hydrator is a feature of Argo CD that allows users to push the hydrated manifests to git before syncing them +to the cluster. + +## Enabling the Source Hydrator + +The source hydrator is disabled by default. + +To enable the source hydrator, you need to enable the "commit server" component and set the `hydrator.enabled` field in +argocd-cmd-params-cm ConfigMap to `"true"`. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm + namespace: argocd +data: + hydrator.enabled: "true" +``` + +!!! important + After updating the ConfigMap, you must restart the Argo CD controller and API server for the changes to take effect. + +If you are using one of the `*-install.yaml` manifests to install Argo CD, you can use the +`*-install-with-hydrator.yaml` version of that file instead. + +For example, + +``` +Without hydrator: https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml +With hydrator: https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install-with-hydrator.yaml +``` + +!!! important + The `*-with-hydrator-install.yaml` manifests will eventually be removed when the source hydrator is either enabled + by default or removed. The upgrade guide will note if the `install-with-hydrator.yaml` manifests are no longer + available. + +## Using the Source Hydrator + +To use the source hydrator, you must first install a push secret. This example uses a GitHub App for authentication, but +you can use [any authentication method that Argo CD supports for repository access](../operator-manual/declarative-setup.md#repositories). + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: my-push-secret + namespace: argocd + labels: + argocd.argoproj.io/secret-type: repository-write +type: Opaque +stringData: + url: "https://github.com" + type: "git" + githubAppID: "" + githubAppInstallationID: "" + githubAppPrivateKey: | + +``` + +The label `argocd.argoproj.io/secret-type: repository-write` causes this Secret to be used for pushing manifests to git +instead of pulling from git. + +Once your push secret is installed, set the `spec.sourceHydrator` field of the Application. For example: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: my-app +spec: + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + path: helm-guestbook + targetRevision: HEAD + syncSource: + targetBranch: environments/dev + path: helm-guestbook +``` + +In this example, the hydrated manifests will be pushed to the `environments/dev` branch of the `argocd-example-apps` +repository. + +!!! important "Project-Scoped Repositories" + + Repository Secrets may contain a `project` field, making the secret only usable by Applications in that project. + The source hydrator only supports project-scoped repositories if all Applications writing to the same repository and + branch are in the same project. If Applications in different projects write to the same repository and branch, the + source hydrator will not be able to use a project-scoped repository secret and will require a global repository + secret. This behavior may change in the future. + +If there are multiple repository-write Secrets available for a repo, the source hydrator will non-deterministically +select one of the matching Secrets and log a warning saying "Found multiple credentials for repoURL". + +## Pushing to a "Staging" Branch + +The source hydrator can be used to push hydrated manifests to a "staging" branch instead of the `syncSource` branch. +This provides a way to prevent the hydrated manifests from being applied to the cluster until some prerequisite +conditions are met (in effect providing a way to handle environment promotion via Pull Requests). + +To use the source hydrator to push to a "staging" branch, set the `spec.sourceHydrator.hydrateTo` field of the +Application. For example: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: my-app +spec: + project: my-project + destination: + server: https://kubernetes.default.svc + namespace: default + sourceHydrator: + drySource: + repoURL: https://github.com/argoproj/argocd-example-apps + path: helm-guestbook + targetRevision: HEAD + syncSource: + targetBranch: environments/dev + path: helm-guestbook + hydrateTo: + targetBranch: environments/dev-next +``` + +In this example, the hydrated manifests will be pushed to the `environments/dev-next` branch, and Argo CD will not sync +the changes until something moves them to the `environments/dev` branch. + +You could use a CI action to move the hydrated manifests from the `hydrateTo` branch to the `syncSource` branch. To +introduce a gating mechanism, you could require a Pull Request to be opened to merge the changes from the `hydrateTo` +branch to the `syncSource` branch. + +Argo CD will only push changes to the `hydrateTo` branch, it will not create a PR or otherwise facilitate moving those +changes to the `syncSource` branch. You will need to use your own tooling to move the changes from the `hydrateTo` +branch to the `syncSource` branch. + +## Limitations + +### Project-Scoped Push Secrets + +If all the Applications for a given destination repo/branch are under the same project, then the hydrator will use any +available project-scoped push secrets. If two Applications for a given repo/branch are in different projects, then the +hydrator will not be able to use a project-scoped push secret and will require a global push secret. + +### Credential Templates + +Credential templates allow a single credential to be used for multiple repositories. The source hydrator does not +currently support credential templates. You will need a separate credential for each repository. + +## Prerequisites + +### Handle Secrets on the Destination Cluster + +Do not use the source hydrator with any tool that injects secrets into your manifests as part of the hydration process +(for example, Helm with SOPS or the Argo CD Vault Plugin). These secrets would be committed to git. Instead, use a +secrets operator that populates the secret values on the destination cluster. + +## Best Practices + +### Make Hydration Deterministic + +The source hydrator should be deterministic. For a given dry source commit, the hydrator should always produce the same +hydrated manifests. This means that the hydrator should not rely on external state or configuration that is not stored +in git. + +Examples of non-deterministic hydration: + +* A Helm chart using unpinned dependencies +* A Helm chart is using a non-deterministic template function such as `randAlphaNum` or `lookup` +* [Config Management Plugins](../operator-manual/config-management-plugins.md) which retrieve non-git state, such as secrets +* Kustomize manifests referencing unpinned remote bases + +### Enable Branch Protection + +Argo CD should be the only thing pushing hydrated manifests to the hydrated branches. To prevent other tools or users +from pushing to the hydrated branches, enable branch protection in your SCM. + +It is best practice to prefix the hydrated branches with a common prefix, such as `environment/`. This makes it easier +to configure branch protection rules on the destination repository. diff --git a/docs/user-guide/sync-waves.md b/docs/user-guide/sync-waves.md index f888ac42be3f9..73ee08221ac6c 100644 --- a/docs/user-guide/sync-waves.md +++ b/docs/user-guide/sync-waves.md @@ -4,9 +4,9 @@ -Argo CD executes a sync operation in a number of steps. At a high-level, there are three phases *pre-sync*, *sync* and *post-sync*. +Argo CD executes a sync operation in a number of steps. At a high-level, there are three phases *pre-sync*, *sync* and *post-sync*. -Within each phase you can have one or more waves, that allows you to ensure certain resources are healthy before subsequent resources are synced. +Within each phase you can have one or more waves, that allows you to ensure certain resources are healthy before subsequent resources are synced. ## How Do I Configure Phases? @@ -32,6 +32,12 @@ metadata: Hooks and resources are assigned to wave zero by default. The wave can be negative, so you can create a wave that runs before all other resources. +### Can Multiple Resources Share the Same Wave? + +Yes, multiple resources can share the same sync-wave value. Resources with the same sync-wave are processed together. + +Within a wave, resources are ordered by their kind (e.g. namespaces first) and then by their name. + ## How Does It Work? When Argo CD starts a sync, it orders the resources in the following precedence: @@ -39,10 +45,10 @@ When Argo CD starts a sync, it orders the resources in the following precedence: * The phase * The wave they are in (lower values first for creation & updation and higher values first for deletion) * By kind (e.g. [namespaces first and then other Kubernetes resources, followed by custom resources](https://github.com/argoproj/gitops-engine/blob/bc9ce5764fa306f58cf59199a94f6c968c775a2d/pkg/sync/sync_tasks.go#L27-L66)) -* By name +* By name It then determines the number of the next wave to apply. This is the first number where any resource is out-of-sync or unhealthy. - + It applies resources in that wave. It repeats this process until all phases and waves are in-sync and healthy. diff --git a/docs/user-guide/sync_windows.md b/docs/user-guide/sync_windows.md index f6bc6b82f8b69..a786d158ffd23 100644 --- a/docs/user-guide/sync_windows.md +++ b/docs/user-guide/sync_windows.md @@ -2,7 +2,31 @@ Sync windows are configurable windows of time where syncs will either be blocked or allowed. These are defined by a kind, which can be either `allow` or `deny`, a `schedule` in cron format and a duration along with one or -more of either `applications`, `namespaces` and `clusters`. Wildcards are supported. These windows affect the running +more of either `applications`, `namespaces` and `clusters`. Wildcards are supported. + +## Relationship between Sync Windows and Applications + +The relationship between Sync Windows and Application resources is many-to-many. This means that an Application resource +may be affected by multiple Sync Windows, and that a single Sync Window definition may apply to multiple Application +resources. + +The relationship between Sync Window and Application is established as part of the definition of Sync Window. +Sync Window definition includes a section defining the Application resources to which it applies. There +are three mechanisms for selecting the Application resources to which a Sync Window applies: + +- By name of Application resource +- By cluster into which resources are installed by Application resource. This is specified by `Application.spec.destination.name` and `.server` fields +- By namespace into which resources are installed by Application resource. This is specified by `Application.spec.destination.namespace` field. + +All three mechanisms allow usage of wildcards. The mechanisms are not mutually exclusive, and all three of them can be used in single +Sync Window definition. + +When multiple selection mechanisms are used, they are effectively `ORed`, meaning that if any of the selector selects the Application, +then the Application is affected by the Sync Window. + +## Effect of Sync Windows + +These windows affect the running of both manual and automated syncs but allow an override for manual syncs which is useful if you are only interested in preventing automated syncs or if you need to temporarily override a window to perform a sync. diff --git a/examples/dashboard.json b/examples/dashboard.json index b21a008456e1a..2e460c8e10fa6 100644 --- a/examples/dashboard.json +++ b/examples/dashboard.json @@ -2883,7 +2883,7 @@ "datasource": { "uid": "$datasource" }, - "expr": "go_memstats_heap_alloc_bytes{job=\"argocd-repo-server-metrics\",namespace=~\"$namespace\"}", + "expr": "go_memstats_heap_alloc_bytes{job=\"argocd-server-metrics\",namespace=~\"$namespace\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -2968,7 +2968,7 @@ "datasource": { "uid": "$datasource" }, - "expr": "go_goroutines{job=\"argocd-repo-server-metrics\",namespace=~\"$namespace\"}", + "expr": "go_goroutines{job=\"argocd-server-metrics\",namespace=~\"$namespace\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{pod}}", @@ -3270,7 +3270,7 @@ "datasource": { "uid": "$datasource" }, - "expr": "go_gc_duration_seconds{job=\"argocd-repo-server-metrics\", quantile=\"1\", namespace=~\"$namespace\"}", + "expr": "go_gc_duration_seconds{job=\"argocd-server-metrics\", quantile=\"1\", namespace=~\"$namespace\"}", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{pod}}", diff --git a/go.mod b/go.mod index ab325c55294dc..ad7c25b990b5e 100644 --- a/go.mod +++ b/go.mod @@ -4,26 +4,26 @@ go 1.23.3 require ( code.gitea.io/sdk/gitea v0.19.0 - github.com/Azure/kubelogin v0.1.4 + github.com/Azure/kubelogin v0.1.6 github.com/Masterminds/semver/v3 v3.3.1 github.com/Masterminds/sprig/v3 v3.3.0 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/aburan28/httpcache v0.0.1 - github.com/alicebob/miniredis/v2 v2.33.0 + github.com/alicebob/miniredis/v2 v2.34.0 github.com/antonmedv/expr v1.15.1 - github.com/argoproj/gitops-engine v0.7.1-0.20241107145828-847cfc9f8b20 + github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431 github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 github.com/aws/aws-sdk-go v1.55.5 github.com/bmatcuk/doublestar/v4 v4.7.1 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.12.0 - github.com/casbin/casbin/v2 v2.101.0 + github.com/casbin/casbin/v2 v2.102.0 github.com/casbin/govaluate v1.2.0 github.com/cespare/xxhash/v2 v2.3.0 github.com/chainguard-dev/git-urls v1.0.2 github.com/coreos/go-oidc/v3 v3.11.0 - github.com/cyphar/filepath-securejoin v0.3.4 + github.com/cyphar/filepath-securejoin v0.3.6 github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.9.0+incompatible github.com/expr-lang/expr v1.16.9 @@ -44,20 +44,20 @@ require ( github.com/golang/protobuf v1.5.4 github.com/google/btree v1.1.3 github.com/google/go-cmp v0.6.0 - github.com/google/go-github/v63 v63.0.0 + github.com/google/go-github/v66 v66.0.0 github.com/google/go-jsonnet v0.20.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/google/uuid v1.6.0 github.com/gorilla/handlers v1.5.2 github.com/gorilla/websocket v1.5.3 - github.com/gosimple/slug v1.14.0 + github.com/gosimple/slug v1.15.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.16.0 github.com/hashicorp/go-retryablehttp v0.7.7 github.com/imdario/mergo v0.3.16 github.com/improbable-eng/grpc-web v0.15.0 - github.com/itchyny/gojq v0.12.16 + github.com/itchyny/gojq v0.12.17 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/ktrysmt/go-bitbucket v0.9.81 @@ -76,24 +76,24 @@ require ( github.com/soheilhy/cmux v0.1.5 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.10.0 github.com/valyala/fasttemplate v1.2.2 - github.com/xanzy/go-gitlab v0.114.0 github.com/yuin/gopher-lua v1.1.1 + gitlab.com/gitlab-org/api/client-go v0.116.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 - go.opentelemetry.io/otel v1.32.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0 - go.opentelemetry.io/otel/sdk v1.32.0 - golang.org/x/crypto v0.29.0 - golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/net v0.31.0 + go.opentelemetry.io/otel v1.33.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 + go.opentelemetry.io/otel/sdk v1.33.0 + golang.org/x/crypto v0.31.0 + golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f + golang.org/x/net v0.33.0 golang.org/x/oauth2 v0.24.0 - golang.org/x/sync v0.9.0 - golang.org/x/term v0.26.0 + golang.org/x/sync v0.10.0 + golang.org/x/term v0.27.0 golang.org/x/time v0.8.0 - google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 - google.golang.org/grpc v1.67.1 - google.golang.org/protobuf v1.35.2 + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 + google.golang.org/grpc v1.69.2 + google.golang.org/protobuf v1.36.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.31.0 @@ -108,16 +108,16 @@ require ( k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 oras.land/oras-go/v2 v2.5.0 - sigs.k8s.io/controller-runtime v0.19.1 - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 + sigs.k8s.io/controller-runtime v0.19.3 + sigs.k8s.io/structured-merge-diff/v4 v4.4.4-0.20241211184406-7bf59b3d70ee sigs.k8s.io/yaml v1.4.0 ) require ( dario.cat/mergo v1.0.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect github.com/aws/aws-sdk-go-v2/config v1.25.12 // indirect @@ -140,24 +140,25 @@ require ( github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-github/v66 v66.0.0 // indirect github.com/google/s2a-go v0.1.7 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect + github.com/googleapis/gax-go/v2 v2.12.3 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/x448/float16 v0.8.4 // indirect go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/text v0.20.0 // indirect - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect - google.golang.org/api v0.132.0 // indirect - google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/text v0.21.0 // indirect + golang.org/x/tools v0.27.0 // indirect + google.golang.org/api v0.171.0 // indirect + google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/retry.v1 v1.0.3 // indirect k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect @@ -165,7 +166,7 @@ require ( ) require ( - cloud.google.com/go/compute/metadata v0.5.0 // indirect + cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.29 // indirect @@ -179,7 +180,7 @@ require ( github.com/PagerDuty/go-pagerduty v1.7.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect - github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect + github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -218,7 +219,7 @@ require ( github.com/gosimple/unidecode v1.0.1 // indirect github.com/gregdel/pushover v1.2.1 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 - github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/huandu/xstrings v1.5.0 // indirect @@ -251,7 +252,7 @@ require ( github.com/opsgenie/opsgenie-go-sdk-v2 v1.0.5 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect - github.com/pkg/errors v0.9.1 + github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.55.0 // indirect @@ -271,16 +272,15 @@ require ( github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.mongodb.org/mongo-driver v1.14.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 // indirect - go.opentelemetry.io/otel/metric v1.32.0 // indirect - go.opentelemetry.io/otel/trace v1.32.0 // indirect + go.mongodb.org/mongo-driver v1.17.1 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/automaxprocs v1.6.0 gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect gomodules.xyz/notify v0.1.1 // indirect - google.golang.org/appengine v1.6.8 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index f5d3f36b18ff0..db34dbd96d4f6 100644 --- a/go.sum +++ b/go.sum @@ -1,19 +1,21 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= +cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= +cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= code.gitea.io/sdk/gitea v0.19.0 h1:8I6s1s4RHgzxiPHhOQdgim1RWIRcr0LVMbHBjBFXq4Y= code.gitea.io/sdk/gitea v0.19.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= @@ -32,8 +34,10 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/Azure/kubelogin v0.1.4 h1:QxIqna3+o7l8K7JmPX69jdlHDEakAC0+A45hxu+OwNE= -github.com/Azure/kubelogin v0.1.4/go.mod h1:aWUXhjtwLzS/k/xJCTSAL4pgdjnkam1yM+2i59sLy8I= +github.com/Azure/kubelogin v0.1.6 h1:2TK38wwjODYVWlHuI7wijwGmsigpDkXWmy9eqXBmMnw= +github.com/Azure/kubelogin v0.1.6/go.mod h1:NxlvRs9CambNudRXrk63zpPgG7PHzqZwsn0v82cuFRE= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -74,10 +78,10 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= -github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.33.0 h1:uvTF0EDeu9RLnUEG27Db5I68ESoIxTiXbNUiji6lZrA= -github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQevyi/DJpoj6mi0= +github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 h1:uvdUDbHQHO85qeSydJtItA4T55Pw6BtAejd0APRJOCE= +github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= +github.com/alicebob/miniredis/v2 v2.34.0 h1:mBFWMaJSNL9RwdGRyEDoAAv8OQc5UlEhLDQggTglU/0= +github.com/alicebob/miniredis/v2 v2.34.0/go.mod h1:kWShP4b58T1CW0Y5dViCd5ztzrDqRWqM3nksiyXk5s8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -86,8 +90,8 @@ github.com/antonmedv/expr v1.15.1/go.mod h1:0E/6TxnOlRNp81GMzX9QfDPAmHo2Phg00y4J github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20241107145828-847cfc9f8b20 h1:BmqPFHuhV6vyS6Bv+yLIlJRt3quwqfJlmXGtfpLmYZs= -github.com/argoproj/gitops-engine v0.7.1-0.20241107145828-847cfc9f8b20/go.mod h1:b1vuwkyMUszyUK+USUJqC8vJijnQsEPNDpC+sDdDLtM= +github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431 h1:ku0Gzp1dHr7yn83B/xmMrmbB5sJbe32LXaYSDSBd6/c= +github.com/argoproj/gitops-engine v0.7.1-0.20241216155226-54992bf42431/go.mod h1:WsnykM8idYRUnneeT31cM/Fq/ZsjkefCbjiD8ioCJkU= github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd h1:lOVVoK89j9Nd4+JYJiKAaMNYC1402C0jICROOfUPWn0= github.com/argoproj/notifications-engine v0.4.1-0.20241007194503-2fef5c9049fd/go.mod h1:N0A4sEws2soZjEpY4hgZpQS8mRIEw6otzwfkgc3g9uQ= github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo= @@ -158,8 +162,8 @@ github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/casbin/casbin/v2 v2.101.0 h1:y8qZRXcgv5omd3k/7kpaP03Hov82sXzCC5FAfm17lkw= -github.com/casbin/casbin/v2 v2.101.0/go.mod h1:LO7YPez4dX3LgoTCqSQAleQDo0S0BeZBDxYnPUl95Ng= +github.com/casbin/casbin/v2 v2.102.0 h1:weq9iSThUSL21SH3VrwoKa2DgRsaYMfjRNX/yOU3Foo= +github.com/casbin/casbin/v2 v2.102.0/go.mod h1:LO7YPez4dX3LgoTCqSQAleQDo0S0BeZBDxYnPUl95Ng= github.com/casbin/govaluate v1.2.0 h1:wXCXFmqyY+1RwiKfYo3jMKyrtZmOL3kHwaqDyCPOYak= github.com/casbin/govaluate v1.2.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= @@ -208,8 +212,8 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8= -github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM= +github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= +github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -435,8 +439,6 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= -github.com/google/go-github/v63 v63.0.0 h1:13xwK/wk9alSokujB9lJkuzdmQuVn2QCPeck76wR3nE= -github.com/google/go-github/v63 v63.0.0/go.mod h1:IqbcrgUmIcEaioWrGYei/09o+ge5vhffGOcxrO0AfmA= github.com/google/go-github/v66 v66.0.0 h1:ADJsaXj9UotwdgK8/iFZtv7MLc8E8WBl62WLd/D/9+M= github.com/google/go-github/v66 v66.0.0/go.mod h1:+4SO9Zkuyf8ytMj0csN1NR/5OTR+MfqPp8P8dVlcvY4= github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g= @@ -463,10 +465,10 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM= -github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= +github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= +github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4 h1:4EZlYQIiyecYJlUbVkFXCXHz1QPhVXcHnQKAzBTPfQo= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4/go.mod h1:lEO7XoHJ/xNRBCxrn4h/CEB67h0kW1B0t4ooP2yrjUA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -482,8 +484,8 @@ github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gosimple/slug v1.14.0 h1:RtTL/71mJNDfpUbCOmnf/XFkzKRtD6wL6Uy+3akm4Es= -github.com/gosimple/slug v1.14.0/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= +github.com/gosimple/slug v1.15.0 h1:wRZHsRrRcs6b0XnxMUBM6WK1U1Vg5B0R7VkIf1Xzobo= +github.com/gosimple/slug v1.15.0/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o= github.com/gosimple/unidecode v1.0.1/go.mod h1:CP0Cr1Y1kogOtx0bJblKzsVWrqYaqfNOnHzpgWw4Awc= github.com/gregdel/pushover v1.2.1 h1:IPPJCdzXz60gMqnlzS0ZAW5z5aS1gI4nU+YM0Pe+ssA= @@ -499,8 +501,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -549,8 +551,8 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/itchyny/gojq v0.12.16 h1:yLfgLxhIr/6sJNVmYfQjTIv0jGctu6/DgDoivmxTr7g= -github.com/itchyny/gojq v0.12.16/go.mod h1:6abHbdC2uB9ogMS38XsErnfqJ94UlngIJGlRAIj4jTM= +github.com/itchyny/gojq v0.12.17 h1:8av8eGduDb5+rvEdaOO+zQUjA04MS0m3Ps8HiD+fceg= +github.com/itchyny/gojq v0.12.17/go.mod h1:WBrEMkgAfAGO1LUcGOckBl5O726KPp+OlkKug0I/FEY= github.com/itchyny/timefmt-go v0.1.6 h1:ia3s54iciXDdzWzwaVKXZPbiXzxxnv1SPGFfM/myJ5Q= github.com/itchyny/timefmt-go v0.1.6/go.mod h1:RRDZYC5s9ErkjQvTvvU7keJjxUYzIISJGxm9/mAERQg= github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk= @@ -586,6 +588,8 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNU github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= @@ -930,10 +934,11 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tj/assert v0.0.3 h1:Df/BlaZ20mq6kuai7f5z2TvPFiwC3xaWJSDQNiIS3Rk= github.com/tj/assert v0.0.3/go.mod h1:Ne6X72Q+TB1AteidzQncjw9PabbMp4PBMZ1k+vd1Pvk= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= @@ -953,8 +958,6 @@ github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAh github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.114.0 h1:0wQr/KBckwrZPfEMjRqpUz0HmsKKON9UhCYv9KDy19M= -github.com/xanzy/go-gitlab v0.114.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= @@ -966,29 +969,37 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= +gitlab.com/gitlab-org/api/client-go v0.116.0 h1:Dy534gtZPMrnm3fAcmQRMadrcoUyFO4FQ4rXlSAdHAw= +gitlab.com/gitlab-org/api/client-go v0.116.0/go.mod h1:B29OfnZklmaoiR7uHANh9jTyfWEgmXvZLVEnosw2Dx0= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= -go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= +go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM= +go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8= -go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= -go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 h1:K0XaT3DwHAcV4nKLzcQvwAgSyisUghWoY20I7huthMk= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0/go.mod h1:B5Ki776z/MBnVha1Nzwp5arlzBbE3+1jk+pGmaP5HME= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0 h1:FFeLy03iVTXP6ffeN2iXrxfGsZGCjVx0/4KlizjyBwU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0/go.mod h1:TMu73/k1CP8nBUpDLc71Wj/Kf7ZS9FK5b53VapRsP9o= -go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= -go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= -go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4= -go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU= -go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= -go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= +go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= @@ -1046,13 +1057,13 @@ golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOM golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1076,8 +1087,9 @@ golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1131,8 +1143,8 @@ golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1156,8 +1168,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1227,8 +1239,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1253,14 +1265,13 @@ golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -1274,8 +1285,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1316,8 +1327,9 @@ golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1331,14 +1343,12 @@ gomodules.xyz/notify v0.1.1 h1:1tTuoyswmPvzqPCTEDQK8SZ3ukCxLsonAAwst2+y1a0= gomodules.xyz/notify v0.1.1/go.mod h1:QgQyU4xEA/plJcDeT66J2Go2V7U4c0pD9wjo7HfFil4= gomodules.xyz/version v0.1.0/go.mod h1:Y8xuV02mL/45psyPKG3NCVOwvAOy6T5Kx0l3rCjKSjU= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= -google.golang.org/api v0.132.0 h1:8t2/+qZ26kAOGSmOiHwVycqVaDg7q3JDILrNi/Z6rvc= -google.golang.org/api v0.132.0/go.mod h1:AeTBC6GpJnJSRJjktDcPX0QwtS8pGYZOV6MSuSCusw0= +google.golang.org/api v0.171.0 h1:w174hnBPqut76FzW5Qaupt7zY8Kql6fiVjgys4f58sU= +google.golang.org/api v0.171.0/go.mod h1:Hnq5AHm4OTMt2BUVjael2CWZFD6vksJdWCWiUAmjC9o= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1348,12 +1358,12 @@ google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= -google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1:T6rh4haD3GVYsgEfWExoCZA2o2FmbNyKpTuAxbEFPTg= -google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= +google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1369,8 +1379,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= -google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= @@ -1379,8 +1389,8 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= +google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk= @@ -1460,8 +1470,8 @@ nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= -sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= -sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw= +sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= @@ -1469,8 +1479,9 @@ sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZ sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/structured-merge-diff/v4 v4.4.4-0.20241211184406-7bf59b3d70ee h1:ipT2c6nEOdAfBwiwW1oI0mkrlPabbXEFmJBrg6B+OR8= +sigs.k8s.io/structured-merge-diff/v4 v4.4.4-0.20241211184406-7bf59b3d70ee/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/hack/gen-catalog/main.go b/hack/gen-catalog/main.go index c7963dbf83ab4..962ecc6a7e8c6 100644 --- a/hack/gen-catalog/main.go +++ b/hack/gen-catalog/main.go @@ -68,14 +68,14 @@ func newCatalogCommand() *cobra.Command { trigger := triggers[name] t, err := yaml.Marshal(trigger) dieOnError(err, "Failed to marshal trigger") - cm.Data[fmt.Sprintf("trigger.%s", name)] = string(t) + cm.Data["trigger."+name] = string(t) }) misc.IterateStringKeyMap(templates, func(name string) { template := templates[name] t, err := yaml.Marshal(template) dieOnError(err, "Failed to marshal template") - cm.Data[fmt.Sprintf("template.%s", name)] = string(t) + cm.Data["template."+name] = string(t) }) d, err := yaml.Marshal(cm) diff --git a/hack/gen-resources/generators/application_generator.go b/hack/gen-resources/generators/application_generator.go index 9e78299d979b0..6d7db8c587910 100644 --- a/hack/gen-resources/generators/application_generator.go +++ b/hack/gen-resources/generators/application_generator.go @@ -82,12 +82,12 @@ func (pg *ApplicationGenerator) Generate(opts *util.GenerateOpts) error { if err != nil { return err } - log.Printf("Pick source \"%s\"", source) + log.Printf("Pick source %q", source) destination, err := pg.buildDestination(opts, clusters.Items) if err != nil { return err } - log.Printf("Pick destination \"%s\"", destination) + log.Printf("Pick destination %q", destination) log.Printf("Create application") _, err = applications.Create(context.TODO(), &v1alpha1.Application{ ObjectMeta: v1.ObjectMeta{ diff --git a/hack/generate-proto.sh b/hack/generate-proto.sh index 83f542a9d21ab..f4f3cfe17339e 100755 --- a/hack/generate-proto.sh +++ b/hack/generate-proto.sh @@ -95,7 +95,7 @@ MOD_ROOT=${GOPATH}/pkg/mod grpc_gateway_version=$(go list -m github.com/grpc-ecosystem/grpc-gateway | awk '{print $NF}' | head -1) GOOGLE_PROTO_API_PATH=${MOD_ROOT}/github.com/grpc-ecosystem/grpc-gateway@${grpc_gateway_version}/third_party/googleapis GOGO_PROTOBUF_PATH=${PROJECT_ROOT}/vendor/github.com/gogo/protobuf -PROTO_FILES=$(find "$PROJECT_ROOT" \( -name "*.proto" -and -path '*/server/*' -or -path '*/reposerver/*' -and -name "*.proto" -or -path '*/cmpserver/*' -and -name "*.proto" \) | sort) +PROTO_FILES=$(find "$PROJECT_ROOT" \( -name "*.proto" -and -path '*/server/*' -or -path '*/reposerver/*' -and -name "*.proto" -or -path '*/cmpserver/*' -and -name "*.proto" -or -path '*/commitserver/*' -and -name "*.proto" -or -path '*/util/askpass/*' -and -name "*.proto" \) | sort) for i in ${PROTO_FILES}; do protoc \ -I"${PROJECT_ROOT}" \ @@ -110,6 +110,9 @@ for i in ${PROTO_FILES}; do "$i" done +# This file is generated but should not be checked in. +rm util/askpass/askpass.swagger.json + [ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}" [ -L ./v2 ] && rm -rf v2 @@ -162,3 +165,4 @@ clean_swagger server clean_swagger reposerver clean_swagger controller clean_swagger cmpserver +clean_swagger commitserver diff --git a/hack/installers/checksums/helm-v-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/hack/installers/checksums/helm-v-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/hack/installers/checksums/helm-v-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/hack/installers/checksums/helm-v3.16.3-darwin-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.16.3-darwin-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..e18ebc0a5508a --- /dev/null +++ b/hack/installers/checksums/helm-v3.16.3-darwin-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +495d75b404a96fb664f1ca3f8cb01db2210aacc62dbfa1bbab30916abbb20a57 helm-v3.16.3-darwin-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.16.3-darwin-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.16.3-darwin-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..c1aeefe87d609 --- /dev/null +++ b/hack/installers/checksums/helm-v3.16.3-darwin-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +3a39f690173086e6eea17674751eb3c8b970c02697e49cecd4093eaa3cf89dcd helm-v3.16.3-darwin-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.16.3-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.16.3-linux-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..2d626fb39f280 --- /dev/null +++ b/hack/installers/checksums/helm-v3.16.3-linux-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +f5355c79190951eed23c5432a3b920e071f4c00a64f75e077de0dd4cb7b294ea helm-v3.16.3-linux-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.16.3-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.16.3-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..9d0b427069911 --- /dev/null +++ b/hack/installers/checksums/helm-v3.16.3-linux-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +5bd34ed774df6914b323ff84a0a156ea6ff2ba1eaf0113962fa773f3f9def798 helm-v3.16.3-linux-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.16.3-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.16.3-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..d57da1739d4d2 --- /dev/null +++ b/hack/installers/checksums/helm-v3.16.3-linux-ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +266f7698c56a724fddd3a2f2b862ad496c4338dce79f0282fdbc6e23e1738608 helm-v3.16.3-linux-ppc64le.tar.gz diff --git a/hack/installers/checksums/helm-v3.16.3-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.16.3-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..1f6019aa2daad --- /dev/null +++ b/hack/installers/checksums/helm-v3.16.3-linux-s390x.tar.gz.sha256 @@ -0,0 +1 @@ +bac414c409faead9c2b8af11d29281aa4f1aeb9139c62d5178baf982d71fc9bb helm-v3.16.3-linux-s390x.tar.gz diff --git a/hack/installers/install-codegen-tools.sh b/hack/installers/install-codegen-tools.sh index f97255d35cca3..884f83f71fbb4 100755 --- a/hack/installers/install-codegen-tools.sh +++ b/hack/installers/install-codegen-tools.sh @@ -1,4 +1,4 @@ #!/bin/bash set -eux -o pipefail -KUSTOMIZE_VERSION=4.5.7 "$(dirname $0)/../install.sh" kustomize protoc +KUSTOMIZE_VERSION=5.4.3 "$(dirname $0)/../install.sh" kustomize protoc diff --git a/hack/installers/install-kustomize.sh b/hack/installers/install-kustomize.sh index 3457d1613243f..c4118aea72aaf 100755 --- a/hack/installers/install-kustomize.sh +++ b/hack/installers/install-kustomize.sh @@ -4,6 +4,7 @@ set -eux -o pipefail . $(dirname $0)/../tool-versions.sh PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/../..; pwd) +INSTALL_PATH="${BIN:-$INSTALL_PATH}" INSTALL_PATH="${INSTALL_PATH:-$PROJECT_ROOT/dist}" PATH="${INSTALL_PATH}:${PATH}" [ -d $INSTALL_PATH ] || mkdir -p $INSTALL_PATH diff --git a/hack/installers/install-lint-tools.sh b/hack/installers/install-lint-tools.sh index 5594fcd91a0a3..3dbc9e24be8c9 100755 --- a/hack/installers/install-lint-tools.sh +++ b/hack/installers/install-lint-tools.sh @@ -2,6 +2,6 @@ set -eux -o pipefail # renovate: datasource=go packageName=github.com/golangci/golangci-lint -GOLANGCI_LINT_VERSION=1.62.0 +GOLANGCI_LINT_VERSION=1.62.2 GO111MODULE=on go install "github.com/golangci/golangci-lint/cmd/golangci-lint@v${GOLANGCI_LINT_VERSION}" diff --git a/hack/k8s/main.go b/hack/k8s/main.go index 99a9ca2deb84c..8228485bb2cd3 100644 --- a/hack/k8s/main.go +++ b/hack/k8s/main.go @@ -2,7 +2,6 @@ package main import ( "context" - "fmt" "os" "os/exec" "path/filepath" @@ -29,7 +28,7 @@ func main() { kubeConfigPath = os.Args[1] } - println(fmt.Sprintf("Kubeconfig is available at %s", kubeConfigPath)) + println("Kubeconfig is available at " + kubeConfigPath) errors.CheckError(kube.WriteKubeConfig(cfg, "default", kubeConfigPath)) client, err := kubernetes.NewForConfig(cfg) errors.CheckError(err) @@ -46,7 +45,7 @@ func main() { errors.CheckError(err) cmd := exec.Command("kubectl", "apply", "-k", "manifests/base/config") - cmd.Env = []string{fmt.Sprintf("KUBECONFIG=%s", kubeConfigPath)} + cmd.Env = []string{"KUBECONFIG=" + kubeConfigPath} errors.CheckError(cmd.Run()) <-context.Background().Done() } diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index 407a6dd14b88b..5ff690de480ad 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -11,7 +11,7 @@ # Use ./hack/installers/checksums/add-helm-checksums.sh and # add-kustomize-checksums.sh to help download checksums. ############################################################################### -helm3_version=3.15.4 +helm3_version=3.16.3 kubectl_version=1.17.8 kubectx_version=0.6.3 kustomize5_version=5.4.3 diff --git a/hack/update-manifests.sh b/hack/update-manifests.sh index b546fdcf2ce9a..815efbd1c49fd 100755 --- a/hack/update-manifests.sh +++ b/hack/update-manifests.sh @@ -49,3 +49,21 @@ $KUSTOMIZE build "${SRCROOT}/manifests/ha/namespace-install" >> "${SRCROOT}/mani echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/core-install.yaml" $KUSTOMIZE build "${SRCROOT}/manifests/core-install" >> "${SRCROOT}/manifests/core-install.yaml" + +# Copies enabling manifest hydrator. These can be removed once the manifest hydrator is either removed or enabled by +# default. + +echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/install-with-hydrator.yaml" +$KUSTOMIZE build "${SRCROOT}/manifests/cluster-install-with-hydrator" >> "${SRCROOT}/manifests/install-with-hydrator.yaml" + +echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/namespace-install-with-hydrator.yaml" +$KUSTOMIZE build "${SRCROOT}/manifests/namespace-install-with-hydrator" >> "${SRCROOT}/manifests/namespace-install-with-hydrator.yaml" + +echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/ha/install-with-hydrator.yaml" +$KUSTOMIZE build "${SRCROOT}/manifests/ha/cluster-install-with-hydrator" >> "${SRCROOT}/manifests/ha/install-with-hydrator.yaml" + +echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/ha/namespace-install-with-hydrator.yaml" +$KUSTOMIZE build "${SRCROOT}/manifests/ha/namespace-install-with-hydrator" >> "${SRCROOT}/manifests/ha/namespace-install-with-hydrator.yaml" + +echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/core-install-with-hydrator.yaml" +$KUSTOMIZE build "${SRCROOT}/manifests/core-install-with-hydrator" >> "${SRCROOT}/manifests/core-install-with-hydrator.yaml" diff --git a/kustomize b/kustomize new file mode 100755 index 0000000000000..1577ba57c1d6c Binary files /dev/null and b/kustomize differ diff --git a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml index 3398ece8ef8d3..fbf52943ab706 100644 --- a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml +++ b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml @@ -115,6 +115,12 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -217,6 +223,12 @@ spec: name: argocd-cmd-params-cm key: controller.diff.server.side optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-application-controller diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index 9e07525a27982..f576bcc19f59a 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -118,6 +118,12 @@ spec: name: argocd-cmd-params-cm key: controller.self.heal.backoff.cap.seconds optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.sync.timeout.seconds + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -226,6 +232,12 @@ spec: name: argocd-cmd-params-cm key: controller.ignore.normalizer.jq.timeout optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true - name: KUBECACHEDIR value: /tmp/kubecache image: quay.io/argoproj/argocd:latest diff --git a/manifests/base/commit-server/argocd-commit-server-deployment.yaml b/manifests/base/commit-server/argocd-commit-server-deployment.yaml new file mode 100644 index 0000000000000..2eba92802080c --- /dev/null +++ b/manifests/base/commit-server/argocd-commit-server-deployment.yaml @@ -0,0 +1,150 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: commit-server + name: argocd-commit-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + spec: + serviceAccountName: argocd-commit-server + automountServiceAccountToken: false + containers: + - name: argocd-commit-server + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + args: + - /usr/local/bin/argocd-commit-server + env: + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.metrics.listen.address + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.format + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: commitserver.log.level + optional: true + ports: + - containerPort: 8086 + - containerPort: 8087 + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - name: ssh-known-hosts + mountPath: /app/config/ssh + - name: tls-certs + mountPath: /app/config/tls + - name: gpg-keys + mountPath: /app/config/gpg/source + - name: gpg-keyring + mountPath: /app/config/gpg/keys + # We need a writeable temp directory for the askpass socket file. + - name: tmp + mountPath: /tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + volumes: + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: gpg-keys + configMap: + name: argocd-gpg-keys-cm + - name: gpg-keyring + emptyDir: {} + - name: tmp + emptyDir: {} + - name: argocd-commit-server-tls + secret: + secretName: argocd-commit-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - emptyDir: {} + name: var-files + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + topologyKey: kubernetes.io/hostname + - weight: 5 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname diff --git a/manifests/base/commit-server/argocd-commit-server-network-policy.yaml b/manifests/base/commit-server/argocd-commit-server-network-policy.yaml new file mode 100644 index 0000000000000..119bf985d5ddd --- /dev/null +++ b/manifests/base/commit-server/argocd-commit-server-network-policy.yaml @@ -0,0 +1,22 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-commit-server-network-policy +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - protocol: TCP + port: 8086 + - from: + - namespaceSelector: { } + ports: + - port: 8087 diff --git a/manifests/base/commit-server/argocd-commit-server-sa.yaml b/manifests/base/commit-server/argocd-commit-server-sa.yaml new file mode 100644 index 0000000000000..802d484ed3ffe --- /dev/null +++ b/manifests/base/commit-server/argocd-commit-server-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: commit-server + name: argocd-commit-server diff --git a/manifests/base/commit-server/argocd-commit-server-service.yaml b/manifests/base/commit-server/argocd-commit-server-service.yaml new file mode 100644 index 0000000000000..75e761a10e666 --- /dev/null +++ b/manifests/base/commit-server/argocd-commit-server-service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: commit-server + name: argocd-commit-server +spec: + ports: + - name: server + protocol: TCP + port: 8086 + targetPort: 8086 + - name: metrics + protocol: TCP + port: 8087 + targetPort: 8087 + selector: + app.kubernetes.io/name: argocd-commit-server diff --git a/manifests/base/commit-server/kustomization.yaml b/manifests/base/commit-server/kustomization.yaml new file mode 100644 index 0000000000000..1bdee4f2c1430 --- /dev/null +++ b/manifests/base/commit-server/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- argocd-commit-server-sa.yaml +- argocd-commit-server-deployment.yaml +- argocd-commit-server-service.yaml +- argocd-commit-server-network-policy.yaml diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 328dfcb2146f6..5b0d688e80ad6 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -292,6 +292,12 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: hydrator.enabled + optional: true volumeMounts: - name: ssh-known-hosts mountPath: /app/config/ssh diff --git a/manifests/cluster-install-with-hydrator/kustomization.yaml b/manifests/cluster-install-with-hydrator/kustomization.yaml new file mode 100644 index 0000000000000..f813a3105aa6c --- /dev/null +++ b/manifests/cluster-install-with-hydrator/kustomization.yaml @@ -0,0 +1,12 @@ +resources: + - ../cluster-install + - ../base/commit-server + +patches: + - target: + kind: ConfigMap + name: argocd-cmd-params-cm + patch: |- + - op: add + path: /data + value: {"hydrator.enabled": "true"} diff --git a/manifests/cluster-rbac/server/argocd-server-clusterrole.yaml b/manifests/cluster-rbac/server/argocd-server-clusterrole.yaml index 3ee074622c15c..b33820950fcb6 100644 --- a/manifests/cluster-rbac/server/argocd-server-clusterrole.yaml +++ b/manifests/cluster-rbac/server/argocd-server-clusterrole.yaml @@ -15,7 +15,6 @@ rules: - delete # supports deletion a live object in UI - get # supports viewing live object manifest in UI - patch # supports `argocd app patch` - - list # supports `argocd appset generate` with cluster generator - apiGroups: - "" resources: diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml new file mode 100644 index 0000000000000..80ec8a154c49b --- /dev/null +++ b/manifests/core-install-with-hydrator.yaml @@ -0,0 +1,25227 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: applications.argoproj.io + app.kubernetes.io/part-of: argocd + name: applications.argoproj.io +spec: + group: argoproj.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + - apps + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.sync.status + name: Sync Status + type: string + - jsonPath: .status.health.status + name: Health Status + type: string + - jsonPath: .status.sync.revision + name: Revision + priority: 10 + type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + operation: + description: Operation contains information about a requested or running + operation + properties: + info: + description: Info is a list of informational items for this operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries + of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit + is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed + for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply --dry-run` + without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync + source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from the cluster + that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall be part + of the sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by + not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources for + Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform + the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to + perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains + link to repository with application definition and additional parameters + link definition revision. + properties: + destination: + description: Destination is a reference to the target Kubernetes server + and namespace + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources and their fields + which should be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter + and list of json paths which should be ignored during comparison + with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information (URLs, email addresses, + and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location of the application's + manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being used + during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to + add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force + applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize to + use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + description: Sources is a reference to the location of the application's + manifests or chart + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being + used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to + force applying common annotations to resources for Kustomize + apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + description: SyncPolicy controls when and how a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the + target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies whether to delete resources + from the cluster that are not found in the sources anymore + as part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifies whether to revert resources + back to their desired state upon modification in the cluster + (default: false)' + type: boolean + type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time + allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + status: + description: ApplicationStatus contains status information for the application + properties: + conditions: + description: Conditions is a list of currently observed application + conditions + items: + description: ApplicationCondition contains details about an application + condition, which is usually an error or warning + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was + last observed + format: date-time + type: string + message: + description: Message contains human-readable message indicating + details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string + health: + description: Health contains information about the application's current + health status + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application or + resource + type: string + type: object + history: + description: History contains information about the application's + sync history + items: + description: RevisionHistory contains history information about + a previous sync + properties: + deployStartedAt: + description: DeployStartedAt holds the time the sync operation + started + format: date-time + type: string + deployedAt: + description: DeployedAt holds the time the sync operation completed + format: date-time + type: string + id: + description: ID is an auto incrementing identifier of the RevisionHistory + format: int64 + type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + revision: + description: Revision holds the revision the sync was performed + against + type: string + revisions: + description: Revisions holds the revision of each source in + sources field the sync was performed against + items: + type: string + type: array + source: + description: Source is a reference to the application source + used for the sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application sources + used for the sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - deployedAt + - id + type: object + type: array + observedAt: + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field + format: date-time + type: string + operationState: + description: OperationState contains information about any ongoing + operations, such as a sync + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message holds any pertinent messages when attempting + to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + info: + description: Info is a list of informational items for this + operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was + initiated automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who + started operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync + fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base + duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of + time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for + retrying a failed sync. If set to 0, no retries will + be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply + --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides + sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from + the cluster that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall + be part of the sync + items: + description: SyncOperationResource contains resources + to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to + Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles do + not exist locally by not appending them to helm + template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over + Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of + Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in + the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required + information about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles + do not exist locally by not appending them + to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during manifest + generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource + definition installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to + be passed to helm template, typically defined + as a block. ValuesObject takes precedence + over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to + use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of + additional annotations to add to rendered + manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize + patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the + Git repository, and is only valid for applications + sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the + variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an + array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map + type parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a + string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source + within sources field. This field will not be used + if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, + e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the + sync + properties: + apply: + description: Apply will perform a `kubectl apply` + to perform the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources + to perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + retryCount: + description: RetryCount contains time of operation retries + format: int64 + type: integer + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + managedNamespaceMetadata: + description: ManagedNamespaceMetadata contains the current + sync state of managed namespace metadata + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + resources: + description: Resources contains a list of sync result items + for each individual resource in a sync operation + items: + description: ResourceResult holds the operation result details + of a specific resource + properties: + group: + description: Group specifies the API group of the resource + type: string + hookPhase: + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. + type: string + hookType: + description: HookType specifies the type of the hook. + Empty for non-hook resources + type: string + kind: + description: Kind specifies the API kind of the resource + type: string + message: + description: Message contains an informational or error + message for the last sync OR operation + type: string + name: + description: Name specifies the name of the resource + type: string + namespace: + description: Namespace specifies the target namespace + of the resource + type: string + status: + description: Status holds the final result of the sync. + Will be empty if the resources is yet to be applied/pruned + and is always zero-value for hooks + type: string + syncPhase: + description: SyncPhase indicates the particular phase + of the sync that this result was acquired in + type: string + version: + description: Version specifies the API version of the + resource + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision this sync operation + was performed to + type: string + revisions: + description: Revisions holds the revision this sync operation + was performed for respective indexed source in sources field + items: + type: string + type: array + source: + description: Source records the application source information + of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Source records the application source information + of the sync, used for comparing auto-sync + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was + reconciled using the latest git version + format: date-time + type: string + resourceHealthSource: + description: 'ResourceHealthSource indicates where the resource health + status is stored: inline if not set or appTree' + type: string + resources: + description: Resources is a list of Kubernetes resources managed by + this application + items: + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type + properties: + group: + type: string + health: + description: HealthStatus contains information about the currently + observed health state of an application or resource + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application + or resource + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + description: SyncStatusCode is a type which represents possible + comparison results + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object + sourceType: + description: SourceType specifies the type of this application + type: string + sourceTypes: + description: SourceTypes specifies the type of the sources included + in the application + items: + description: ApplicationSourceType specifies the type of the application's + source + type: string + type: array + summary: + description: Summary contains a list of URLs and container images + used by this application + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application + child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: Sync contains information about the application's current + sync status + properties: + comparedTo: + description: ComparedTo contains information about what has been + compared + properties: + destination: + description: Destination is a reference to the application's + destination used for comparison + properties: + name: + description: Name is an alternate way of specifying the + target cluster by its symbolic name. This must be set + if Server is not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a reference to the application's + ignored differences used for comparison + items: + description: ResourceIgnoreDifferences contains resource + filter and list of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + source: + description: Source is a reference to the application's source + used for comparison + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application's multiple + sources used for comparison + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - destination + type: object + revision: + description: Revision contains information about the revision + the comparison has been performed to + type: string + revisions: + description: Revisions contains information about the revisions + of multiple sources the comparison has been performed to + items: + type: string + type: array + status: + description: Status is the sync state of the comparison + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd + name: applicationsets.argoproj.io +spec: + group: argoproj.io + names: + kind: ApplicationSet + listKind: ApplicationSetList + plural: applicationsets + shortNames: + - appset + - appsets + singular: applicationset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + applyNestedSelectors: + type: boolean + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + goTemplate: + type: boolean + goTemplateOptions: + items: + type: string + type: array + ignoreApplicationDifferences: + items: + properties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + name: + type: string + type: object + type: array + preservedFields: + properties: + annotations: + items: + type: string + type: array + labels: + items: + type: string + type: array + type: object + strategy: + properties: + rollingSync: + properties: + steps: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: array + type: object + type: + type: string + type: object + syncPolicy: + properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string + preserveResourcesOnDeletion: + type: boolean + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + templatePatch: + type: string + required: + - generators + - template + type: object + status: + properties: + applicationStatus: + items: + properties: + application: + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + step: + type: string + targetRevisions: + items: + type: string + type: array + required: + - application + - message + - status + - step + - targetRevisions + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - message + - reason + - status + - type + type: object + type: array + resources: + items: + properties: + group: + type: string + health: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: appprojects.argoproj.io + app.kubernetes.io/part-of: argocd + name: appprojects.argoproj.io +spec: + group: argoproj.io + names: + kind: AppProject + listKind: AppProjectList + plural: appprojects + shortNames: + - appproj + - appprojs + singular: appproject + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AppProjectSpec is the specification of an AppProject + properties: + clusterResourceBlacklist: + description: ClusterResourceBlacklist contains list of blacklisted + cluster level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + clusterResourceWhitelist: + description: ClusterResourceWhitelist contains list of whitelisted + cluster level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + description: + description: Description contains optional project description + type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array + destinations: + description: Destinations contains list of destinations available + for deployment + items: + description: ApplicationDestination holds information about the + application's destination + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. + type: string + type: object + type: array + namespaceResourceBlacklist: + description: NamespaceResourceBlacklist contains list of blacklisted + namespace level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + namespaceResourceWhitelist: + description: NamespaceResourceWhitelist contains list of whitelisted + namespace level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor + orphaned resources of apps in this project + properties: + ignore: + description: Ignore contains a list of resources that are to be + excluded from orphaned resources monitoring + items: + description: OrphanedResourceKey is a reference to a resource + to be ignored from + properties: + group: + type: string + kind: + type: string + name: + type: string + type: object + type: array + warn: + description: Warn indicates if warning condition should be created + for apps which have orphaned resources + type: boolean + type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations + can only reference clusters which are project-scoped + type: boolean + roles: + description: Roles are user defined RBAC roles associated with this + project + items: + description: ProjectRole represents a role that has access to a + project + properties: + description: + description: Description is a description of the role + type: string + groups: + description: Groups are a list of OIDC group claims bound to + this role + items: + type: string + type: array + jwtTokens: + description: JWTTokens are a list of generated JWT tokens bound + to this role + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + name: + description: Name is a name for this role + type: string + policies: + description: Policies Stores a list of casbin formatted strings + that define access policies for the role in the project + items: + type: string + type: array + required: + - name + type: object + type: array + signatureKeys: + description: SignatureKeys contains a list of PGP key IDs that commits + in Git must be signed with in order to be allowed for sync + items: + description: SignatureKey is the specification of a key required + to verify commit signatures with + properties: + keyID: + description: The ID of the key in hexadecimal notation + type: string + required: + - keyID + type: object + type: array + sourceNamespaces: + description: SourceNamespaces defines the namespaces application resources + are allowed to be created in + items: + type: string + type: array + sourceRepos: + description: SourceRepos contains list of repository URLs which can + be used for deployment + items: + type: string + type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in + this project + items: + description: SyncWindow contains the kind, time, duration and attributes + that are used to assign the syncWindows to apps + properties: + applications: + description: Applications contains a list of applications that + the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window + will apply to + items: + type: string + type: array + duration: + description: Duration is the amount of time the sync window + will be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would + otherwise be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the + window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified + in cron format + type: string + timeZone: + description: TimeZone of the sync that will be applied to the + schedule + type: string + type: object + type: array + type: object + status: + description: AppProjectStatus contains status information for AppProject + CRs + properties: + jwtTokensByRole: + additionalProperties: + description: JWTTokens represents a list of JWT tokens + properties: + items: + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + type: object + description: JWTTokensByRole contains a list of JWT tokens issued + for a given role + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-applicationset-controller +subjects: +- kind: ServiceAccount + name: argocd-applicationset-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller + namespace: argocd +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd + name: argocd-cm +--- +apiVersion: v1 +data: + hydrator.enabled: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd + name: argocd-cmd-params-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-gpg-keys-cm + app.kubernetes.io/part-of: argocd + name: argocd-gpg-keys-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-rbac-cm + app.kubernetes.io/part-of: argocd + name: argocd-rbac-cm +--- +apiVersion: v1 +data: + ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-ssh-known-hosts-cm + app.kubernetes.io/part-of: argocd + name: argocd-ssh-known-hosts-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-tls-certs-cm + app.kubernetes.io/part-of: argocd + name: argocd-tls-certs-cm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd + name: argocd-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + ports: + - name: webhook + port: 7000 + protocol: TCP + targetPort: webhook + - name: metrics + port: 8080 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + ports: + - name: server + port: 8086 + protocol: TCP + targetPort: 8086 + - name: metrics + port: 8087 + protocol: TCP + targetPort: 8087 + selector: + app.kubernetes.io/name: argocd-commit-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/name: argocd-metrics + app.kubernetes.io/part-of: argocd + name: argocd-metrics +spec: + ports: + - name: metrics + port: 8082 + protocol: TCP + targetPort: 8082 + selector: + app.kubernetes.io/name: argocd-application-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +spec: + ports: + - name: tcp-redis + port: 6379 + targetPort: 6379 + selector: + app.kubernetes.io/name: argocd-redis +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + ports: + - name: server + port: 8081 + protocol: TCP + targetPort: 8081 + - name: metrics + port: 8084 + protocol: TCP + targetPort: 8084 + selector: + app.kubernetes.io/name: argocd-repo-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-applicationset-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-applicationset-controller + env: + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.syncs + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.concurrent.reconciliations.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-applicationset-controller + ports: + - containerPort: 7000 + name: webhook + - containerPort: 8080 + name: metrics + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-applicationset-controller + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-commit-server + env: + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: commitserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: commitserver.log.level + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-commit-server + ports: + - containerPort: 8086 + - containerPort: 8087 + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + serviceAccountName: argocd-commit-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-commit-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-commit-server-tls + - emptyDir: {} + name: var-files +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis + template: + metadata: + labels: + app.kubernetes.io/name: argocd-redis + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - --save + - "" + - --appendonly + - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.15-alpine + imagePullPolicy: Always + name: redis + ports: + - containerPort: 6379 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-redis +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-repo-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-repo-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: reposerver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: reposerver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: reposerver.disable.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: reposerver.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.repo.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.max.combined.directory.manifests.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.tar.exclusions + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.disable.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GRPC_MAX_SIZE_MB + valueFrom: + configMapKeyRef: + key: reposerver.grpc.max.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8084 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-repo-server + ports: + - containerPort: 8081 + - containerPort: 8084 + readinessProbe: + httpGet: + path: /healthz + port: 8084 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /tmp + name: tmp + - mountPath: /helm-working-dir + name: helm-working-dir + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-repo-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - emptyDir: {} + name: helm-working-dir + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - emptyDir: {} + name: var-files + - emptyDir: {} + name: plugins +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + serviceName: argocd-application-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-application-controller + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - /usr/local/bin/argocd-application-controller + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_CONTROLLER_REPLICAS + value: "1" + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.hard.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.error.grace.period.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.status.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.operation.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: controller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: controller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.metrics.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: controller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: controller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + key: controller.resource.health.persist + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: controller.kubectl.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + key: controller.diff.server.side + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-application-controller + ports: + - containerPort: 8082 + readinessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + - mountPath: /tmp + name: argocd-application-controller-tmp + workingDir: /home/argocd + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-application-controller + volumes: + - emptyDir: {} + name: argocd-home + - emptyDir: {} + name: argocd-application-controller-tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - configMap: + items: + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-application-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8082 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-applicationset-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 7000 + protocol: TCP + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-commit-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 8086 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8087 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-redis-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 6379 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-repo-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + ports: + - port: 8081 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8084 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + policyTypes: + - Ingress diff --git a/manifests/core-install-with-hydrator/kustomization.yaml b/manifests/core-install-with-hydrator/kustomization.yaml new file mode 100644 index 0000000000000..280fd775877c2 --- /dev/null +++ b/manifests/core-install-with-hydrator/kustomization.yaml @@ -0,0 +1,12 @@ +resources: + - ../core-install + - ../base/commit-server + +patches: + - target: + kind: ConfigMap + name: argocd-cmd-params-cm + patch: |- + - op: add + path: /data + value: {"hydrator.enabled": "true"} diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 5566652a5f3d7..1958f6fc18cd1 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -309,6 +309,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -683,6 +687,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1172,6 +1180,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1392,6 +1404,64 @@ spec: required: - repoURL type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: description: Sources is a reference to the location of the application's manifests or chart @@ -1537,6 +1607,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1870,6 +1944,11 @@ spec: description: Health contains information about the application's current health status properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -2067,6 +2146,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -2444,6 +2527,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -2971,6 +3058,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -3367,6 +3458,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -3880,6 +3975,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -4269,6 +4368,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -4535,6 +4638,11 @@ spec: description: HealthStatus contains information about the currently observed health state of an application or resource properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -4567,6 +4675,177 @@ spec: type: string type: object type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object sourceType: description: SourceType specifies the type of this application type: string @@ -4804,6 +5083,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -5193,6 +5476,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -5689,6 +5976,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -5836,6 +6125,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5923,6 +6248,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6321,6 +6648,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6468,6 +6797,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -6555,6 +6920,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6952,6 +7319,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7099,6 +7468,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7186,6 +7591,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7563,6 +7970,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7710,6 +8119,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7797,6 +8242,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8199,6 +8646,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8346,6 +8795,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8433,6 +8918,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8831,6 +9318,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8978,6 +9467,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9065,6 +9590,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -9462,6 +9989,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -9609,6 +10138,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9696,6 +10261,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10073,6 +10640,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10220,6 +10789,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10307,6 +10912,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10692,6 +11299,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10839,6 +11448,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10926,6 +11571,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -11530,6 +12177,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -11677,6 +12326,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -11764,6 +12449,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12363,6 +13050,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12510,6 +13199,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12597,6 +13322,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12991,6 +13718,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13138,6 +13867,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13225,6 +13990,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13629,6 +14396,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13774,7 +14543,43 @@ spec: targetRevision: type: string required: - - repoURL + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource type: object sources: items: @@ -13863,6 +14668,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14261,6 +15068,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14408,6 +15217,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -14495,6 +15340,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14892,6 +15739,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15039,6 +15888,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15126,6 +16011,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15503,6 +16390,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15650,6 +16539,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15737,6 +16662,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16122,6 +17049,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16269,6 +17198,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -16356,6 +17321,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16960,6 +17927,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17107,6 +18076,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -17194,6 +18199,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17793,6 +18800,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17940,6 +18949,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -18027,6 +19072,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -18425,6 +19472,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -18572,6 +19621,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -18659,6 +19744,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19043,6 +20130,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19190,6 +20279,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -19277,6 +20402,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19881,6 +21008,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20028,6 +21157,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -20115,6 +21280,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20714,6 +21881,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20861,6 +22030,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -20948,6 +22153,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21417,6 +22624,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21564,6 +22773,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -21651,6 +22896,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21912,6 +23159,9 @@ spec: type: string health: properties: + lastTransitionTime: + format: date-time + type: string message: type: string status: @@ -23500,6 +24750,12 @@ spec: key: controller.self.heal.backoff.cap.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -23608,6 +24864,12 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true - name: KUBECACHEDIR value: /tmp/kubecache image: quay.io/argoproj/argocd:latest diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index fa052fa83ca7a..e2dac9a68be74 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -308,6 +308,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -682,6 +686,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1171,6 +1179,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1391,6 +1403,64 @@ spec: required: - repoURL type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: description: Sources is a reference to the location of the application's manifests or chart @@ -1536,6 +1606,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1869,6 +1943,11 @@ spec: description: Health contains information about the application's current health status properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -2066,6 +2145,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -2443,6 +2526,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -2970,6 +3057,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -3366,6 +3457,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -3879,6 +3974,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -4268,6 +4367,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -4534,6 +4637,11 @@ spec: description: HealthStatus contains information about the currently observed health state of an application or resource properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -4566,6 +4674,177 @@ spec: type: string type: object type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object sourceType: description: SourceType specifies the type of this application type: string @@ -4803,6 +5082,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -5192,6 +5475,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index 46f12a9f6a735..97b4cf0339daf 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -231,6 +231,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -378,6 +380,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -465,6 +503,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -863,6 +903,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -1010,6 +1052,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1097,6 +1175,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -1494,6 +1574,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -1641,6 +1723,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -1728,6 +1846,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -2105,6 +2225,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -2252,6 +2374,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2339,6 +2497,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -2741,6 +2901,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -2888,6 +3050,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -2975,6 +3173,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -3373,6 +3573,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -3520,6 +3722,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -3607,6 +3845,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -4004,6 +4244,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -4151,6 +4393,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4238,6 +4516,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -4615,6 +4895,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -4762,6 +5044,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -4849,6 +5167,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -5234,6 +5554,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -5381,6 +5703,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5468,6 +5826,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6072,6 +6432,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6219,6 +6581,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -6306,6 +6704,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6905,6 +7305,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7052,6 +7454,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7139,6 +7577,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7533,6 +7973,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7680,6 +8122,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7767,6 +8245,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8171,6 +8651,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8309,14 +8791,50 @@ spec: type: object type: array type: object - ref: - type: string - repoURL: - type: string - targetRevision: - type: string + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object required: - - repoURL + - drySource + - syncSource type: object sources: items: @@ -8405,6 +8923,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8803,6 +9323,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8950,6 +9472,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9037,6 +9595,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -9434,6 +9994,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -9581,6 +10143,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9668,6 +10266,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10045,6 +10645,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10192,6 +10794,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10279,6 +10917,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10664,6 +11304,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10811,6 +11453,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10898,6 +11576,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -11502,6 +12182,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -11649,6 +12331,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -11736,6 +12454,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12335,6 +13055,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12482,6 +13204,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12569,6 +13327,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12967,6 +13727,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13114,6 +13876,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13201,6 +13999,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13585,6 +14385,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13732,6 +14534,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13819,6 +14657,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14423,6 +15263,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14570,6 +15412,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -14657,6 +15535,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15256,6 +16136,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15403,6 +16285,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15490,6 +16408,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15959,6 +16879,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16106,6 +17028,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -16193,6 +17151,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16454,6 +17414,9 @@ spec: type: string health: properties: + lastTransitionTime: + format: date-time + type: string message: type: string status: diff --git a/manifests/ha/cluster-install-with-hydrator/kustomization.yaml b/manifests/ha/cluster-install-with-hydrator/kustomization.yaml new file mode 100644 index 0000000000000..da24e1594336a --- /dev/null +++ b/manifests/ha/cluster-install-with-hydrator/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - ../cluster-install + - ../../base/commit-server diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml new file mode 100644 index 0000000000000..5f3dda5c00ad6 --- /dev/null +++ b/manifests/ha/install-with-hydrator.yaml @@ -0,0 +1,27558 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: applications.argoproj.io + app.kubernetes.io/part-of: argocd + name: applications.argoproj.io +spec: + group: argoproj.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + - apps + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.sync.status + name: Sync Status + type: string + - jsonPath: .status.health.status + name: Health Status + type: string + - jsonPath: .status.sync.revision + name: Revision + priority: 10 + type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + operation: + description: Operation contains information about a requested or running + operation + properties: + info: + description: Info is a list of informational items for this operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries + of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit + is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed + for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply --dry-run` + without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync + source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from the cluster + that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall be part + of the sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by + not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources for + Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform + the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to + perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains + link to repository with application definition and additional parameters + link definition revision. + properties: + destination: + description: Destination is a reference to the target Kubernetes server + and namespace + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources and their fields + which should be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter + and list of json paths which should be ignored during comparison + with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information (URLs, email addresses, + and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location of the application's + manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being used + during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to + add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force + applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize to + use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + description: Sources is a reference to the location of the application's + manifests or chart + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being + used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to + force applying common annotations to resources for Kustomize + apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + description: SyncPolicy controls when and how a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the + target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies whether to delete resources + from the cluster that are not found in the sources anymore + as part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifies whether to revert resources + back to their desired state upon modification in the cluster + (default: false)' + type: boolean + type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time + allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + status: + description: ApplicationStatus contains status information for the application + properties: + conditions: + description: Conditions is a list of currently observed application + conditions + items: + description: ApplicationCondition contains details about an application + condition, which is usually an error or warning + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was + last observed + format: date-time + type: string + message: + description: Message contains human-readable message indicating + details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string + health: + description: Health contains information about the application's current + health status + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application or + resource + type: string + type: object + history: + description: History contains information about the application's + sync history + items: + description: RevisionHistory contains history information about + a previous sync + properties: + deployStartedAt: + description: DeployStartedAt holds the time the sync operation + started + format: date-time + type: string + deployedAt: + description: DeployedAt holds the time the sync operation completed + format: date-time + type: string + id: + description: ID is an auto incrementing identifier of the RevisionHistory + format: int64 + type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + revision: + description: Revision holds the revision the sync was performed + against + type: string + revisions: + description: Revisions holds the revision of each source in + sources field the sync was performed against + items: + type: string + type: array + source: + description: Source is a reference to the application source + used for the sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application sources + used for the sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - deployedAt + - id + type: object + type: array + observedAt: + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field + format: date-time + type: string + operationState: + description: OperationState contains information about any ongoing + operations, such as a sync + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message holds any pertinent messages when attempting + to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + info: + description: Info is a list of informational items for this + operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was + initiated automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who + started operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync + fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base + duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of + time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for + retrying a failed sync. If set to 0, no retries will + be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply + --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides + sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from + the cluster that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall + be part of the sync + items: + description: SyncOperationResource contains resources + to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to + Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles do + not exist locally by not appending them to helm + template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over + Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of + Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in + the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required + information about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles + do not exist locally by not appending them + to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during manifest + generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource + definition installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to + be passed to helm template, typically defined + as a block. ValuesObject takes precedence + over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to + use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of + additional annotations to add to rendered + manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize + patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the + Git repository, and is only valid for applications + sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the + variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an + array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map + type parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a + string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source + within sources field. This field will not be used + if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, + e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the + sync + properties: + apply: + description: Apply will perform a `kubectl apply` + to perform the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources + to perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + retryCount: + description: RetryCount contains time of operation retries + format: int64 + type: integer + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + managedNamespaceMetadata: + description: ManagedNamespaceMetadata contains the current + sync state of managed namespace metadata + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + resources: + description: Resources contains a list of sync result items + for each individual resource in a sync operation + items: + description: ResourceResult holds the operation result details + of a specific resource + properties: + group: + description: Group specifies the API group of the resource + type: string + hookPhase: + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. + type: string + hookType: + description: HookType specifies the type of the hook. + Empty for non-hook resources + type: string + kind: + description: Kind specifies the API kind of the resource + type: string + message: + description: Message contains an informational or error + message for the last sync OR operation + type: string + name: + description: Name specifies the name of the resource + type: string + namespace: + description: Namespace specifies the target namespace + of the resource + type: string + status: + description: Status holds the final result of the sync. + Will be empty if the resources is yet to be applied/pruned + and is always zero-value for hooks + type: string + syncPhase: + description: SyncPhase indicates the particular phase + of the sync that this result was acquired in + type: string + version: + description: Version specifies the API version of the + resource + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision this sync operation + was performed to + type: string + revisions: + description: Revisions holds the revision this sync operation + was performed for respective indexed source in sources field + items: + type: string + type: array + source: + description: Source records the application source information + of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Source records the application source information + of the sync, used for comparing auto-sync + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was + reconciled using the latest git version + format: date-time + type: string + resourceHealthSource: + description: 'ResourceHealthSource indicates where the resource health + status is stored: inline if not set or appTree' + type: string + resources: + description: Resources is a list of Kubernetes resources managed by + this application + items: + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type + properties: + group: + type: string + health: + description: HealthStatus contains information about the currently + observed health state of an application or resource + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application + or resource + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + description: SyncStatusCode is a type which represents possible + comparison results + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object + sourceType: + description: SourceType specifies the type of this application + type: string + sourceTypes: + description: SourceTypes specifies the type of the sources included + in the application + items: + description: ApplicationSourceType specifies the type of the application's + source + type: string + type: array + summary: + description: Summary contains a list of URLs and container images + used by this application + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application + child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: Sync contains information about the application's current + sync status + properties: + comparedTo: + description: ComparedTo contains information about what has been + compared + properties: + destination: + description: Destination is a reference to the application's + destination used for comparison + properties: + name: + description: Name is an alternate way of specifying the + target cluster by its symbolic name. This must be set + if Server is not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a reference to the application's + ignored differences used for comparison + items: + description: ResourceIgnoreDifferences contains resource + filter and list of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + source: + description: Source is a reference to the application's source + used for comparison + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application's multiple + sources used for comparison + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - destination + type: object + revision: + description: Revision contains information about the revision + the comparison has been performed to + type: string + revisions: + description: Revisions contains information about the revisions + of multiple sources the comparison has been performed to + items: + type: string + type: array + status: + description: Status is the sync state of the comparison + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd + name: applicationsets.argoproj.io +spec: + group: argoproj.io + names: + kind: ApplicationSet + listKind: ApplicationSetList + plural: applicationsets + shortNames: + - appset + - appsets + singular: applicationset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + applyNestedSelectors: + type: boolean + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + goTemplate: + type: boolean + goTemplateOptions: + items: + type: string + type: array + ignoreApplicationDifferences: + items: + properties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + name: + type: string + type: object + type: array + preservedFields: + properties: + annotations: + items: + type: string + type: array + labels: + items: + type: string + type: array + type: object + strategy: + properties: + rollingSync: + properties: + steps: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: array + type: object + type: + type: string + type: object + syncPolicy: + properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string + preserveResourcesOnDeletion: + type: boolean + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + templatePatch: + type: string + required: + - generators + - template + type: object + status: + properties: + applicationStatus: + items: + properties: + application: + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + step: + type: string + targetRevisions: + items: + type: string + type: array + required: + - application + - message + - status + - step + - targetRevisions + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - message + - reason + - status + - type + type: object + type: array + resources: + items: + properties: + group: + type: string + health: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: appprojects.argoproj.io + app.kubernetes.io/part-of: argocd + name: appprojects.argoproj.io +spec: + group: argoproj.io + names: + kind: AppProject + listKind: AppProjectList + plural: appprojects + shortNames: + - appproj + - appprojs + singular: appproject + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AppProjectSpec is the specification of an AppProject + properties: + clusterResourceBlacklist: + description: ClusterResourceBlacklist contains list of blacklisted + cluster level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + clusterResourceWhitelist: + description: ClusterResourceWhitelist contains list of whitelisted + cluster level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + description: + description: Description contains optional project description + type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array + destinations: + description: Destinations contains list of destinations available + for deployment + items: + description: ApplicationDestination holds information about the + application's destination + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. + type: string + type: object + type: array + namespaceResourceBlacklist: + description: NamespaceResourceBlacklist contains list of blacklisted + namespace level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + namespaceResourceWhitelist: + description: NamespaceResourceWhitelist contains list of whitelisted + namespace level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor + orphaned resources of apps in this project + properties: + ignore: + description: Ignore contains a list of resources that are to be + excluded from orphaned resources monitoring + items: + description: OrphanedResourceKey is a reference to a resource + to be ignored from + properties: + group: + type: string + kind: + type: string + name: + type: string + type: object + type: array + warn: + description: Warn indicates if warning condition should be created + for apps which have orphaned resources + type: boolean + type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations + can only reference clusters which are project-scoped + type: boolean + roles: + description: Roles are user defined RBAC roles associated with this + project + items: + description: ProjectRole represents a role that has access to a + project + properties: + description: + description: Description is a description of the role + type: string + groups: + description: Groups are a list of OIDC group claims bound to + this role + items: + type: string + type: array + jwtTokens: + description: JWTTokens are a list of generated JWT tokens bound + to this role + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + name: + description: Name is a name for this role + type: string + policies: + description: Policies Stores a list of casbin formatted strings + that define access policies for the role in the project + items: + type: string + type: array + required: + - name + type: object + type: array + signatureKeys: + description: SignatureKeys contains a list of PGP key IDs that commits + in Git must be signed with in order to be allowed for sync + items: + description: SignatureKey is the specification of a key required + to verify commit signatures with + properties: + keyID: + description: The ID of the key in hexadecimal notation + type: string + required: + - keyID + type: object + type: array + sourceNamespaces: + description: SourceNamespaces defines the namespaces application resources + are allowed to be created in + items: + type: string + type: array + sourceRepos: + description: SourceRepos contains list of repository URLs which can + be used for deployment + items: + type: string + type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in + this project + items: + description: SyncWindow contains the kind, time, duration and attributes + that are used to assign the syncWindows to apps + properties: + applications: + description: Applications contains a list of applications that + the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window + will apply to + items: + type: string + type: array + duration: + description: Duration is the amount of time the sync window + will be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would + otherwise be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the + window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified + in cron format + type: string + timeZone: + description: TimeZone of the sync that will be applied to the + schedule + type: string + type: object + type: array + type: object + status: + description: AppProjectStatus contains status information for AppProject + CRs + properties: + jwtTokensByRole: + additionalProperties: + description: JWTTokens represents a list of JWT tokens + properties: + items: + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + type: object + description: JWTTokensByRole contains a list of JWT tokens issued + for a given role + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha +secrets: +- name: argocd-redis +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha-haproxy + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update +- apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - delete + - get + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-applicationset-controller +subjects: +- kind: ServiceAccount + name: argocd-applicationset-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-dex-server +subjects: +- kind: ServiceAccount + name: argocd-dex-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-notifications-controller +subjects: +- kind: ServiceAccount + name: argocd-notifications-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis-ha +subjects: +- kind: ServiceAccount + name: argocd-redis-ha +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis-ha-haproxy +subjects: +- kind: ServiceAccount + name: argocd-redis-ha-haproxy +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-server +subjects: +- kind: ServiceAccount + name: argocd-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller + namespace: argocd +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-applicationset-controller +subjects: +- kind: ServiceAccount + name: argocd-applicationset-controller + namespace: argocd +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-server +subjects: +- kind: ServiceAccount + name: argocd-server + namespace: argocd +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd + name: argocd-cm +--- +apiVersion: v1 +data: + redis.server: argocd-redis-ha-haproxy:6379 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd + name: argocd-cmd-params-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-gpg-keys-cm + app.kubernetes.io/part-of: argocd + name: argocd-gpg-keys-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-rbac-cm + app.kubernetes.io/part-of: argocd + name: argocd-rbac-cm +--- +apiVersion: v1 +data: + fix-split-brain.sh: | + HOSTNAME="$(hostname)" + INDEX="${HOSTNAME##*-}" + SENTINEL_PORT=26379 + ANNOUNCE_IP='' + MASTER='' + MASTER_GROUP="argocd" + QUORUM="2" + REDIS_CONF=/data/conf/redis.conf + REDIS_PORT=6379 + REDIS_TLS_PORT= + SENTINEL_CONF=/data/conf/sentinel.conf + SENTINEL_TLS_PORT= + SERVICE=argocd-redis-ha + SENTINEL_TLS_REPLICATION_ENABLED=false + REDIS_TLS_REPLICATION_ENABLED=false + + ROLE='' + REDIS_MASTER='' + + set -eu + sentinel_get_master() { + set +e + if [ "$SENTINEL_PORT" -eq 0 ]; then + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + else + redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + fi + set -e + } + + sentinel_get_master_retry() { + master='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + master=$(sentinel_get_master) + if [ -n "${master}" ]; then + break + fi + sleep $((sleep + i)) + done + echo "${master}" + } + + identify_master() { + echo "Identifying redis master (get-master-addr-by-name).." + echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)" + MASTER="$(sentinel_get_master_retry 3)" + if [ -n "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + else + echo " $(date) Did not find redis master (${MASTER})" + fi + } + + sentinel_update() { + echo "Updating sentinel config.." + echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" + eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" + echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" + sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" + if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then + echo " redis master (${1}:${REDIS_TLS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + else + echo " redis master (${1}:${REDIS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + fi + echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" + echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} + else + echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" + echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} + fi + } + + redis_update() { + echo "Updating redis config.." + if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then + echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" + echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} + else + echo " we are slave of redis master (${1}:${REDIS_PORT})" + echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} + fi + echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} + } + + copy_config() { + echo "Copying default redis config.." + echo " to '${REDIS_CONF}'" + cp /readonly-config/redis.conf "${REDIS_CONF}" + echo "Copying default sentinel config.." + echo " to '${SENTINEL_CONF}'" + cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" + } + + setup_defaults() { + echo "Setting up defaults.." + echo " using statefulset index (${INDEX})" + if [ "${INDEX}" = "0" ]; then + echo "Setting this pod as master for redis and sentinel.." + echo " using announce (${ANNOUNCE_IP})" + redis_update "${ANNOUNCE_IP}" + sentinel_update "${ANNOUNCE_IP}" + echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" + sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" + else + echo "Getting redis master ip.." + echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" + DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" + if [ -z "${DEFAULT_MASTER}" ]; then + echo "Error: Unable to resolve redis master (getent hosts)." + exit 1 + fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" + echo "Setting default slave config for redis and sentinel.." + echo " using master ip (${DEFAULT_MASTER})" + redis_update "${DEFAULT_MASTER}" + sentinel_update "${DEFAULT_MASTER}" + fi + } + + redis_ping() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + else + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping + fi + set -e + } + + redis_ping_retry() { + ping='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + if [ "$(redis_ping)" = "PONG" ]; then + ping='PONG' + break + fi + sleep $((sleep + i)) + MASTER=$(sentinel_get_master) + done + echo "${ping}" + } + + find_master() { + echo "Verifying redis master.." + if [ "$REDIS_PORT" -eq 0 ]; then + echo " ping (${MASTER}:${REDIS_TLS_PORT})" + else + echo " ping (${MASTER}:${REDIS_PORT})" + fi + if [ "$(redis_ping_retry 3)" != "PONG" ]; then + echo " $(date) Can't ping redis master (${MASTER})" + echo "Attempting to force failover (sentinel failover).." + + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + else + echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + fi + + echo "Hold on for 10sec" + sleep 10 + echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + else + echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + fi + MASTER="$(sentinel_get_master)" + if [ "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + else + echo "$(date) Error: Could not failover, exiting..." + exit 1 + fi + else + echo " $(date) Found reachable redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + fi + } + + redis_ro_update() { + echo "Updating read-only redis config.." + echo " redis.conf set 'replica-priority 0'" + echo "replica-priority 0" >> ${REDIS_CONF} + } + + getent_hosts() { + index=${1:-${INDEX}} + service="${SERVICE}-announce-${index}" + host=$(getent hosts "${service}") + echo "${host}" + } + + identify_announce_ip() { + echo "Identify announce ip for this pod.." + echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" + ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') + echo " identified announce (${ANNOUNCE_IP})" + } + + redis_role() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + else + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + fi + set -e + } + + identify_redis_master() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + else + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + fi + set -e + } + + reinit() { + set +e + sh /readonly-config/init.sh + + if [ "$REDIS_PORT" -eq 0 ]; then + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + else + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" + fi + set -e + } + + identify_announce_ip + + while [ -z "${ANNOUNCE_IP}" ]; do + echo "Error: Could not resolve the announce ip for this pod." + sleep 30 + identify_announce_ip + done + + trap "exit 0" TERM + while true; do + sleep 60 + + # where is redis master + identify_master + + if [ "$MASTER" = "$ANNOUNCE_IP" ]; then + redis_role + if [ "$ROLE" != "master" ]; then + reinit + fi + elif [ "${MASTER}" ]; then + identify_redis_master + if [ "$REDIS_MASTER" != "$MASTER" ]; then + reinit + fi + fi + done + haproxy.cfg: "defaults REDIS\n mode tcp\n timeout connect 4s\n timeout server + 6m\n timeout client 6m\n timeout check 2s\n\nlisten health_check_http_url\n + \ bind :8888 \n mode http\n monitor-uri /healthz\n option dontlognull\n# + Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_0\n + \ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n + \ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\ + argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE0\n tcp-check send QUIT\\r\\n\n + \ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379 + check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n# + Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_1\n + \ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n + \ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\ + argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE1\n tcp-check send QUIT\\r\\n\n + \ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379 + check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n# + Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_2\n + \ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n + \ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\ + argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE2\n tcp-check send QUIT\\r\\n\n + \ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379 + check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n\n# + decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n + \ use_backend bk_redis_master\n# Check all redis servers to see if they think + they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check + connect\n tcp-check send \"AUTH ${AUTH}\"\\r\\n\n tcp-check expect string +OK\n + \ tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check send + info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check send + QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) + } { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379 + check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) + ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise + 1\n use-server R2 if { srv_is_up(R2) } { nbsrv(check_if_redis_is_master_2) ge + 2 }\n server R2 argocd-redis-ha-announce-2:6379 check inter 3s fall 1 rise 1\nfrontend + stats\n mode http\n bind :9101 \n http-request use-service prometheus-exporter + if { path /metrics }\n stats enable\n stats uri /stats\n stats refresh 10s\n" + haproxy_init.sh: | + HAPROXY_CONF=/data/haproxy.cfg + cp /readonly/haproxy.cfg "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts argocd-redis-ha-announce-0 && break + echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP0=$(getent hosts "argocd-redis-ha-announce-0" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP0" ]; then + echo "Could not resolve the announce ip for argocd-redis-ha-announce-0" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts argocd-redis-ha-announce-1 && break + echo "Waiting for service argocd-redis-ha-announce-1 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP1=$(getent hosts "argocd-redis-ha-announce-1" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP1" ]; then + echo "Could not resolve the announce ip for argocd-redis-ha-announce-1" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts argocd-redis-ha-announce-2 && break + echo "Waiting for service argocd-redis-ha-announce-2 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP2=$(getent hosts "argocd-redis-ha-announce-2" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP2" ]; then + echo "Could not resolve the announce ip for argocd-redis-ha-announce-2" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF" + init.sh: | + echo "$(date) Start..." + HOSTNAME="$(hostname)" + INDEX="${HOSTNAME##*-}" + SENTINEL_PORT=26379 + ANNOUNCE_IP='' + MASTER='' + MASTER_GROUP="argocd" + QUORUM="2" + REDIS_CONF=/data/conf/redis.conf + REDIS_PORT=6379 + REDIS_TLS_PORT= + SENTINEL_CONF=/data/conf/sentinel.conf + SENTINEL_TLS_PORT= + SERVICE=argocd-redis-ha + SENTINEL_TLS_REPLICATION_ENABLED=false + REDIS_TLS_REPLICATION_ENABLED=false + + set -eu + sentinel_get_master() { + set +e + if [ "$SENTINEL_PORT" -eq 0 ]; then + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + else + redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + fi + set -e + } + + sentinel_get_master_retry() { + master='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + master=$(sentinel_get_master) + if [ -n "${master}" ]; then + break + fi + sleep $((sleep + i)) + done + echo "${master}" + } + + identify_master() { + echo "Identifying redis master (get-master-addr-by-name).." + echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)" + MASTER="$(sentinel_get_master_retry 3)" + if [ -n "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + else + echo " $(date) Did not find redis master (${MASTER})" + fi + } + + sentinel_update() { + echo "Updating sentinel config.." + echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" + eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" + echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" + sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" + if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then + echo " redis master (${1}:${REDIS_TLS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + else + echo " redis master (${1}:${REDIS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + fi + echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" + echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} + else + echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" + echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} + fi + } + + redis_update() { + echo "Updating redis config.." + if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then + echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" + echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} + else + echo " we are slave of redis master (${1}:${REDIS_PORT})" + echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} + fi + echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} + } + + copy_config() { + echo "Copying default redis config.." + echo " to '${REDIS_CONF}'" + cp /readonly-config/redis.conf "${REDIS_CONF}" + echo "Copying default sentinel config.." + echo " to '${SENTINEL_CONF}'" + cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" + } + + setup_defaults() { + echo "Setting up defaults.." + echo " using statefulset index (${INDEX})" + if [ "${INDEX}" = "0" ]; then + echo "Setting this pod as master for redis and sentinel.." + echo " using announce (${ANNOUNCE_IP})" + redis_update "${ANNOUNCE_IP}" + sentinel_update "${ANNOUNCE_IP}" + echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" + sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" + else + echo "Getting redis master ip.." + echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" + DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" + if [ -z "${DEFAULT_MASTER}" ]; then + echo "Error: Unable to resolve redis master (getent hosts)." + exit 1 + fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" + echo "Setting default slave config for redis and sentinel.." + echo " using master ip (${DEFAULT_MASTER})" + redis_update "${DEFAULT_MASTER}" + sentinel_update "${DEFAULT_MASTER}" + fi + } + + redis_ping() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + else + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping + fi + set -e + } + + redis_ping_retry() { + ping='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + if [ "$(redis_ping)" = "PONG" ]; then + ping='PONG' + break + fi + sleep $((sleep + i)) + MASTER=$(sentinel_get_master) + done + echo "${ping}" + } + + find_master() { + echo "Verifying redis master.." + if [ "$REDIS_PORT" -eq 0 ]; then + echo " ping (${MASTER}:${REDIS_TLS_PORT})" + else + echo " ping (${MASTER}:${REDIS_PORT})" + fi + if [ "$(redis_ping_retry 3)" != "PONG" ]; then + echo " $(date) Can't ping redis master (${MASTER})" + echo "Attempting to force failover (sentinel failover).." + + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + else + echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + fi + + echo "Hold on for 10sec" + sleep 10 + echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + else + echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + fi + MASTER="$(sentinel_get_master)" + if [ "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + else + echo "$(date) Error: Could not failover, exiting..." + exit 1 + fi + else + echo " $(date) Found reachable redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + fi + } + + redis_ro_update() { + echo "Updating read-only redis config.." + echo " redis.conf set 'replica-priority 0'" + echo "replica-priority 0" >> ${REDIS_CONF} + } + + getent_hosts() { + index=${1:-${INDEX}} + service="${SERVICE}-announce-${index}" + host=$(getent hosts "${service}") + echo "${host}" + } + + identify_announce_ip() { + echo "Identify announce ip for this pod.." + echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" + ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') + echo " identified announce (${ANNOUNCE_IP})" + } + + mkdir -p /data/conf/ + + echo "Initializing config.." + copy_config + + # where is redis master + identify_master + + identify_announce_ip + + if [ -z "${ANNOUNCE_IP}" ]; then + "Error: Could not resolve the announce ip for this pod." + exit 1 + elif [ "${MASTER}" ]; then + find_master + else + setup_defaults + fi + + if [ "${AUTH:-}" ]; then + echo "Setting redis auth values.." + ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g'); + sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}" + fi + + if [ "${SENTINELAUTH:-}" ]; then + echo "Setting sentinel auth values" + ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g'); + sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF" + fi + + echo "$(date) Ready..." + redis.conf: | + dir "/data" + port 6379 + rename-command FLUSHDB "" + rename-command FLUSHALL "" + bind 0.0.0.0 + maxmemory 0 + maxmemory-policy volatile-lru + min-replicas-max-lag 5 + min-replicas-to-write 1 + rdbchecksum yes + rdbcompression yes + repl-diskless-sync yes + save "" + requirepass replace-default-auth + masterauth replace-default-auth + sentinel.conf: | + dir "/data" + port 26379 + bind 0.0.0.0 + sentinel down-after-milliseconds argocd 10000 + sentinel failover-timeout argocd 180000 + maxclients 10000 + sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth + trigger-failover-if-master.sh: | + get_redis_role() { + is_master=$( + redis-cli \ + -a "${AUTH}" --no-auth-warning \ + -h localhost \ + -p 6379 \ + info | grep -c 'role:master' || true + ) + } + get_redis_role + if [[ "$is_master" -eq 1 ]]; then + echo "This node is currently master, we trigger a failover." + response=$( + redis-cli \ + -h localhost \ + -p 26379 \ + SENTINEL failover argocd + ) + if [[ "$response" != "OK" ]] ; then + echo "$response" + exit 1 + fi + timeout=30 + while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do + sleep 1 + get_redis_role + timeout=$((timeout - 1)) + done + echo "Failover successful" + fi +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-configmap +--- +apiVersion: v1 +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -a "${AUTH}" --no-auth-warning \ + -h localhost \ + -p 6379 \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -a "${AUTH}" --no-auth-warning \ + -h localhost \ + -p 6379 \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + sentinel_liveness.sh: | + response=$( + redis-cli \ + -h localhost \ + -p 26379 \ + ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + echo "response=$response" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-health-configmap +--- +apiVersion: v1 +data: + ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-ssh-known-hosts-cm + app.kubernetes.io/part-of: argocd + name: argocd-ssh-known-hosts-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-tls-certs-cm + app.kubernetes.io/part-of: argocd + name: argocd-tls-certs-cm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-secret +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd + name: argocd-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + ports: + - name: webhook + port: 7000 + protocol: TCP + targetPort: webhook + - name: metrics + port: 8080 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + ports: + - name: server + port: 8086 + protocol: TCP + targetPort: 8086 + - name: metrics + port: 8087 + protocol: TCP + targetPort: 8087 + selector: + app.kubernetes.io/name: argocd-commit-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +spec: + ports: + - appProtocol: TCP + name: http + port: 5556 + protocol: TCP + targetPort: 5556 + - name: grpc + port: 5557 + protocol: TCP + targetPort: 5557 + - name: metrics + port: 5558 + protocol: TCP + targetPort: 5558 + selector: + app.kubernetes.io/name: argocd-dex-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/name: argocd-metrics + app.kubernetes.io/part-of: argocd + name: argocd-metrics +spec: + ports: + - name: metrics + port: 8082 + protocol: TCP + targetPort: 8082 + selector: + app.kubernetes.io/name: argocd-application-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-metrics +spec: + ports: + - name: metrics + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/name: argocd-notifications-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha +spec: + clusterIP: None + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel + selector: + app.kubernetes.io/name: argocd-redis-ha + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-announce-0 +spec: + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel + publishNotReadyAddresses: true + selector: + app.kubernetes.io/name: argocd-redis-ha + statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-0 + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-announce-1 +spec: + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel + publishNotReadyAddresses: true + selector: + app.kubernetes.io/name: argocd-redis-ha + statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-1 + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-announce-2 +spec: + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel + publishNotReadyAddresses: true + selector: + app.kubernetes.io/name: argocd-redis-ha + statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-2 + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha-haproxy + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +spec: + ports: + - name: tcp-haproxy + port: 6379 + protocol: TCP + targetPort: redis + - name: http-exporter-port + port: 9101 + protocol: TCP + targetPort: metrics-port + selector: + app.kubernetes.io/name: argocd-redis-ha-haproxy + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + ports: + - name: server + port: 8081 + protocol: TCP + targetPort: 8081 + - name: metrics + port: 8084 + protocol: TCP + targetPort: 8084 + selector: + app.kubernetes.io/name: argocd-repo-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/name: argocd-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server-metrics + app.kubernetes.io/part-of: argocd + name: argocd-server-metrics +spec: + ports: + - name: metrics + port: 8083 + protocol: TCP + targetPort: 8083 + selector: + app.kubernetes.io/name: argocd-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-applicationset-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-applicationset-controller + env: + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.syncs + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.concurrent.reconciliations.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-applicationset-controller + ports: + - containerPort: 7000 + name: webhook + - containerPort: 8080 + name: metrics + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-applicationset-controller + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-commit-server + env: + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: commitserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: commitserver.log.level + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-commit-server + ports: + - containerPort: 8086 + - containerPort: 8087 + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + serviceAccountName: argocd-commit-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-commit-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-commit-server-tls + - emptyDir: {} + name: var-files +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-dex-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - command: + - /shared/argocd-dex + - rundex + env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: dexserver.disable.tls + name: argocd-cmd-params-cm + optional: true + image: ghcr.io/dexidp/dex:v2.41.1 + imagePullPolicy: Always + name: dex + ports: + - containerPort: 5556 + - containerPort: 5557 + - containerPort: 5558 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + - mountPath: /tls + name: argocd-dex-server-tls + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-dex-server + volumes: + - emptyDir: {} + name: static-files + - emptyDir: {} + name: dexconfig + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: argocd-notifications-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 9001 + name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha-haproxy + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +spec: + replicas: 3 + revisionHistoryLimit: 1 + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + strategy: + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 + prometheus.io/path: /metrics + prometheus.io/port: "9101" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + name: argocd-redis-ha-haproxy + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 3 + name: haproxy + ports: + - containerPort: 6379 + name: redis + - containerPort: 9101 + name: metrics-port + readinessProbe: + httpGet: + path: /healthz + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 3 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /usr/local/etc/haproxy + name: data + - mountPath: /run/haproxy + name: shared-socket + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + - args: + - /readonly/haproxy_init.sh + command: + - sh + image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + imagePullPolicy: IfNotPresent + name: config-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /readonly + name: config-volume + readOnly: true + - mountPath: /data + name: data + securityContext: + fsGroup: 99 + runAsNonRoot: true + runAsUser: 99 + serviceAccountName: argocd-redis-ha-haproxy + volumes: + - configMap: + name: argocd-redis-ha-configmap + name: config-volume + - emptyDir: {} + name: shared-socket + - emptyDir: {} + name: data +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-repo-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-repo-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: reposerver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: reposerver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: reposerver.disable.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: reposerver.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.repo.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.max.combined.directory.manifests.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.tar.exclusions + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.disable.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GRPC_MAX_SIZE_MB + valueFrom: + configMapKeyRef: + key: reposerver.grpc.max.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8084 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-repo-server + ports: + - containerPort: 8081 + - containerPort: 8084 + readinessProbe: + httpGet: + path: /healthz + port: 8084 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /tmp + name: tmp + - mountPath: /helm-working-dir + name: helm-working-dir + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-repo-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - emptyDir: {} + name: helm-working-dir + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - emptyDir: {} + name: var-files + - emptyDir: {} + name: plugins +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: argocd-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: kubernetes.io/hostname + containers: + - args: + - /usr/local/bin/argocd-server + env: + - name: ARGOCD_API_SERVER_REPLICAS + value: "2" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + key: server.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + key: server.basehref + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + key: server.rootpath + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: server.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + key: server.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + key: server.dex.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + key: server.disable.auth + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + key: server.enable.gzip + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: server.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + key: server.x.frame.options + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + key: server.content.security.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.dex.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.dex.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: server.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.connection.status.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.oidc.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.login.attempts.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + key: server.staticassets + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + key: server.http.cookie.maxnumber + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + key: server.enable.proxy.extension + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: server.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: server.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + key: server.api.content.types + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: server.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-server + ports: + - containerPort: 8080 + - containerPort: 8083 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /tmp + name: tmp + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-server + volumes: + - emptyDir: {} + name: plugins-home + - emptyDir: {} + name: tmp + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls + - configMap: + items: + - key: server.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + serviceName: argocd-application-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-application-controller + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - /usr/local/bin/argocd-application-controller + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_CONTROLLER_REPLICAS + value: "1" + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.hard.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.error.grace.period.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.status.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.operation.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: controller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: controller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.metrics.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: controller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: controller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + key: controller.resource.health.persist + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: controller.kubectl.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + key: controller.diff.server.side + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-application-controller + ports: + - containerPort: 8082 + readinessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + - mountPath: /tmp + name: argocd-application-controller-tmp + workingDir: /home/argocd + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-application-controller + volumes: + - emptyDir: {} + name: argocd-home + - emptyDir: {} + name: argocd-application-controller-tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - configMap: + items: + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-server +spec: + podManagementPolicy: OrderedReady + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + serviceName: argocd-redis-ha + template: + metadata: + annotations: + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 + labels: + app.kubernetes.io/name: argocd-redis-ha + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - args: + - /data/conf/redis.conf + command: + - redis-server + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/sh + - /readonly-config/trigger-failover-if-master.sh + livenessProbe: + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + name: redis + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /readonly-config + name: config + readOnly: true + - mountPath: /data + name: data + - mountPath: /health + name: health + - args: + - /data/conf/sentinel.conf + command: + - redis-sentinel + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine + imagePullPolicy: IfNotPresent + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - sleep 30; redis-cli -p 26379 sentinel reset argocd + livenessProbe: + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + name: sentinel + ports: + - containerPort: 26379 + name: sentinel + readinessProbe: + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 3 + timeoutSeconds: 15 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /data + name: data + - mountPath: /health + name: health + - args: + - /readonly-config/fix-split-brain.sh + command: + - sh + env: + - name: SENTINEL_ID_0 + value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 + - name: SENTINEL_ID_1 + value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 + - name: SENTINEL_ID_2 + value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine + imagePullPolicy: IfNotPresent + name: split-brain-fix + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /readonly-config + name: config + readOnly: true + - mountPath: /data + name: data + initContainers: + - args: + - /readonly-config/init.sh + command: + - sh + env: + - name: SENTINEL_ID_0 + value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 + - name: SENTINEL_ID_1 + value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 + - name: SENTINEL_ID_2 + value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine + imagePullPolicy: IfNotPresent + name: config-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /readonly-config + name: config + readOnly: true + - mountPath: /data + name: data + securityContext: + fsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: argocd-redis-ha + terminationGracePeriodSeconds: 60 + volumes: + - configMap: + name: argocd-redis-ha-configmap + name: config + - configMap: + defaultMode: 493 + name: argocd-redis-ha-health-configmap + name: health + - emptyDir: {} + name: data + updateStrategy: + type: RollingUpdate +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-application-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8082 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-applicationset-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 7000 + protocol: TCP + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-commit-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 8086 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8087 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-dex-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + ports: + - port: 5556 + protocol: TCP + - port: 5557 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 5558 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-redis-ha-proxy-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 6379 + protocol: TCP + - port: 26379 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-redis-ha-server-network-policy +spec: + egress: + - ports: + - port: 6379 + protocol: TCP + - port: 26379 + protocol: TCP + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + ports: + - port: 6379 + protocol: TCP + - port: 26379 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-repo-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + ports: + - port: 8081 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8084 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-server-network-policy +spec: + ingress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + policyTypes: + - Ingress diff --git a/manifests/ha/install-with-hydrator/kustomization.yaml b/manifests/ha/install-with-hydrator/kustomization.yaml new file mode 100644 index 0000000000000..4dc48949d4ab7 --- /dev/null +++ b/manifests/ha/install-with-hydrator/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - ../base + - ../../base/commit-server diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 27c6dad079abf..f502d4349d24d 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -309,6 +309,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -683,6 +687,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1172,6 +1180,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1392,6 +1404,64 @@ spec: required: - repoURL type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: description: Sources is a reference to the location of the application's manifests or chart @@ -1537,6 +1607,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1870,6 +1944,11 @@ spec: description: Health contains information about the application's current health status properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -2067,6 +2146,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -2444,6 +2527,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -2971,6 +3058,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -3367,6 +3458,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -3880,6 +3975,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -4269,6 +4368,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -4535,6 +4638,11 @@ spec: description: HealthStatus contains information about the currently observed health state of an application or resource properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -4567,6 +4675,177 @@ spec: type: string type: object type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object sourceType: description: SourceType specifies the type of this application type: string @@ -4804,6 +5083,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -5193,6 +5476,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -5689,6 +5976,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -5836,6 +6125,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5923,6 +6248,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6321,6 +6648,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6468,6 +6797,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -6555,6 +6920,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6952,6 +7319,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7099,6 +7468,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7186,6 +7591,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7563,6 +7970,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7710,6 +8119,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7797,6 +8242,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8199,6 +8646,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8346,6 +8795,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8433,6 +8918,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8831,6 +9318,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8978,6 +9467,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9065,6 +9590,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -9462,6 +9989,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -9609,6 +10138,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9696,6 +10261,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10073,6 +10640,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10220,6 +10789,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10307,6 +10912,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10692,6 +11299,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10839,6 +11448,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10926,6 +11571,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -11530,6 +12177,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -11677,6 +12326,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -11764,6 +12449,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12363,6 +13050,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12510,6 +13199,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12597,6 +13322,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12991,6 +13718,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13138,6 +13867,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13225,6 +13990,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13629,6 +14396,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13776,6 +14545,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13863,6 +14668,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14261,6 +15068,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14408,6 +15217,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -14495,6 +15340,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14892,6 +15739,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15039,6 +15888,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15126,6 +16011,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15503,6 +16390,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15650,6 +16539,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15737,6 +16662,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16122,6 +17049,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16269,6 +17198,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -16356,6 +17321,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16960,6 +17927,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17107,6 +18076,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -17194,6 +18199,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17793,6 +18800,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17940,6 +18949,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -18027,6 +19072,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -18425,6 +19472,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -18572,6 +19621,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -18659,6 +19744,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19043,6 +20130,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19190,6 +20279,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -19277,6 +20402,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19881,6 +21008,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20028,6 +21157,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -20115,6 +21280,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20714,6 +21881,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20861,6 +22030,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -20948,6 +22153,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21417,6 +22624,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21564,6 +22773,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -21651,6 +22896,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21912,6 +23159,9 @@ spec: type: string health: properties: + lastTransitionTime: + format: date-time + type: string message: type: string status: @@ -22776,7 +24026,6 @@ rules: - delete - get - patch - - list - apiGroups: - "" resources: @@ -25270,6 +26519,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -25490,6 +26745,12 @@ spec: key: controller.self.heal.backoff.cap.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -25598,6 +26859,12 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true - name: KUBECACHEDIR value: /tmp/kubecache image: quay.io/argoproj/argocd:latest diff --git a/manifests/ha/namespace-install-with-hydrator.yaml b/manifests/ha/namespace-install-with-hydrator.yaml new file mode 100644 index 0000000000000..5f8316a33220b --- /dev/null +++ b/manifests/ha/namespace-install-with-hydrator.yaml @@ -0,0 +1,3788 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha +secrets: +- name: argocd-redis +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha-haproxy + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-applicationset-controller +subjects: +- kind: ServiceAccount + name: argocd-applicationset-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-dex-server +subjects: +- kind: ServiceAccount + name: argocd-dex-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-notifications-controller +subjects: +- kind: ServiceAccount + name: argocd-notifications-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis-ha +subjects: +- kind: ServiceAccount + name: argocd-redis-ha +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis-ha-haproxy +subjects: +- kind: ServiceAccount + name: argocd-redis-ha-haproxy +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-server +subjects: +- kind: ServiceAccount + name: argocd-server +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd + name: argocd-cm +--- +apiVersion: v1 +data: + redis.server: argocd-redis-ha-haproxy:6379 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd + name: argocd-cmd-params-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-gpg-keys-cm + app.kubernetes.io/part-of: argocd + name: argocd-gpg-keys-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-rbac-cm + app.kubernetes.io/part-of: argocd + name: argocd-rbac-cm +--- +apiVersion: v1 +data: + fix-split-brain.sh: | + HOSTNAME="$(hostname)" + INDEX="${HOSTNAME##*-}" + SENTINEL_PORT=26379 + ANNOUNCE_IP='' + MASTER='' + MASTER_GROUP="argocd" + QUORUM="2" + REDIS_CONF=/data/conf/redis.conf + REDIS_PORT=6379 + REDIS_TLS_PORT= + SENTINEL_CONF=/data/conf/sentinel.conf + SENTINEL_TLS_PORT= + SERVICE=argocd-redis-ha + SENTINEL_TLS_REPLICATION_ENABLED=false + REDIS_TLS_REPLICATION_ENABLED=false + + ROLE='' + REDIS_MASTER='' + + set -eu + sentinel_get_master() { + set +e + if [ "$SENTINEL_PORT" -eq 0 ]; then + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + else + redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + fi + set -e + } + + sentinel_get_master_retry() { + master='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + master=$(sentinel_get_master) + if [ -n "${master}" ]; then + break + fi + sleep $((sleep + i)) + done + echo "${master}" + } + + identify_master() { + echo "Identifying redis master (get-master-addr-by-name).." + echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)" + MASTER="$(sentinel_get_master_retry 3)" + if [ -n "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + else + echo " $(date) Did not find redis master (${MASTER})" + fi + } + + sentinel_update() { + echo "Updating sentinel config.." + echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" + eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" + echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" + sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" + if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then + echo " redis master (${1}:${REDIS_TLS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + else + echo " redis master (${1}:${REDIS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + fi + echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" + echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} + else + echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" + echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} + fi + } + + redis_update() { + echo "Updating redis config.." + if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then + echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" + echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} + else + echo " we are slave of redis master (${1}:${REDIS_PORT})" + echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} + fi + echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} + } + + copy_config() { + echo "Copying default redis config.." + echo " to '${REDIS_CONF}'" + cp /readonly-config/redis.conf "${REDIS_CONF}" + echo "Copying default sentinel config.." + echo " to '${SENTINEL_CONF}'" + cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" + } + + setup_defaults() { + echo "Setting up defaults.." + echo " using statefulset index (${INDEX})" + if [ "${INDEX}" = "0" ]; then + echo "Setting this pod as master for redis and sentinel.." + echo " using announce (${ANNOUNCE_IP})" + redis_update "${ANNOUNCE_IP}" + sentinel_update "${ANNOUNCE_IP}" + echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" + sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" + else + echo "Getting redis master ip.." + echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" + DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" + if [ -z "${DEFAULT_MASTER}" ]; then + echo "Error: Unable to resolve redis master (getent hosts)." + exit 1 + fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" + echo "Setting default slave config for redis and sentinel.." + echo " using master ip (${DEFAULT_MASTER})" + redis_update "${DEFAULT_MASTER}" + sentinel_update "${DEFAULT_MASTER}" + fi + } + + redis_ping() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + else + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping + fi + set -e + } + + redis_ping_retry() { + ping='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + if [ "$(redis_ping)" = "PONG" ]; then + ping='PONG' + break + fi + sleep $((sleep + i)) + MASTER=$(sentinel_get_master) + done + echo "${ping}" + } + + find_master() { + echo "Verifying redis master.." + if [ "$REDIS_PORT" -eq 0 ]; then + echo " ping (${MASTER}:${REDIS_TLS_PORT})" + else + echo " ping (${MASTER}:${REDIS_PORT})" + fi + if [ "$(redis_ping_retry 3)" != "PONG" ]; then + echo " $(date) Can't ping redis master (${MASTER})" + echo "Attempting to force failover (sentinel failover).." + + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + else + echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + fi + + echo "Hold on for 10sec" + sleep 10 + echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + else + echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + fi + MASTER="$(sentinel_get_master)" + if [ "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + else + echo "$(date) Error: Could not failover, exiting..." + exit 1 + fi + else + echo " $(date) Found reachable redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + fi + } + + redis_ro_update() { + echo "Updating read-only redis config.." + echo " redis.conf set 'replica-priority 0'" + echo "replica-priority 0" >> ${REDIS_CONF} + } + + getent_hosts() { + index=${1:-${INDEX}} + service="${SERVICE}-announce-${index}" + host=$(getent hosts "${service}") + echo "${host}" + } + + identify_announce_ip() { + echo "Identify announce ip for this pod.." + echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" + ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') + echo " identified announce (${ANNOUNCE_IP})" + } + + redis_role() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + else + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + fi + set -e + } + + identify_redis_master() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + else + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + fi + set -e + } + + reinit() { + set +e + sh /readonly-config/init.sh + + if [ "$REDIS_PORT" -eq 0 ]; then + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + else + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" + fi + set -e + } + + identify_announce_ip + + while [ -z "${ANNOUNCE_IP}" ]; do + echo "Error: Could not resolve the announce ip for this pod." + sleep 30 + identify_announce_ip + done + + trap "exit 0" TERM + while true; do + sleep 60 + + # where is redis master + identify_master + + if [ "$MASTER" = "$ANNOUNCE_IP" ]; then + redis_role + if [ "$ROLE" != "master" ]; then + reinit + fi + elif [ "${MASTER}" ]; then + identify_redis_master + if [ "$REDIS_MASTER" != "$MASTER" ]; then + reinit + fi + fi + done + haproxy.cfg: "defaults REDIS\n mode tcp\n timeout connect 4s\n timeout server + 6m\n timeout client 6m\n timeout check 2s\n\nlisten health_check_http_url\n + \ bind :8888 \n mode http\n monitor-uri /healthz\n option dontlognull\n# + Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_0\n + \ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n + \ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\ + argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE0\n tcp-check send QUIT\\r\\n\n + \ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379 + check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n# + Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_1\n + \ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n + \ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\ + argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE1\n tcp-check send QUIT\\r\\n\n + \ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379 + check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n# + Check Sentinel and whether they are nominated master\nbackend check_if_redis_is_master_2\n + \ mode tcp\n option tcp-check\n tcp-check connect\n tcp-check send PING\\r\\n\n + \ tcp-check expect string +PONG\n tcp-check send SENTINEL\\ get-master-addr-by-name\\ + argocd\\r\\n\n tcp-check expect string REPLACE_ANNOUNCE2\n tcp-check send QUIT\\r\\n\n + \ server R0 argocd-redis-ha-announce-0:26379 check inter 3s\n server R1 argocd-redis-ha-announce-1:26379 + check inter 3s\n server R2 argocd-redis-ha-announce-2:26379 check inter 3s\n\n# + decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n + \ use_backend bk_redis_master\n# Check all redis servers to see if they think + they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check + connect\n tcp-check send \"AUTH ${AUTH}\"\\r\\n\n tcp-check expect string +OK\n + \ tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check send + info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check send + QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) + } { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379 + check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) + ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise + 1\n use-server R2 if { srv_is_up(R2) } { nbsrv(check_if_redis_is_master_2) ge + 2 }\n server R2 argocd-redis-ha-announce-2:6379 check inter 3s fall 1 rise 1\nfrontend + stats\n mode http\n bind :9101 \n http-request use-service prometheus-exporter + if { path /metrics }\n stats enable\n stats uri /stats\n stats refresh 10s\n" + haproxy_init.sh: | + HAPROXY_CONF=/data/haproxy.cfg + cp /readonly/haproxy.cfg "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts argocd-redis-ha-announce-0 && break + echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP0=$(getent hosts "argocd-redis-ha-announce-0" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP0" ]; then + echo "Could not resolve the announce ip for argocd-redis-ha-announce-0" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts argocd-redis-ha-announce-1 && break + echo "Waiting for service argocd-redis-ha-announce-1 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP1=$(getent hosts "argocd-redis-ha-announce-1" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP1" ]; then + echo "Could not resolve the announce ip for argocd-redis-ha-announce-1" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF" + for loop in $(seq 1 10); do + getent hosts argocd-redis-ha-announce-2 && break + echo "Waiting for service argocd-redis-ha-announce-2 to be ready ($loop) ..." && sleep 1 + done + ANNOUNCE_IP2=$(getent hosts "argocd-redis-ha-announce-2" | awk '{ print $1 }') + if [ -z "$ANNOUNCE_IP2" ]; then + echo "Could not resolve the announce ip for argocd-redis-ha-announce-2" + exit 1 + fi + sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF" + init.sh: | + echo "$(date) Start..." + HOSTNAME="$(hostname)" + INDEX="${HOSTNAME##*-}" + SENTINEL_PORT=26379 + ANNOUNCE_IP='' + MASTER='' + MASTER_GROUP="argocd" + QUORUM="2" + REDIS_CONF=/data/conf/redis.conf + REDIS_PORT=6379 + REDIS_TLS_PORT= + SENTINEL_CONF=/data/conf/sentinel.conf + SENTINEL_TLS_PORT= + SERVICE=argocd-redis-ha + SENTINEL_TLS_REPLICATION_ENABLED=false + REDIS_TLS_REPLICATION_ENABLED=false + + set -eu + sentinel_get_master() { + set +e + if [ "$SENTINEL_PORT" -eq 0 ]; then + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + else + redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' + fi + set -e + } + + sentinel_get_master_retry() { + master='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + master=$(sentinel_get_master) + if [ -n "${master}" ]; then + break + fi + sleep $((sleep + i)) + done + echo "${master}" + } + + identify_master() { + echo "Identifying redis master (get-master-addr-by-name).." + echo " using sentinel (argocd-redis-ha), sentinel group name (argocd)" + MASTER="$(sentinel_get_master_retry 3)" + if [ -n "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + else + echo " $(date) Did not find redis master (${MASTER})" + fi + } + + sentinel_update() { + echo "Updating sentinel config.." + echo " evaluating sentinel id (\${SENTINEL_ID_${INDEX}})" + eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}" + echo " sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})" + sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}" + if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then + echo " redis master (${1}:${REDIS_TLS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + else + echo " redis master (${1}:${REDIS_PORT})" + sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}" + fi + echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF} + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})" + echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF} + else + echo " announce (${ANNOUNCE_IP}:${SENTINEL_PORT})" + echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF} + fi + } + + redis_update() { + echo "Updating redis config.." + if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then + echo " we are slave of redis master (${1}:${REDIS_TLS_PORT})" + echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF} + else + echo " we are slave of redis master (${1}:${REDIS_PORT})" + echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}" + echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF} + fi + echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF} + } + + copy_config() { + echo "Copying default redis config.." + echo " to '${REDIS_CONF}'" + cp /readonly-config/redis.conf "${REDIS_CONF}" + echo "Copying default sentinel config.." + echo " to '${SENTINEL_CONF}'" + cp /readonly-config/sentinel.conf "${SENTINEL_CONF}" + } + + setup_defaults() { + echo "Setting up defaults.." + echo " using statefulset index (${INDEX})" + if [ "${INDEX}" = "0" ]; then + echo "Setting this pod as master for redis and sentinel.." + echo " using announce (${ANNOUNCE_IP})" + redis_update "${ANNOUNCE_IP}" + sentinel_update "${ANNOUNCE_IP}" + echo " make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)" + sed -i "s/^.*slaveof.*//" "${REDIS_CONF}" + else + echo "Getting redis master ip.." + echo " blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master" + DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')" + if [ -z "${DEFAULT_MASTER}" ]; then + echo "Error: Unable to resolve redis master (getent hosts)." + exit 1 + fi + echo " identified redis (may be redis master) ip (${DEFAULT_MASTER})" + echo "Setting default slave config for redis and sentinel.." + echo " using master ip (${DEFAULT_MASTER})" + redis_update "${DEFAULT_MASTER}" + sentinel_update "${DEFAULT_MASTER}" + fi + } + + redis_ping() { + set +e + if [ "$REDIS_PORT" -eq 0 ]; then + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + else + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping + fi + set -e + } + + redis_ping_retry() { + ping='' + retry=${1} + sleep=3 + for i in $(seq 1 "${retry}"); do + if [ "$(redis_ping)" = "PONG" ]; then + ping='PONG' + break + fi + sleep $((sleep + i)) + MASTER=$(sentinel_get_master) + done + echo "${ping}" + } + + find_master() { + echo "Verifying redis master.." + if [ "$REDIS_PORT" -eq 0 ]; then + echo " ping (${MASTER}:${REDIS_TLS_PORT})" + else + echo " ping (${MASTER}:${REDIS_PORT})" + fi + if [ "$(redis_ping_retry 3)" != "PONG" ]; then + echo " $(date) Can't ping redis master (${MASTER})" + echo "Attempting to force failover (sentinel failover).." + + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + else + echo " on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + echo " $(date) Failover returned with 'NOGOODSLAVE'" + echo "Setting defaults for this pod.." + setup_defaults + return 0 + fi + fi + + echo "Hold on for 10sec" + sleep 10 + echo "We should get redis master's ip now. Asking (get-master-addr-by-name).." + if [ "$SENTINEL_PORT" -eq 0 ]; then + echo " sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" + else + echo " sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})" + fi + MASTER="$(sentinel_get_master)" + if [ "${MASTER}" ]; then + echo " $(date) Found redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + else + echo "$(date) Error: Could not failover, exiting..." + exit 1 + fi + else + echo " $(date) Found reachable redis master (${MASTER})" + echo "Updating redis and sentinel config.." + sentinel_update "${MASTER}" + redis_update "${MASTER}" + fi + } + + redis_ro_update() { + echo "Updating read-only redis config.." + echo " redis.conf set 'replica-priority 0'" + echo "replica-priority 0" >> ${REDIS_CONF} + } + + getent_hosts() { + index=${1:-${INDEX}} + service="${SERVICE}-announce-${index}" + host=$(getent hosts "${service}") + echo "${host}" + } + + identify_announce_ip() { + echo "Identify announce ip for this pod.." + echo " using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})" + ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }') + echo " identified announce (${ANNOUNCE_IP})" + } + + mkdir -p /data/conf/ + + echo "Initializing config.." + copy_config + + # where is redis master + identify_master + + identify_announce_ip + + if [ -z "${ANNOUNCE_IP}" ]; then + "Error: Could not resolve the announce ip for this pod." + exit 1 + elif [ "${MASTER}" ]; then + find_master + else + setup_defaults + fi + + if [ "${AUTH:-}" ]; then + echo "Setting redis auth values.." + ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g'); + sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}" + fi + + if [ "${SENTINELAUTH:-}" ]; then + echo "Setting sentinel auth values" + ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g'); + sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF" + fi + + echo "$(date) Ready..." + redis.conf: | + dir "/data" + port 6379 + rename-command FLUSHDB "" + rename-command FLUSHALL "" + bind 0.0.0.0 + maxmemory 0 + maxmemory-policy volatile-lru + min-replicas-max-lag 5 + min-replicas-to-write 1 + rdbchecksum yes + rdbcompression yes + repl-diskless-sync yes + save "" + requirepass replace-default-auth + masterauth replace-default-auth + sentinel.conf: | + dir "/data" + port 26379 + bind 0.0.0.0 + sentinel down-after-milliseconds argocd 10000 + sentinel failover-timeout argocd 180000 + maxclients 10000 + sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth + trigger-failover-if-master.sh: | + get_redis_role() { + is_master=$( + redis-cli \ + -a "${AUTH}" --no-auth-warning \ + -h localhost \ + -p 6379 \ + info | grep -c 'role:master' || true + ) + } + get_redis_role + if [[ "$is_master" -eq 1 ]]; then + echo "This node is currently master, we trigger a failover." + response=$( + redis-cli \ + -h localhost \ + -p 26379 \ + SENTINEL failover argocd + ) + if [[ "$response" != "OK" ]] ; then + echo "$response" + exit 1 + fi + timeout=30 + while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do + sleep 1 + get_redis_role + timeout=$((timeout - 1)) + done + echo "Failover successful" + fi +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-configmap +--- +apiVersion: v1 +data: + redis_liveness.sh: | + response=$( + redis-cli \ + -a "${AUTH}" --no-auth-warning \ + -h localhost \ + -p 6379 \ + ping + ) + if [ "$response" != "PONG" ] && [ "${response:0:7}" != "LOADING" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + redis_readiness.sh: | + response=$( + redis-cli \ + -a "${AUTH}" --no-auth-warning \ + -h localhost \ + -p 6379 \ + ping + ) + if [ "$response" != "PONG" ] ; then + echo "$response" + exit 1 + fi + echo "response=$response" + sentinel_liveness.sh: | + response=$( + redis-cli \ + -h localhost \ + -p 26379 \ + ping + ) + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + echo "response=$response" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-health-configmap +--- +apiVersion: v1 +data: + ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-ssh-known-hosts-cm + app.kubernetes.io/part-of: argocd + name: argocd-ssh-known-hosts-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-tls-certs-cm + app.kubernetes.io/part-of: argocd + name: argocd-tls-certs-cm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-secret +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd + name: argocd-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + ports: + - name: webhook + port: 7000 + protocol: TCP + targetPort: webhook + - name: metrics + port: 8080 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + ports: + - name: server + port: 8086 + protocol: TCP + targetPort: 8086 + - name: metrics + port: 8087 + protocol: TCP + targetPort: 8087 + selector: + app.kubernetes.io/name: argocd-commit-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +spec: + ports: + - appProtocol: TCP + name: http + port: 5556 + protocol: TCP + targetPort: 5556 + - name: grpc + port: 5557 + protocol: TCP + targetPort: 5557 + - name: metrics + port: 5558 + protocol: TCP + targetPort: 5558 + selector: + app.kubernetes.io/name: argocd-dex-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/name: argocd-metrics + app.kubernetes.io/part-of: argocd + name: argocd-metrics +spec: + ports: + - name: metrics + port: 8082 + protocol: TCP + targetPort: 8082 + selector: + app.kubernetes.io/name: argocd-application-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-metrics +spec: + ports: + - name: metrics + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/name: argocd-notifications-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha +spec: + clusterIP: None + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel + selector: + app.kubernetes.io/name: argocd-redis-ha + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-announce-0 +spec: + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel + publishNotReadyAddresses: true + selector: + app.kubernetes.io/name: argocd-redis-ha + statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-0 + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-announce-1 +spec: + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel + publishNotReadyAddresses: true + selector: + app.kubernetes.io/name: argocd-redis-ha + statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-1 + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-announce-2 +spec: + ports: + - name: tcp-server + port: 6379 + protocol: TCP + targetPort: redis + - name: tcp-sentinel + port: 26379 + protocol: TCP + targetPort: sentinel + publishNotReadyAddresses: true + selector: + app.kubernetes.io/name: argocd-redis-ha + statefulset.kubernetes.io/pod-name: argocd-redis-ha-server-2 + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha-haproxy + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +spec: + ports: + - name: tcp-haproxy + port: 6379 + protocol: TCP + targetPort: redis + - name: http-exporter-port + port: 9101 + protocol: TCP + targetPort: metrics-port + selector: + app.kubernetes.io/name: argocd-redis-ha-haproxy + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + ports: + - name: server + port: 8081 + protocol: TCP + targetPort: 8081 + - name: metrics + port: 8084 + protocol: TCP + targetPort: 8084 + selector: + app.kubernetes.io/name: argocd-repo-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/name: argocd-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server-metrics + app.kubernetes.io/part-of: argocd + name: argocd-server-metrics +spec: + ports: + - name: metrics + port: 8083 + protocol: TCP + targetPort: 8083 + selector: + app.kubernetes.io/name: argocd-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-applicationset-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-applicationset-controller + env: + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.syncs + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.concurrent.reconciliations.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-applicationset-controller + ports: + - containerPort: 7000 + name: webhook + - containerPort: 8080 + name: metrics + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-applicationset-controller + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-commit-server + env: + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: commitserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: commitserver.log.level + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-commit-server + ports: + - containerPort: 8086 + - containerPort: 8087 + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + serviceAccountName: argocd-commit-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-commit-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-commit-server-tls + - emptyDir: {} + name: var-files +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-dex-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - command: + - /shared/argocd-dex + - rundex + env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: dexserver.disable.tls + name: argocd-cmd-params-cm + optional: true + image: ghcr.io/dexidp/dex:v2.41.1 + imagePullPolicy: Always + name: dex + ports: + - containerPort: 5556 + - containerPort: 5557 + - containerPort: 5558 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + - mountPath: /tls + name: argocd-dex-server-tls + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-dex-server + volumes: + - emptyDir: {} + name: static-files + - emptyDir: {} + name: dexconfig + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: argocd-notifications-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 9001 + name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha-haproxy + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-haproxy +spec: + replicas: 3 + revisionHistoryLimit: 1 + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + strategy: + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 + prometheus.io/path: /metrics + prometheus.io/port: "9101" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + name: argocd-redis-ha-haproxy + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + topologyKey: kubernetes.io/hostname + containers: + - env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + imagePullPolicy: IfNotPresent + lifecycle: {} + livenessProbe: + httpGet: + path: /healthz + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 3 + name: haproxy + ports: + - containerPort: 6379 + name: redis + - containerPort: 9101 + name: metrics-port + readinessProbe: + httpGet: + path: /healthz + port: 8888 + initialDelaySeconds: 5 + periodSeconds: 3 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /usr/local/etc/haproxy + name: data + - mountPath: /run/haproxy + name: shared-socket + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + - args: + - /readonly/haproxy_init.sh + command: + - sh + image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + imagePullPolicy: IfNotPresent + name: config-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /readonly + name: config-volume + readOnly: true + - mountPath: /data + name: data + securityContext: + fsGroup: 99 + runAsNonRoot: true + runAsUser: 99 + serviceAccountName: argocd-redis-ha-haproxy + volumes: + - configMap: + name: argocd-redis-ha-configmap + name: config-volume + - emptyDir: {} + name: shared-socket + - emptyDir: {} + name: data +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-repo-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-repo-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: reposerver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: reposerver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: reposerver.disable.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: reposerver.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.repo.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.max.combined.directory.manifests.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.tar.exclusions + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.disable.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GRPC_MAX_SIZE_MB + valueFrom: + configMapKeyRef: + key: reposerver.grpc.max.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8084 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-repo-server + ports: + - containerPort: 8081 + - containerPort: 8084 + readinessProbe: + httpGet: + path: /healthz + port: 8084 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /tmp + name: tmp + - mountPath: /helm-working-dir + name: helm-working-dir + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-repo-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - emptyDir: {} + name: helm-working-dir + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - emptyDir: {} + name: var-files + - emptyDir: {} + name: plugins +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: argocd-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: topology.kubernetes.io/zone + weight: 100 + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: kubernetes.io/hostname + containers: + - args: + - /usr/local/bin/argocd-server + env: + - name: ARGOCD_API_SERVER_REPLICAS + value: "2" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + key: server.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + key: server.basehref + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + key: server.rootpath + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: server.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + key: server.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + key: server.dex.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + key: server.disable.auth + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + key: server.enable.gzip + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: server.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + key: server.x.frame.options + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + key: server.content.security.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.dex.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.dex.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: server.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.connection.status.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.oidc.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.login.attempts.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + key: server.staticassets + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + key: server.http.cookie.maxnumber + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + key: server.enable.proxy.extension + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: server.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: server.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + key: server.api.content.types + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: server.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-server + ports: + - containerPort: 8080 + - containerPort: 8083 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /tmp + name: tmp + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-server + volumes: + - emptyDir: {} + name: plugins-home + - emptyDir: {} + name: tmp + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls + - configMap: + items: + - key: server.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + serviceName: argocd-application-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-application-controller + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - /usr/local/bin/argocd-application-controller + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_CONTROLLER_REPLICAS + value: "1" + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.hard.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.error.grace.period.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.status.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.operation.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: controller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: controller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.metrics.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: controller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: controller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + key: controller.resource.health.persist + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: controller.kubectl.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + key: controller.diff.server.side + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-application-controller + ports: + - containerPort: 8082 + readinessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + - mountPath: /tmp + name: argocd-application-controller-tmp + workingDir: /home/argocd + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-application-controller + volumes: + - emptyDir: {} + name: argocd-home + - emptyDir: {} + name: argocd-application-controller-tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - configMap: + items: + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis-ha + app.kubernetes.io/part-of: argocd + name: argocd-redis-ha-server +spec: + podManagementPolicy: OrderedReady + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + serviceName: argocd-redis-ha + template: + metadata: + annotations: + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 + labels: + app.kubernetes.io/name: argocd-redis-ha + spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + topologyKey: kubernetes.io/hostname + automountServiceAccountToken: false + containers: + - args: + - /data/conf/redis.conf + command: + - redis-server + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /bin/sh + - /readonly-config/trigger-failover-if-master.sh + livenessProbe: + exec: + command: + - sh + - -c + - /health/redis_liveness.sh + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + name: redis + ports: + - containerPort: 6379 + name: redis + readinessProbe: + exec: + command: + - sh + - -c + - /health/redis_readiness.sh + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /readonly-config + name: config + readOnly: true + - mountPath: /data + name: data + - mountPath: /health + name: health + - args: + - /data/conf/sentinel.conf + command: + - redis-sentinel + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine + imagePullPolicy: IfNotPresent + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - sleep 30; redis-cli -p 26379 sentinel reset argocd + livenessProbe: + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 15 + name: sentinel + ports: + - containerPort: 26379 + name: sentinel + readinessProbe: + exec: + command: + - sh + - -c + - /health/sentinel_liveness.sh + failureThreshold: 5 + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 3 + timeoutSeconds: 15 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /data + name: data + - mountPath: /health + name: health + - args: + - /readonly-config/fix-split-brain.sh + command: + - sh + env: + - name: SENTINEL_ID_0 + value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 + - name: SENTINEL_ID_1 + value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 + - name: SENTINEL_ID_2 + value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine + imagePullPolicy: IfNotPresent + name: split-brain-fix + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /readonly-config + name: config + readOnly: true + - mountPath: /data + name: data + initContainers: + - args: + - /readonly-config/init.sh + command: + - sh + env: + - name: SENTINEL_ID_0 + value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6 + - name: SENTINEL_ID_1 + value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 + - name: SENTINEL_ID_2 + value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine + imagePullPolicy: IfNotPresent + name: config-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /readonly-config + name: config + readOnly: true + - mountPath: /data + name: data + securityContext: + fsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + serviceAccountName: argocd-redis-ha + terminationGracePeriodSeconds: 60 + volumes: + - configMap: + name: argocd-redis-ha-configmap + name: config + - configMap: + defaultMode: 493 + name: argocd-redis-ha-health-configmap + name: health + - emptyDir: {} + name: data + updateStrategy: + type: RollingUpdate +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-application-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8082 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-applicationset-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 7000 + protocol: TCP + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-commit-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 8086 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8087 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-dex-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + ports: + - port: 5556 + protocol: TCP + - port: 5557 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 5558 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-redis-ha-proxy-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 6379 + protocol: TCP + - port: 26379 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-redis-ha-server-network-policy +spec: + egress: + - ports: + - port: 6379 + protocol: TCP + - port: 26379 + protocol: TCP + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha-haproxy + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + ports: + - port: 6379 + protocol: TCP + - port: 26379 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis-ha + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-repo-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + ports: + - port: 8081 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8084 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-server-network-policy +spec: + ingress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + policyTypes: + - Ingress diff --git a/manifests/ha/namespace-install-with-hydrator/kustomization.yaml b/manifests/ha/namespace-install-with-hydrator/kustomization.yaml new file mode 100644 index 0000000000000..ecde0d9c70796 --- /dev/null +++ b/manifests/ha/namespace-install-with-hydrator/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - ../namespace-install + - ../../base/commit-server diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 6f4231e7d4944..d86dfd009f8d7 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -2749,6 +2749,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -2969,6 +2975,12 @@ spec: key: controller.self.heal.backoff.cap.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -3077,6 +3089,12 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true - name: KUBECACHEDIR value: /tmp/kubecache image: quay.io/argoproj/argocd:latest diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml new file mode 100644 index 0000000000000..446762e6c0da5 --- /dev/null +++ b/manifests/install-with-hydrator.yaml @@ -0,0 +1,26352 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: applications.argoproj.io + app.kubernetes.io/part-of: argocd + name: applications.argoproj.io +spec: + group: argoproj.io + names: + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + - apps + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.sync.status + name: Sync Status + type: string + - jsonPath: .status.health.status + name: Health Status + type: string + - jsonPath: .status.sync.revision + name: Revision + priority: 10 + type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Application is a definition of Application resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + operation: + description: Operation contains information about a requested or running + operation + properties: + info: + description: Info is a list of informational items for this operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent retries + of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default unit + is seconds, but could also be a duration (e.g. "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time allowed + for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number of auto-heal + attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply --dry-run` + without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides sync + source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from the cluster + that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall be part + of the sync + items: + description: SyncOperationResource contains resources to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to + be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by + not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources for + Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to + apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the sync + properties: + apply: + description: Apply will perform a `kubectl apply` to perform + the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources to + perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + spec: + description: ApplicationSpec represents desired application state. Contains + link to repository with application definition and additional parameters + link definition revision. + properties: + destination: + description: Destination is a reference to the target Kubernetes server + and namespace + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is not + set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a list of resources and their fields + which should be ignored during comparison + items: + description: ResourceIgnoreDifferences contains resource filter + and list of json paths which should be ignored during comparison + with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + description: Info contains a list of information (URLs, email addresses, + and plain text) that relates to the application + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. + type: string + revisionHistoryLimit: + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. + format: int64 + type: integer + source: + description: Source is a reference to the location of the application's + manifests or chart + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being used + during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation step + (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether to + apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels to + add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to force + applying common annotations to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize adds + to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize to + use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + description: Sources is a reference to the location of the application's + manifests or chart + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being + used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be passed + to helm template, defined as a map. This takes precedence + over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize components + to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to + force applying common annotations to resources for Kustomize + apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether to apply + common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas override + specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + description: SyncPolicy controls when and how a sync will be performed + properties: + automated: + description: Automated will keep an application synced to the + target revision + properties: + allowEmpty: + description: 'AllowEmpty allows apps have zero live resources + (default: false)' + type: boolean + prune: + description: 'Prune specifies whether to delete resources + from the cluster that are not found in the sources anymore + as part of automated sync (default: false)' + type: boolean + selfHeal: + description: 'SelfHeal specifies whether to revert resources + back to their desired state upon modification in the cluster + (default: false)' + type: boolean + type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + description: Retry controls failed sync retry behavior + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base duration + after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of time + allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for retrying + a failed sync. If set to 0, no retries will be performed. + format: int64 + type: integer + type: object + syncOptions: + description: Options allow you to specify whole app sync-options + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + status: + description: ApplicationStatus contains status information for the application + properties: + conditions: + description: Conditions is a list of currently observed application + conditions + items: + description: ApplicationCondition contains details about an application + condition, which is usually an error or warning + properties: + lastTransitionTime: + description: LastTransitionTime is the time the condition was + last observed + format: date-time + type: string + message: + description: Message contains human-readable message indicating + details about condition + type: string + type: + description: Type is an application condition type + type: string + required: + - message + - type + type: object + type: array + controllerNamespace: + description: ControllerNamespace indicates the namespace in which + the application controller is located + type: string + health: + description: Health contains information about the application's current + health status + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application or + resource + type: string + type: object + history: + description: History contains information about the application's + sync history + items: + description: RevisionHistory contains history information about + a previous sync + properties: + deployStartedAt: + description: DeployStartedAt holds the time the sync operation + started + format: date-time + type: string + deployedAt: + description: DeployedAt holds the time the sync operation completed + format: date-time + type: string + id: + description: ID is an auto incrementing identifier of the RevisionHistory + format: int64 + type: integer + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was initiated + automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who started + operation + type: string + type: object + revision: + description: Revision holds the revision the sync was performed + against + type: string + revisions: + description: Revisions holds the revision of each source in + sources field the sync was performed against + items: + type: string + type: array + source: + description: Source is a reference to the application source + used for the sync operation + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to template + with. If left empty, defaults to the app's destination + namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. ValuesObject + takes precedence over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to be + passed to helm template, defined as a map. This takes + precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is displayed + in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application sources + used for the sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - deployedAt + - id + type: object + type: array + observedAt: + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field + format: date-time + type: string + operationState: + description: OperationState contains information about any ongoing + operations, such as a sync + properties: + finishedAt: + description: FinishedAt contains time of operation completion + format: date-time + type: string + message: + description: Message holds any pertinent messages when attempting + to perform operation (typically errors). + type: string + operation: + description: Operation is the original requested operation + properties: + info: + description: Info is a list of informational items for this + operation + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + initiatedBy: + description: InitiatedBy contains information about who initiated + the operations + properties: + automated: + description: Automated is set to true if operation was + initiated automatically by the application controller. + type: boolean + username: + description: Username contains the name of a user who + started operation + type: string + type: object + retry: + description: Retry controls the strategy to apply if a sync + fails + properties: + backoff: + description: Backoff controls how to backoff on subsequent + retries of failed syncs + properties: + duration: + description: Duration is the amount to back off. Default + unit is seconds, but could also be a duration (e.g. + "2m", "1h") + type: string + factor: + description: Factor is a factor to multiply the base + duration after each failed retry + format: int64 + type: integer + maxDuration: + description: MaxDuration is the maximum amount of + time allowed for the backoff strategy + type: string + type: object + limit: + description: Limit is the maximum number of attempts for + retrying a failed sync. If set to 0, no retries will + be performed. + format: int64 + type: integer + type: object + sync: + description: Sync contains parameters for the operation + properties: + autoHealAttemptsCount: + description: SelfHealAttemptsCount contains the number + of auto-heal attempts + format: int64 + type: integer + dryRun: + description: DryRun specifies to perform a `kubectl apply + --dry-run` without actually performing the sync + type: boolean + manifests: + description: Manifests is an optional field that overrides + sync source with a local directory for development + items: + type: string + type: array + prune: + description: Prune specifies to delete resources from + the cluster that are no longer tracked in git + type: boolean + resources: + description: Resources describes which resources shall + be part of the sync + items: + description: SyncOperationResource contains resources + to sync. + properties: + group: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + type: array + revision: + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. + type: string + revisions: + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. + items: + type: string + type: array + source: + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to + Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles do + not exist locally by not appending them to helm + template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to + the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over + Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a + map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors + or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of + Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in + the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required + information about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles + do not exist locally by not appending them + to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults + to the app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during manifest + generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource + definition installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to + be passed to helm template, typically defined + as a block. ValuesObject takes precedence + over Values, so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as + a map. This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to + use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of + additional annotations to add to rendered + manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution + for annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of + kustomize components to add to the kustomization + before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies + whether to apply common labels to resource + selectors or not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that + Kustomize adds to all resources + type: string + patches: + description: Patches is a list of Kustomize + patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize + Replicas override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and + is displayed in the UI. It is used in multi-source + Applications. + type: string + path: + description: Path is a directory path within the + Git repository, and is only valid for applications + sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the + variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an + array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map + type parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a + string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source + within sources field. This field will not be used + if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + syncOptions: + description: SyncOptions provide per-sync sync-options, + e.g. Validate=false + items: + type: string + type: array + syncStrategy: + description: SyncStrategy describes how to perform the + sync + properties: + apply: + description: Apply will perform a `kubectl apply` + to perform the sync. + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + hook: + description: Hook will submit any referenced resources + to perform the sync. This is the default strategy + properties: + force: + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. + type: boolean + type: object + type: object + type: object + type: object + phase: + description: Phase is the current phase of the operation + type: string + retryCount: + description: RetryCount contains time of operation retries + format: int64 + type: integer + startedAt: + description: StartedAt contains time of operation start + format: date-time + type: string + syncResult: + description: SyncResult is the result of a Sync operation + properties: + managedNamespaceMetadata: + description: ManagedNamespaceMetadata contains the current + sync state of managed namespace metadata + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + resources: + description: Resources contains a list of sync result items + for each individual resource in a sync operation + items: + description: ResourceResult holds the operation result details + of a specific resource + properties: + group: + description: Group specifies the API group of the resource + type: string + hookPhase: + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. + type: string + hookType: + description: HookType specifies the type of the hook. + Empty for non-hook resources + type: string + kind: + description: Kind specifies the API kind of the resource + type: string + message: + description: Message contains an informational or error + message for the last sync OR operation + type: string + name: + description: Name specifies the name of the resource + type: string + namespace: + description: Namespace specifies the target namespace + of the resource + type: string + status: + description: Status holds the final result of the sync. + Will be empty if the resources is yet to be applied/pruned + and is always zero-value for hooks + type: string + syncPhase: + description: SyncPhase indicates the particular phase + of the sync that this result was acquired in + type: string + version: + description: Version specifies the API version of the + resource + type: string + required: + - group + - kind + - name + - namespace + - version + type: object + type: array + revision: + description: Revision holds the revision this sync operation + was performed to + type: string + revisions: + description: Revisions holds the revision this sync operation + was performed for respective indexed source in sources field + items: + type: string + type: array + source: + description: Source records the application source information + of the sync, used for comparing auto-sync + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Source records the application source information + of the sync, used for comparing auto-sync + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - revision + type: object + required: + - operation + - phase + - startedAt + type: object + reconciledAt: + description: ReconciledAt indicates when the application state was + reconciled using the latest git version + format: date-time + type: string + resourceHealthSource: + description: 'ResourceHealthSource indicates where the resource health + status is stored: inline if not set or appTree' + type: string + resources: + description: Resources is a list of Kubernetes resources managed by + this application + items: + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type + properties: + group: + type: string + health: + description: HealthStatus contains information about the currently + observed health state of an application or resource + properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string + message: + description: Message is a human-readable informational message + describing the health status + type: string + status: + description: Status holds the status code of the application + or resource + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + description: SyncStatusCode is a type which represents possible + comparison results + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object + sourceType: + description: SourceType specifies the type of this application + type: string + sourceTypes: + description: SourceTypes specifies the type of the sources included + in the application + items: + description: ApplicationSourceType specifies the type of the application's + source + type: string + type: array + summary: + description: Summary contains a list of URLs and container images + used by this application + properties: + externalURLs: + description: ExternalURLs holds all external URLs of application + child resources. + items: + type: string + type: array + images: + description: Images holds all images of application child resources. + items: + type: string + type: array + type: object + sync: + description: Sync contains information about the application's current + sync status + properties: + comparedTo: + description: ComparedTo contains information about what has been + compared + properties: + destination: + description: Destination is a reference to the application's + destination used for comparison + properties: + name: + description: Name is an alternate way of specifying the + target cluster by its symbolic name. This must be set + if Server is not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name + is not set. + type: string + type: object + ignoreDifferences: + description: IgnoreDifferences is a reference to the application's + ignored differences used for comparison + items: + description: ResourceIgnoreDifferences contains resource + filter and list of json paths which should be ignored + during comparison with live state. + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + source: + description: Source is a reference to the application's source + used for comparison + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace to + template with. If left empty, defaults to the app's + destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block. + ValuesObject takes precedence over Values, so use + one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values to + be passed to helm template, defined as a map. This + takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies whether + to apply env variables substitution for annotation + values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + sources: + description: Sources is a reference to the application's multiple + sources used for comparison + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + namespace: + description: Namespace is an optional namespace + to template with. If left empty, defaults to the + app's destination namespace. + type: string + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean + skipTests: + description: SkipTests skips test manifest installation + step (Helm's --skip-tests). + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block. ValuesObject takes precedence over Values, + so use one or the other. + type: string + valuesObject: + description: ValuesObject specifies Helm values + to be passed to helm template, defined as a map. + This takes precedence over Values. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + apiVersions: + description: |- + APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonAnnotationsEnvsubst: + description: CommonAnnotationsEnvsubst specifies + whether to apply env variables substitution for + annotation values + type: boolean + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + components: + description: Components specifies a list of kustomize + components to add to the kustomization before + building + items: + type: string + type: array + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + kubeVersion: + description: |- + KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + uses the Kubernetes version of the target cluster. + type: string + labelWithoutSelector: + description: LabelWithoutSelector specifies whether + to apply common labels to resource selectors or + not + type: boolean + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + namespace: + description: Namespace sets the namespace that Kustomize + adds to all resources + type: string + patches: + description: Patches is a list of Kustomize patches + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + description: Replicas is a list of Kustomize Replicas + override specifications + items: + properties: + count: + anyOf: + - type: integer + - type: string + description: Number of replicas + x-kubernetes-int-or-string: true + name: + description: Name of Deployment or StatefulSet + type: string + required: + - count + - name + type: object + type: array + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + name: + description: Name is used to refer to a source and is + displayed in the UI. It is used in multi-source Applications. + type: string + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array + required: + - destination + type: object + revision: + description: Revision contains information about the revision + the comparison has been performed to + type: string + revisions: + description: Revisions contains information about the revisions + of multiple sources the comparison has been performed to + items: + type: string + type: array + status: + description: Status is the sync state of the comparison + type: string + required: + - status + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd + name: applicationsets.argoproj.io +spec: + group: argoproj.io + names: + kind: ApplicationSet + listKind: ApplicationSetList + plural: applicationsets + shortNames: + - appset + - appsets + singular: applicationset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + applyNestedSelectors: + type: boolean + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + type: object + merge: + properties: + generators: + items: + properties: + clusterDecisionResource: + properties: + configMapRef: + type: string + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + clusters: + properties: + flatList: + type: boolean + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + git: + properties: + directories: + items: + properties: + exclude: + type: boolean + path: + type: string + required: + - path + type: object + type: array + files: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + pathParamPrefix: + type: string + repoURL: + type: string + requeueAfterSeconds: + format: int64 + type: integer + revision: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - repoURL + - revision + type: object + list: + properties: + elements: + items: + x-kubernetes-preserve-unknown-fields: true + type: array + elementsYaml: + type: string + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + matrix: + x-kubernetes-preserve-unknown-fields: true + merge: + x-kubernetes-preserve-unknown-fields: true + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + mergeKeys: + items: + type: string + type: array + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + required: + - generators + - mergeKeys + type: object + plugin: + properties: + configMapRef: + properties: + name: + type: string + required: + - name + type: object + input: + properties: + parameters: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + required: + - configMapRef + type: object + pullRequest: + properties: + azuredevops: + properties: + api: + type: string + labels: + items: + type: string + type: array + organization: + type: string + project: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + - project + - repo + type: object + bitbucket: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + bitbucketServer: + properties: + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + repo: + type: string + required: + - api + - project + - repo + type: object + filters: + items: + properties: + branchMatch: + type: string + targetBranchMatch: + type: string + type: object + type: array + gitea: + properties: + api: + type: string + insecure: + type: boolean + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + - repo + type: object + github: + properties: + api: + type: string + appSecretName: + type: string + labels: + items: + type: string + type: array + owner: + type: string + repo: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - owner + - repo + type: object + gitlab: + properties: + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + labels: + items: + type: string + type: array + project: + type: string + pullRequestState: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - project + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + type: object + scmProvider: + properties: + awsCodeCommit: + properties: + allBranches: + type: boolean + region: + type: string + role: + type: string + tagFilters: + items: + properties: + key: + type: string + value: + type: string + required: + - key + type: object + type: array + type: object + azureDevOps: + properties: + accessTokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + allBranches: + type: boolean + api: + type: string + organization: + type: string + teamProject: + type: string + required: + - accessTokenRef + - organization + - teamProject + type: object + bitbucket: + properties: + allBranches: + type: boolean + appPasswordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + owner: + type: string + user: + type: string + required: + - appPasswordRef + - owner + - user + type: object + bitbucketServer: + properties: + allBranches: + type: boolean + api: + type: string + basicAuth: + properties: + passwordRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + username: + type: string + required: + - passwordRef + - username + type: object + bearerToken: + properties: + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - tokenRef + type: object + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + insecure: + type: boolean + project: + type: string + required: + - api + - project + type: object + cloneProtocol: + type: string + filters: + items: + properties: + branchMatch: + type: string + labelMatch: + type: string + pathsDoNotExist: + items: + type: string + type: array + pathsExist: + items: + type: string + type: array + repositoryMatch: + type: string + type: object + type: array + gitea: + properties: + allBranches: + type: boolean + api: + type: string + insecure: + type: boolean + owner: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - api + - owner + type: object + github: + properties: + allBranches: + type: boolean + api: + type: string + appSecretName: + type: string + organization: + type: string + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - organization + type: object + gitlab: + properties: + allBranches: + type: boolean + api: + type: string + caRef: + properties: + configMapName: + type: string + key: + type: string + required: + - configMapName + - key + type: object + group: + type: string + includeSharedProjects: + type: boolean + includeSubgroups: + type: boolean + insecure: + type: boolean + tokenRef: + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + topic: + type: string + required: + - group + type: object + requeueAfterSeconds: + format: int64 + type: integer + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + values: + additionalProperties: + type: string + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + goTemplate: + type: boolean + goTemplateOptions: + items: + type: string + type: array + ignoreApplicationDifferences: + items: + properties: + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + name: + type: string + type: object + type: array + preservedFields: + properties: + annotations: + items: + type: string + type: array + labels: + items: + type: string + type: array + type: object + strategy: + properties: + rollingSync: + properties: + steps: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: array + type: object + type: + type: string + type: object + syncPolicy: + properties: + applicationsSync: + enum: + - create-only + - create-update + - create-delete + - sync + type: string + preserveResourcesOnDeletion: + type: boolean + type: object + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + destination: + properties: + name: + type: string + namespace: + type: string + server: + type: string + type: object + ignoreDifferences: + items: + properties: + group: + type: string + jqPathExpressions: + items: + type: string + type: array + jsonPointers: + items: + type: string + type: array + kind: + type: string + managedFieldsManagers: + items: + type: string + type: array + name: + type: string + namespace: + type: string + required: + - kind + type: object + type: array + info: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + project: + type: string + revisionHistoryLimit: + format: int64 + type: integer + source: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + apiVersions: + items: + type: string + type: array + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + kubeVersion: + type: string + namespace: + type: string + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + skipSchemaValidation: + type: boolean + skipTests: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + valuesObject: + type: object + x-kubernetes-preserve-unknown-fields: true + version: + type: string + type: object + kustomize: + properties: + apiVersions: + items: + type: string + type: array + commonAnnotations: + additionalProperties: + type: string + type: object + commonAnnotationsEnvsubst: + type: boolean + commonLabels: + additionalProperties: + type: string + type: object + components: + items: + type: string + type: array + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + kubeVersion: + type: string + labelWithoutSelector: + type: boolean + namePrefix: + type: string + nameSuffix: + type: string + namespace: + type: string + patches: + items: + properties: + options: + additionalProperties: + type: boolean + type: object + patch: + type: string + path: + type: string + target: + properties: + annotationSelector: + type: string + group: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + version: + type: string + type: object + type: object + type: array + replicas: + items: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + type: string + required: + - count + - name + type: object + type: array + version: + type: string + type: object + name: + type: string + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array + syncPolicy: + properties: + automated: + properties: + allowEmpty: + type: boolean + prune: + type: boolean + selfHeal: + type: boolean + type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + retry: + properties: + backoff: + properties: + duration: + type: string + factor: + format: int64 + type: integer + maxDuration: + type: string + type: object + limit: + format: int64 + type: integer + type: object + syncOptions: + items: + type: string + type: array + type: object + required: + - destination + - project + type: object + required: + - metadata + - spec + type: object + templatePatch: + type: string + required: + - generators + - template + type: object + status: + properties: + applicationStatus: + items: + properties: + application: + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + step: + type: string + targetRevisions: + items: + type: string + type: array + required: + - application + - message + - status + - step + - targetRevisions + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - message + - reason + - status + - type + type: object + type: array + resources: + items: + properties: + group: + type: string + health: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresDeletionConfirmation: + type: boolean + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/name: appprojects.argoproj.io + app.kubernetes.io/part-of: argocd + name: appprojects.argoproj.io +spec: + group: argoproj.io + names: + kind: AppProject + listKind: AppProjectList + plural: appprojects + shortNames: + - appproj + - appprojs + singular: appproject + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AppProjectSpec is the specification of an AppProject + properties: + clusterResourceBlacklist: + description: ClusterResourceBlacklist contains list of blacklisted + cluster level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + clusterResourceWhitelist: + description: ClusterResourceWhitelist contains list of whitelisted + cluster level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + description: + description: Description contains optional project description + type: string + destinationServiceAccounts: + description: DestinationServiceAccounts holds information about the + service accounts to be impersonated for the application sync operation + for each destination. + items: + description: ApplicationDestinationServiceAccount holds information + about the service account to be impersonated for the application + sync operation. + properties: + defaultServiceAccount: + description: DefaultServiceAccount to be used for impersonation + during the sync operation + type: string + namespace: + description: Namespace specifies the target namespace for the + application's resources. + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. + type: string + required: + - defaultServiceAccount + - server + type: object + type: array + destinations: + description: Destinations contains list of destinations available + for deployment + items: + description: ApplicationDestination holds information about the + application's destination + properties: + name: + description: Name is an alternate way of specifying the target + cluster by its symbolic name. This must be set if Server is + not set. + type: string + namespace: + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + type: string + server: + description: Server specifies the URL of the target cluster's + Kubernetes control plane API. This must be set if Name is + not set. + type: string + type: object + type: array + namespaceResourceBlacklist: + description: NamespaceResourceBlacklist contains list of blacklisted + namespace level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + namespaceResourceWhitelist: + description: NamespaceResourceWhitelist contains list of whitelisted + namespace level resources + items: + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + orphanedResources: + description: OrphanedResources specifies if controller should monitor + orphaned resources of apps in this project + properties: + ignore: + description: Ignore contains a list of resources that are to be + excluded from orphaned resources monitoring + items: + description: OrphanedResourceKey is a reference to a resource + to be ignored from + properties: + group: + type: string + kind: + type: string + name: + type: string + type: object + type: array + warn: + description: Warn indicates if warning condition should be created + for apps which have orphaned resources + type: boolean + type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations + can only reference clusters which are project-scoped + type: boolean + roles: + description: Roles are user defined RBAC roles associated with this + project + items: + description: ProjectRole represents a role that has access to a + project + properties: + description: + description: Description is a description of the role + type: string + groups: + description: Groups are a list of OIDC group claims bound to + this role + items: + type: string + type: array + jwtTokens: + description: JWTTokens are a list of generated JWT tokens bound + to this role + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + name: + description: Name is a name for this role + type: string + policies: + description: Policies Stores a list of casbin formatted strings + that define access policies for the role in the project + items: + type: string + type: array + required: + - name + type: object + type: array + signatureKeys: + description: SignatureKeys contains a list of PGP key IDs that commits + in Git must be signed with in order to be allowed for sync + items: + description: SignatureKey is the specification of a key required + to verify commit signatures with + properties: + keyID: + description: The ID of the key in hexadecimal notation + type: string + required: + - keyID + type: object + type: array + sourceNamespaces: + description: SourceNamespaces defines the namespaces application resources + are allowed to be created in + items: + type: string + type: array + sourceRepos: + description: SourceRepos contains list of repository URLs which can + be used for deployment + items: + type: string + type: array + syncWindows: + description: SyncWindows controls when syncs can be run for apps in + this project + items: + description: SyncWindow contains the kind, time, duration and attributes + that are used to assign the syncWindows to apps + properties: + applications: + description: Applications contains a list of applications that + the window will apply to + items: + type: string + type: array + clusters: + description: Clusters contains a list of clusters that the window + will apply to + items: + type: string + type: array + duration: + description: Duration is the amount of time the sync window + will be open + type: string + kind: + description: Kind defines if the window allows or blocks syncs + type: string + manualSync: + description: ManualSync enables manual syncs when they would + otherwise be blocked + type: boolean + namespaces: + description: Namespaces contains a list of namespaces that the + window will apply to + items: + type: string + type: array + schedule: + description: Schedule is the time the window will begin, specified + in cron format + type: string + timeZone: + description: TimeZone of the sync that will be applied to the + schedule + type: string + type: object + type: array + type: object + status: + description: AppProjectStatus contains status information for AppProject + CRs + properties: + jwtTokensByRole: + additionalProperties: + description: JWTTokens represents a list of JWT tokens + properties: + items: + items: + description: JWTToken holds the issuedAt and expiresAt values + of a token + properties: + exp: + format: int64 + type: integer + iat: + format: int64 + type: integer + id: + type: string + required: + - iat + type: object + type: array + type: object + description: JWTTokensByRole contains a list of JWT tokens issued + for a given role + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update +- apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - update + - delete + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - delete + - get + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-applicationset-controller +subjects: +- kind: ServiceAccount + name: argocd-applicationset-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-dex-server +subjects: +- kind: ServiceAccount + name: argocd-dex-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-notifications-controller +subjects: +- kind: ServiceAccount + name: argocd-notifications-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-server +subjects: +- kind: ServiceAccount + name: argocd-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller + namespace: argocd +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-applicationset-controller +subjects: +- kind: ServiceAccount + name: argocd-applicationset-controller + namespace: argocd +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argocd-server +subjects: +- kind: ServiceAccount + name: argocd-server + namespace: argocd +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd + name: argocd-cm +--- +apiVersion: v1 +data: + hydrator.enabled: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd + name: argocd-cmd-params-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-gpg-keys-cm + app.kubernetes.io/part-of: argocd + name: argocd-gpg-keys-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-rbac-cm + app.kubernetes.io/part-of: argocd + name: argocd-rbac-cm +--- +apiVersion: v1 +data: + ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-ssh-known-hosts-cm + app.kubernetes.io/part-of: argocd + name: argocd-ssh-known-hosts-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-tls-certs-cm + app.kubernetes.io/part-of: argocd + name: argocd-tls-certs-cm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-secret +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd + name: argocd-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + ports: + - name: webhook + port: 7000 + protocol: TCP + targetPort: webhook + - name: metrics + port: 8080 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + ports: + - name: server + port: 8086 + protocol: TCP + targetPort: 8086 + - name: metrics + port: 8087 + protocol: TCP + targetPort: 8087 + selector: + app.kubernetes.io/name: argocd-commit-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +spec: + ports: + - appProtocol: TCP + name: http + port: 5556 + protocol: TCP + targetPort: 5556 + - name: grpc + port: 5557 + protocol: TCP + targetPort: 5557 + - name: metrics + port: 5558 + protocol: TCP + targetPort: 5558 + selector: + app.kubernetes.io/name: argocd-dex-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/name: argocd-metrics + app.kubernetes.io/part-of: argocd + name: argocd-metrics +spec: + ports: + - name: metrics + port: 8082 + protocol: TCP + targetPort: 8082 + selector: + app.kubernetes.io/name: argocd-application-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-metrics +spec: + ports: + - name: metrics + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/name: argocd-notifications-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +spec: + ports: + - name: tcp-redis + port: 6379 + targetPort: 6379 + selector: + app.kubernetes.io/name: argocd-redis +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + ports: + - name: server + port: 8081 + protocol: TCP + targetPort: 8081 + - name: metrics + port: 8084 + protocol: TCP + targetPort: 8084 + selector: + app.kubernetes.io/name: argocd-repo-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/name: argocd-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server-metrics + app.kubernetes.io/part-of: argocd + name: argocd-server-metrics +spec: + ports: + - name: metrics + port: 8083 + protocol: TCP + targetPort: 8083 + selector: + app.kubernetes.io/name: argocd-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-applicationset-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-applicationset-controller + env: + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.syncs + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.concurrent.reconciliations.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-applicationset-controller + ports: + - containerPort: 7000 + name: webhook + - containerPort: 8080 + name: metrics + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-applicationset-controller + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-commit-server + env: + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: commitserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: commitserver.log.level + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-commit-server + ports: + - containerPort: 8086 + - containerPort: 8087 + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + serviceAccountName: argocd-commit-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-commit-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-commit-server-tls + - emptyDir: {} + name: var-files +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-dex-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - command: + - /shared/argocd-dex + - rundex + env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: dexserver.disable.tls + name: argocd-cmd-params-cm + optional: true + image: ghcr.io/dexidp/dex:v2.41.1 + imagePullPolicy: Always + name: dex + ports: + - containerPort: 5556 + - containerPort: 5557 + - containerPort: 5558 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + - mountPath: /tls + name: argocd-dex-server-tls + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-dex-server + volumes: + - emptyDir: {} + name: static-files + - emptyDir: {} + name: dexconfig + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: argocd-notifications-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 9001 + name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis + template: + metadata: + labels: + app.kubernetes.io/name: argocd-redis + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - --save + - "" + - --appendonly + - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.15-alpine + imagePullPolicy: Always + name: redis + ports: + - containerPort: 6379 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-redis +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-repo-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-repo-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: reposerver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: reposerver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: reposerver.disable.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: reposerver.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.repo.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.max.combined.directory.manifests.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.tar.exclusions + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.disable.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GRPC_MAX_SIZE_MB + valueFrom: + configMapKeyRef: + key: reposerver.grpc.max.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8084 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-repo-server + ports: + - containerPort: 8081 + - containerPort: 8084 + readinessProbe: + httpGet: + path: /healthz + port: 8084 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /tmp + name: tmp + - mountPath: /helm-working-dir + name: helm-working-dir + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-repo-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - emptyDir: {} + name: helm-working-dir + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - emptyDir: {} + name: var-files + - emptyDir: {} + name: plugins +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - /usr/local/bin/argocd-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + key: server.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + key: server.basehref + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + key: server.rootpath + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: server.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + key: server.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + key: server.dex.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + key: server.disable.auth + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + key: server.enable.gzip + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: server.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + key: server.x.frame.options + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + key: server.content.security.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.dex.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.dex.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: server.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.connection.status.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.oidc.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.login.attempts.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + key: server.staticassets + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + key: server.http.cookie.maxnumber + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + key: server.enable.proxy.extension + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: server.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: server.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + key: server.api.content.types + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: server.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-server + ports: + - containerPort: 8080 + - containerPort: 8083 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /tmp + name: tmp + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-server + volumes: + - emptyDir: {} + name: plugins-home + - emptyDir: {} + name: tmp + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls + - configMap: + items: + - key: server.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + serviceName: argocd-application-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-application-controller + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - /usr/local/bin/argocd-application-controller + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_CONTROLLER_REPLICAS + value: "1" + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.hard.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.error.grace.period.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.status.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.operation.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: controller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: controller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.metrics.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: controller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: controller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + key: controller.resource.health.persist + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: controller.kubectl.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + key: controller.diff.server.side + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-application-controller + ports: + - containerPort: 8082 + readinessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + - mountPath: /tmp + name: argocd-application-controller-tmp + workingDir: /home/argocd + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-application-controller + volumes: + - emptyDir: {} + name: argocd-home + - emptyDir: {} + name: argocd-application-controller-tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - configMap: + items: + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-application-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8082 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-applicationset-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 7000 + protocol: TCP + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-commit-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 8086 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8087 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-dex-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + ports: + - port: 5556 + protocol: TCP + - port: 5557 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 5558 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-redis-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 6379 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-repo-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + ports: + - port: 8081 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8084 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-server-network-policy +spec: + ingress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + policyTypes: + - Ingress diff --git a/manifests/install.yaml b/manifests/install.yaml index cb0091139af2c..61dfdd5759622 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -309,6 +309,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -683,6 +687,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1172,6 +1180,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1392,6 +1404,64 @@ spec: required: - repoURL type: object + sourceHydrator: + description: SourceHydrator provides a way to push hydrated manifests + back to git before syncing them to the cluster. + properties: + drySource: + description: DrySource specifies where the dry "don't repeat yourself" + manifest source lives. + properties: + path: + description: Path is a directory path within the Git repository + where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository that + contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated manifests + from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: description: Sources is a reference to the location of the application's manifests or chart @@ -1537,6 +1607,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema validation + (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -1870,6 +1944,11 @@ spec: description: Health contains information about the application's current health status properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus was + set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -2067,6 +2146,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -2444,6 +2527,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -2971,6 +3058,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -3367,6 +3458,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON + schema validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -3880,6 +3975,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -4269,6 +4368,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -4535,6 +4638,11 @@ spec: description: HealthStatus contains information about the currently observed health state of an application or resource properties: + lastTransitionTime: + description: LastTransitionTime is the time the HealthStatus + was set or updated + format: date-time + type: string message: description: Message is a human-readable informational message describing the health status @@ -4567,6 +4675,177 @@ spec: type: string type: object type: array + sourceHydrator: + description: SourceHydrator stores information about the current state + of source hydration + properties: + currentOperation: + description: CurrentOperation holds the status of the hydrate + operation + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + finishedAt: + description: FinishedAt indicates when the hydrate operation + finished + format: date-time + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + message: + description: Message contains a message describing the current + status of the hydrate operation + type: string + phase: + description: Phase indicates the status of the hydrate operation + enum: + - Hydrating + - Failed + - Hydrated + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + startedAt: + description: StartedAt indicates when the hydrate operation + started + format: date-time + type: string + required: + - message + - phase + type: object + lastSuccessfulOperation: + description: LastSuccessfulOperation holds info about the most + recent successful hydration + properties: + drySHA: + description: DrySHA holds the resolved revision (sha) of the + dry source as of the most recent reconciliation + type: string + hydratedSHA: + description: HydratedSHA holds the resolved revision (sha) + of the hydrated source as of the most recent reconciliation + type: string + sourceHydrator: + description: SourceHydrator holds the hydrator config used + for the hydrate operation + properties: + drySource: + description: DrySource specifies where the dry "don't + repeat yourself" manifest source lives. + properties: + path: + description: Path is a directory path within the Git + repository where the manifests are located + type: string + repoURL: + description: RepoURL is the URL to the git repository + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to hydrate + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + description: |- + HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + have to move manifests to the SyncSource, e.g. by pull request. + properties: + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - targetBranch + type: object + syncSource: + description: SyncSource specifies where to sync hydrated + manifests from. + properties: + path: + description: |- + Path is a directory path within the git repository where hydrated manifests should be committed to and synced + from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + type: string + targetBranch: + description: TargetBranch is the branch to which hydrated + manifests should be committed + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object + type: object + type: object sourceType: description: SourceType specifies the type of this application type: string @@ -4804,6 +5083,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -5193,6 +5476,10 @@ spec: description: SkipCrds skips custom resource definition installation step (Helm's --skip-crds) type: boolean + skipSchemaValidation: + description: SkipSchemaValidation skips JSON schema + validation (Helm's --skip-schema-validation) + type: boolean skipTests: description: SkipTests skips test manifest installation step (Helm's --skip-tests). @@ -5689,6 +5976,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -5836,6 +6125,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -5923,6 +6248,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6321,6 +6648,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6468,6 +6797,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -6555,6 +6920,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -6952,6 +7319,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7099,6 +7468,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7186,6 +7591,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7563,6 +7970,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -7710,6 +8119,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -7797,6 +8242,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8199,6 +8646,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8346,6 +8795,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -8433,6 +8918,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8831,6 +9318,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -8978,6 +9467,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9065,6 +9590,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -9462,6 +9989,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -9609,6 +10138,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -9696,6 +10261,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10073,6 +10640,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10220,6 +10789,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10307,6 +10912,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10692,6 +11299,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -10839,6 +11448,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -10926,6 +11571,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -11530,6 +12177,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -11677,6 +12326,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -11764,6 +12449,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12363,6 +13050,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12510,6 +13199,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -12597,6 +13322,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -12991,6 +13718,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13138,6 +13867,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13225,6 +13990,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13629,6 +14396,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -13776,6 +14545,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -13863,6 +14668,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14261,6 +15068,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14408,6 +15217,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -14495,6 +15340,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -14892,6 +15739,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15039,6 +15888,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15126,6 +16011,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15503,6 +16390,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -15650,6 +16539,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -15737,6 +16662,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16122,6 +17049,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16269,6 +17198,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -16356,6 +17321,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -16960,6 +17927,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17107,6 +18076,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -17194,6 +18199,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17793,6 +18800,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -17940,6 +18949,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -18027,6 +19072,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -18425,6 +19472,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -18572,6 +19621,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -18659,6 +19744,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19043,6 +20130,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19190,6 +20279,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -19277,6 +20402,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -19881,6 +21008,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20028,6 +21157,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -20115,6 +21280,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20714,6 +21881,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -20861,6 +22030,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -20948,6 +22153,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21417,6 +22624,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21564,6 +22773,42 @@ spec: required: - repoURL type: object + sourceHydrator: + properties: + drySource: + properties: + path: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - path + - repoURL + - targetRevision + type: object + hydrateTo: + properties: + targetBranch: + type: string + required: + - targetBranch + type: object + syncSource: + properties: + path: + type: string + targetBranch: + type: string + required: + - path + - targetBranch + type: object + required: + - drySource + - syncSource + type: object sources: items: properties: @@ -21651,6 +22896,8 @@ spec: type: string skipCrds: type: boolean + skipSchemaValidation: + type: boolean skipTests: type: boolean valueFiles: @@ -21912,6 +23159,9 @@ spec: type: string health: properties: + lastTransitionTime: + format: date-time + type: string message: type: string status: @@ -22743,7 +23993,6 @@ rules: - delete - get - patch - - list - apiGroups: - "" resources: @@ -24340,6 +25589,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -24560,6 +25815,12 @@ spec: key: controller.self.heal.backoff.cap.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -24668,6 +25929,12 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true - name: KUBECACHEDIR value: /tmp/kubecache image: quay.io/argoproj/argocd:latest diff --git a/manifests/namespace-install-with-hydrator.yaml b/manifests/namespace-install-with-hydrator.yaml new file mode 100644 index 0000000000000..ac43cc4f2da97 --- /dev/null +++ b/manifests/namespace-install-with-hydrator.yaml @@ -0,0 +1,2582 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - applicationsets + - applicationsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - argoproj.io + resources: + - appprojects + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - applicationsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - argocd-notifications-cm + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resourceNames: + - argocd-notifications-secret + resources: + - secrets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-application-controller +subjects: +- kind: ServiceAccount + name: argocd-application-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-applicationset-controller +subjects: +- kind: ServiceAccount + name: argocd-applicationset-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-dex-server +subjects: +- kind: ServiceAccount + name: argocd-dex-server +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-notifications-controller +subjects: +- kind: ServiceAccount + name: argocd-notifications-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-server +subjects: +- kind: ServiceAccount + name: argocd-server +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd + name: argocd-cm +--- +apiVersion: v1 +data: + hydrator.enabled: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-cmd-params-cm + app.kubernetes.io/part-of: argocd + name: argocd-cmd-params-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-gpg-keys-cm + app.kubernetes.io/part-of: argocd + name: argocd-gpg-keys-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-rbac-cm + app.kubernetes.io/part-of: argocd + name: argocd-rbac-cm +--- +apiVersion: v1 +data: + ssh_known_hosts: | + # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT + [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= + bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-ssh-known-hosts-cm + app.kubernetes.io/part-of: argocd + name: argocd-ssh-known-hosts-cm +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: argocd-tls-certs-cm + app.kubernetes.io/part-of: argocd + name: argocd-tls-certs-cm +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-secret +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/name: argocd-secret + app.kubernetes.io/part-of: argocd + name: argocd-secret +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + ports: + - name: webhook + port: 7000 + protocol: TCP + targetPort: webhook + - name: metrics + port: 8080 + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: argocd-applicationset-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + ports: + - name: server + port: 8086 + protocol: TCP + targetPort: 8086 + - name: metrics + port: 8087 + protocol: TCP + targetPort: 8087 + selector: + app.kubernetes.io/name: argocd-commit-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +spec: + ports: + - appProtocol: TCP + name: http + port: 5556 + protocol: TCP + targetPort: 5556 + - name: grpc + port: 5557 + protocol: TCP + targetPort: 5557 + - name: metrics + port: 5558 + protocol: TCP + targetPort: 5558 + selector: + app.kubernetes.io/name: argocd-dex-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/name: argocd-metrics + app.kubernetes.io/part-of: argocd + name: argocd-metrics +spec: + ports: + - name: metrics + port: 8082 + protocol: TCP + targetPort: 8082 + selector: + app.kubernetes.io/name: argocd-application-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller-metrics + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-metrics +spec: + ports: + - name: metrics + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/name: argocd-notifications-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +spec: + ports: + - name: tcp-redis + port: 6379 + targetPort: 6379 + selector: + app.kubernetes.io/name: argocd-redis +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + ports: + - name: server + port: 8081 + protocol: TCP + targetPort: 8081 + - name: metrics + port: 8084 + protocol: TCP + targetPort: 8084 + selector: + app.kubernetes.io/name: argocd-repo-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + - name: https + port: 443 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/name: argocd-server +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server-metrics + app.kubernetes.io/part-of: argocd + name: argocd-server-metrics +spec: + ports: + - name: metrics + port: 8083 + protocol: TCP + targetPort: 8083 + selector: + app.kubernetes.io/name: argocd-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: applicationset-controller + app.kubernetes.io/name: argocd-applicationset-controller + app.kubernetes.io/part-of: argocd + name: argocd-applicationset-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-applicationset-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-applicationset-controller + env: + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.annotations + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.global.preserved.labels + name: argocd-cmd-params-cm + optional: true + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.policy.override + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.syncs + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.tokenref.strict.mode + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.concurrent.reconciliations.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.requeue.after + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-applicationset-controller + ports: + - containerPort: 7000 + name: webhook + - containerPort: 8080 + name: metrics + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-applicationset-controller + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: commit-server + app.kubernetes.io/name: argocd-commit-server + app.kubernetes.io/part-of: argocd + name: argocd-commit-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-commit-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-commit-server + env: + - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: commitserver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: commitserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_COMMIT_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: commitserver.log.level + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8087 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-commit-server + ports: + - containerPort: 8086 + - containerPort: 8087 + readinessProbe: + httpGet: + path: /healthz + port: 8087 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /tmp + name: tmp + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + serviceAccountName: argocd-commit-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - name: argocd-commit-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-commit-server-tls + - emptyDir: {} + name: var-files +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: dex-server + app.kubernetes.io/name: argocd-dex-server + app.kubernetes.io/part-of: argocd + name: argocd-dex-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-dex-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - command: + - /shared/argocd-dex + - rundex + env: + - name: ARGOCD_DEX_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: dexserver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: dexserver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEX_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: dexserver.disable.tls + name: argocd-cmd-params-cm + optional: true + image: ghcr.io/dexidp/dex:v2.41.1 + imagePullPolicy: Always + name: dex + ports: + - containerPort: 5556 + - containerPort: 5557 + - containerPort: 5558 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + - mountPath: /tls + name: argocd-dex-server-tls + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /shared/argocd-dex + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /shared + name: static-files + - mountPath: /tmp + name: dexconfig + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-dex-server + volumes: + - emptyDir: {} + name: static-files + - emptyDir: {} + name: dexconfig + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: argocd-notifications-controller + spec: + containers: + - args: + - /usr/local/bin/argocd-notifications + env: + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: notificationscontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED + valueFrom: + configMapKeyRef: + key: notificationscontroller.selfservice.enabled + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: notificationscontroller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + tcpSocket: + port: 9001 + name: argocd-notifications-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + workingDir: /app + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-notifications-controller + volumes: + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-redis + template: + metadata: + labels: + app.kubernetes.io/name: argocd-redis + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - --save + - "" + - --appendonly + - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: redis:7.0.15-alpine + imagePullPolicy: Always + name: redis + ports: + - containerPort: 6379 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 999 + seccompProfile: + type: RuntimeDefault + serviceAccountName: argocd-redis +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: repo-server + app.kubernetes.io/name: argocd-repo-server + app.kubernetes.io/part-of: argocd + name: argocd-repo-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-repo-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + automountServiceAccountToken: false + containers: + - args: + - /usr/local/bin/argocd-repo-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: reposerver.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: reposerver.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS + valueFrom: + configMapKeyRef: + key: reposerver.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_TLS + valueFrom: + configMapKeyRef: + key: reposerver.disable.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: reposerver.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: reposerver.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.repo.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: reposerver.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.max.combined.directory.manifests.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.tar.exclusions + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS + valueFrom: + configMapKeyRef: + key: reposerver.plugin.use.manifest.generate.paths + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS + valueFrom: + configMapKeyRef: + key: reposerver.allow.oob.symlinks + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.tar.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.streamed.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE + valueFrom: + configMapKeyRef: + key: reposerver.disable.helm.manifest.max.extracted.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.revision.cache.lock.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: reposerver.git.lsremote.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_REQUEST_TIMEOUT + valueFrom: + configMapKeyRef: + key: reposerver.git.request.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GRPC_MAX_SIZE_MB + valueFrom: + configMapKeyRef: + key: reposerver.grpc.max.size + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true + - name: HELM_CACHE_HOME + value: /helm-working-dir + - name: HELM_CONFIG_HOME + value: /helm-working-dir + - name: HELM_DATA_HOME + value: /helm-working-dir + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz?full=true + port: 8084 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-repo-server + ports: + - containerPort: 8081 + - containerPort: 8084 + readinessProbe: + httpGet: + path: /healthz + port: 8084 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/gpg/source + name: gpg-keys + - mountPath: /app/config/gpg/keys + name: gpg-keyring + - mountPath: /app/config/reposerver/tls + name: argocd-repo-server-tls + - mountPath: /tmp + name: tmp + - mountPath: /helm-working-dir + name: helm-working-dir + - mountPath: /home/argocd/cmp-server/plugins + name: plugins + initContainers: + - command: + - /bin/cp + - -n + - /usr/local/bin/argocd + - /var/run/argocd/argocd-cmp-server + image: quay.io/argoproj/argocd:latest + name: copyutil + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /var/run/argocd + name: var-files + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-repo-server + volumes: + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - configMap: + name: argocd-gpg-keys-cm + name: gpg-keys + - emptyDir: {} + name: gpg-keyring + - emptyDir: {} + name: tmp + - emptyDir: {} + name: helm-working-dir + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - emptyDir: {} + name: var-files + - emptyDir: {} + name: plugins +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/name: argocd-server + app.kubernetes.io/part-of: argocd + name: argocd-server +spec: + selector: + matchLabels: + app.kubernetes.io/name: argocd-server + template: + metadata: + labels: + app.kubernetes.io/name: argocd-server + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - /usr/local/bin/argocd-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + key: server.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + key: server.basehref + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + key: server.rootpath + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: server.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + key: server.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + key: server.dex.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + key: server.disable.auth + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + key: server.enable.gzip + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: server.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + key: server.x.frame.options + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + key: server.content.security.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: server.dex.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: server.dex.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.minversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + key: server.tls.maxversion + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + key: server.tls.ciphers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.connection.status.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.oidc.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.login.attempts.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + key: server.staticassets + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: server.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + key: server.http.cookie.maxnumber + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + key: server.metrics.listen.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + key: server.enable.proxy.extension + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: server.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: server.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + key: server.api.content.types + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: server.webhook.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.new.git.file.globbing + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.scm.root.ca.path + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.allowed.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.scm.providers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + name: argocd-server + ports: + - containerPort: 8080 + - containerPort: 8083 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/ssh + name: ssh-known-hosts + - mountPath: /app/config/tls + name: tls-certs + - mountPath: /app/config/server/tls + name: argocd-repo-server-tls + - mountPath: /app/config/dex/tls + name: argocd-dex-server-tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /tmp + name: tmp + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-server + volumes: + - emptyDir: {} + name: plugins-home + - emptyDir: {} + name: tmp + - configMap: + name: argocd-ssh-known-hosts-cm + name: ssh-known-hosts + - configMap: + name: argocd-tls-certs-cm + name: tls-certs + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - name: argocd-dex-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-dex-server-tls + - configMap: + items: + - key: server.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/component: application-controller + app.kubernetes.io/name: argocd-application-controller + app.kubernetes.io/part-of: argocd + name: argocd-application-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + serviceName: argocd-application-controller + template: + metadata: + labels: + app.kubernetes.io/name: argocd-application-controller + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + topologyKey: kubernetes.io/hostname + weight: 100 + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname + weight: 5 + containers: + - args: + - /usr/local/bin/argocd-application-controller + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_CONTROLLER_REPLICAS + value: "1" + - name: ARGOCD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT + valueFrom: + configMapKeyRef: + key: timeout.hard.reconciliation + name: argocd-cm + optional: true + - name: ARGOCD_RECONCILIATION_JITTER + valueFrom: + configMapKeyRef: + key: timeout.reconciliation.jitter + name: argocd-cm + optional: true + - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.error.grace.period.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.repo.server.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.status.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS + valueFrom: + configMapKeyRef: + key: controller.operation.processors + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: controller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: controller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.metrics.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.factor + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS + valueFrom: + configMapKeyRef: + key: controller.self.heal.backoff.cap.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + key: controller.repo.server.plaintext + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + key: controller.repo.server.strict.tls + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH + valueFrom: + configMapKeyRef: + key: controller.resource.health.persist + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.app.state.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + key: redis.server + name: argocd-cmd-params-cm + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + key: redis.compression + name: argocd-cmd-params-cm + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + key: redis.db + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + key: controller.default.cache.expiration + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + key: otlp.address + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + key: otlp.insecure + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + key: otlp.headers + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + key: application.namespaces + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM + valueFrom: + configMapKeyRef: + key: controller.sharding.algorithm + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT + valueFrom: + configMapKeyRef: + key: controller.kubectl.parallelism.limit + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.max + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + key: controller.k8sclient.retry.base.backoff + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF + valueFrom: + configMapKeyRef: + key: controller.diff.server.side + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true + - name: KUBECACHEDIR + value: /tmp/kubecache + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + name: argocd-application-controller + ports: + - containerPort: 8082 + readinessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /app/config/controller/tls + name: argocd-repo-server-tls + - mountPath: /home/argocd + name: argocd-home + - mountPath: /home/argocd/params + name: argocd-cmd-params-cm + - mountPath: /tmp + name: argocd-application-controller-tmp + workingDir: /home/argocd + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: argocd-application-controller + volumes: + - emptyDir: {} + name: argocd-home + - emptyDir: {} + name: argocd-application-controller-tmp + - name: argocd-repo-server-tls + secret: + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + optional: true + secretName: argocd-repo-server-tls + - configMap: + items: + - key: controller.profile.enabled + path: profiler.enabled + name: argocd-cmd-params-cm + optional: true + name: argocd-cmd-params-cm +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-application-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8082 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-applicationset-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 7000 + protocol: TCP + - port: 8080 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-commit-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 8086 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8087 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-commit-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-dex-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + ports: + - port: 5556 + protocol: TCP + - port: 5557 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 5558 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-dex-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/component: notifications-controller + app.kubernetes.io/name: argocd-notifications-controller + app.kubernetes.io/part-of: argocd + name: argocd-notifications-controller-network-policy +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-redis-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + ports: + - port: 6379 + protocol: TCP + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-redis + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-repo-server-network-policy +spec: + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-application-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-notifications-controller + - podSelector: + matchLabels: + app.kubernetes.io/name: argocd-applicationset-controller + ports: + - port: 8081 + protocol: TCP + - from: + - namespaceSelector: {} + ports: + - port: 8084 + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-repo-server + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: argocd-server-network-policy +spec: + ingress: + - {} + podSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + policyTypes: + - Ingress diff --git a/manifests/namespace-install-with-hydrator/kustomization.yaml b/manifests/namespace-install-with-hydrator/kustomization.yaml new file mode 100644 index 0000000000000..dd1e18e1d0bab --- /dev/null +++ b/manifests/namespace-install-with-hydrator/kustomization.yaml @@ -0,0 +1,12 @@ +resources: + - ../namespace-install + - ../base/commit-server + +patches: + - target: + kind: ConfigMap + name: argocd-cmd-params-cm + patch: |- + - op: add + path: /data + value: {"hydrator.enabled": "true"} diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 73fe685010ae4..3c6e616fe0fdb 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -1819,6 +1819,12 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always livenessProbe: @@ -2039,6 +2045,12 @@ spec: key: controller.self.heal.backoff.cap.seconds name: argocd-cmd-params-cm optional: true + - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.sync.timeout.seconds + name: argocd-cmd-params-cm + optional: true - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT valueFrom: configMapKeyRef: @@ -2147,6 +2159,12 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true + - name: ARGOCD_HYDRATOR_ENABLED + valueFrom: + configMapKeyRef: + key: hydrator.enabled + name: argocd-cmd-params-cm + optional: true - name: KUBECACHEDIR value: /tmp/kubecache image: quay.io/argoproj/argocd:latest diff --git a/pkg/apiclient/applicationset/applicationset.pb.go b/pkg/apiclient/applicationset/applicationset.pb.go index 874ed5663b7c9..1c261252244f9 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.go +++ b/pkg/apiclient/applicationset/applicationset.pb.go @@ -499,49 +499,49 @@ func init() { } var fileDescriptor_eacb9df0ce5738fa = []byte{ - // 660 bytes of a gzipped FileDescriptorProto + // 665 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x96, 0x4f, 0x6b, 0xd4, 0x4e, - 0x18, 0xc7, 0x99, 0xb6, 0x6c, 0xb7, 0xd3, 0xf2, 0xfb, 0xc1, 0x80, 0xed, 0x1a, 0xeb, 0x5a, 0x72, - 0xa8, 0xb5, 0xda, 0x09, 0x5d, 0x3d, 0xe9, 0xc9, 0x3f, 0x50, 0x0a, 0x45, 0x34, 0x2b, 0x0a, 0x7a, - 0x90, 0x69, 0xf6, 0x21, 0x8d, 0xcd, 0x26, 0xe3, 0xcc, 0x24, 0x50, 0x8a, 0x17, 0xc1, 0xa3, 0x78, - 0x10, 0xdf, 0x80, 0x5e, 0x7c, 0x01, 0xde, 0x3d, 0x78, 0xf1, 0x28, 0xf8, 0x06, 0xa4, 0xf8, 0x0e, - 0x7c, 0x03, 0x92, 0x49, 0xf6, 0x4f, 0x86, 0xfd, 0x53, 0x30, 0x7a, 0x9b, 0x67, 0x66, 0xf2, 0xcc, - 0x67, 0xbe, 0xcf, 0x93, 0x2f, 0x83, 0x37, 0x25, 0x88, 0x14, 0x84, 0xc3, 0x38, 0x0f, 0x03, 0x8f, - 0xa9, 0x20, 0x8e, 0x24, 0x28, 0x23, 0xa4, 0x5c, 0xc4, 0x2a, 0x26, 0xff, 0x95, 0x67, 0xad, 0x55, - 0x3f, 0x8e, 0xfd, 0x10, 0x1c, 0xc6, 0x03, 0x87, 0x45, 0x51, 0xac, 0xf2, 0x95, 0x7c, 0xb7, 0xb5, - 0xe7, 0x07, 0xea, 0x20, 0xd9, 0xa7, 0x5e, 0xdc, 0x75, 0x98, 0xf0, 0x63, 0x2e, 0xe2, 0x67, 0x7a, - 0xb0, 0xe5, 0x75, 0x9c, 0xb4, 0xe5, 0xf0, 0x43, 0x3f, 0xfb, 0x52, 0x0e, 0x9f, 0xe5, 0xa4, 0xdb, - 0x2c, 0xe4, 0x07, 0x6c, 0xdb, 0xf1, 0x21, 0x02, 0xc1, 0x14, 0x74, 0xf2, 0x6c, 0xf6, 0x43, 0xbc, - 0x7c, 0x73, 0xb0, 0xaf, 0x0d, 0x6a, 0x07, 0xd4, 0xfd, 0x04, 0xc4, 0x11, 0x21, 0x78, 0x2e, 0x62, - 0x5d, 0x68, 0xa0, 0x35, 0xb4, 0xb1, 0xe0, 0xea, 0x31, 0xd9, 0xc0, 0xff, 0x33, 0xce, 0x25, 0xa8, - 0xbb, 0xac, 0x0b, 0x92, 0x33, 0x0f, 0x1a, 0x33, 0x7a, 0xd9, 0x9c, 0xb6, 0x8f, 0xf1, 0x4a, 0x39, - 0xef, 0x5e, 0x20, 0x8b, 0xc4, 0x16, 0xae, 0x67, 0xcc, 0xe0, 0x29, 0xd9, 0x40, 0x6b, 0xb3, 0x1b, - 0x0b, 0x6e, 0x3f, 0xce, 0xd6, 0x24, 0x84, 0xe0, 0xa9, 0x58, 0x14, 0x99, 0xfb, 0xf1, 0xa8, 0xc3, - 0x67, 0x47, 0x1f, 0xfe, 0x11, 0x99, 0xb7, 0x72, 0x41, 0xf2, 0x4c, 0x5c, 0xd2, 0xc0, 0xf3, 0xc5, - 0x61, 0xc5, 0xc5, 0x7a, 0x21, 0x51, 0xd8, 0xa8, 0x83, 0x06, 0x58, 0x6c, 0xed, 0xd1, 0x81, 0xe0, - 0xb4, 0x27, 0xb8, 0x1e, 0x3c, 0xf5, 0x3a, 0x34, 0x6d, 0x51, 0x7e, 0xe8, 0xd3, 0x4c, 0x70, 0x3a, - 0xf4, 0x39, 0xed, 0x09, 0x4e, 0x0d, 0x0e, 0xe3, 0x0c, 0xfb, 0x0b, 0xc2, 0xe7, 0xca, 0x5b, 0x6e, - 0x0b, 0x60, 0x0a, 0x5c, 0x78, 0x9e, 0x80, 0x1c, 0x45, 0x85, 0xfe, 0x3e, 0x15, 0x59, 0xc6, 0xb5, - 0x84, 0x4b, 0x10, 0xb9, 0x06, 0x75, 0xb7, 0x88, 0xb2, 0xf9, 0x8e, 0x38, 0x72, 0x93, 0x48, 0x2b, - 0x5f, 0x77, 0x8b, 0xc8, 0x7e, 0x62, 0x5e, 0xe2, 0x0e, 0x84, 0x30, 0xb8, 0xc4, 0x9f, 0xb5, 0xd2, - 0x23, 0xb3, 0x95, 0x1e, 0x08, 0x80, 0x2a, 0x7a, 0xf4, 0x1d, 0xc2, 0xe7, 0xcd, 0xe6, 0xcf, 0xff, - 0x8e, 0xd1, 0xea, 0xb7, 0xff, 0x81, 0xfa, 0x6d, 0x50, 0xf6, 0x1b, 0x84, 0x9b, 0xe3, 0xb8, 0x8a, - 0x36, 0xee, 0xe2, 0xa5, 0xe1, 0x92, 0xe9, 0xff, 0x68, 0xb1, 0xb5, 0x5b, 0x19, 0x96, 0x5b, 0x4a, - 0xdf, 0xfa, 0x35, 0x8f, 0xcf, 0x94, 0x89, 0xda, 0x20, 0xd2, 0xc0, 0x03, 0xf2, 0x01, 0xe1, 0xd9, - 0x1d, 0x50, 0x64, 0x9d, 0x1a, 0xd6, 0x36, 0xda, 0x55, 0xac, 0x4a, 0x95, 0xb3, 0xd7, 0x5f, 0x7e, - 0xff, 0xf9, 0x76, 0x66, 0x8d, 0x34, 0xb5, 0x57, 0xa6, 0xdb, 0x86, 0xbf, 0x4a, 0xe7, 0x38, 0x6b, - 0x89, 0x17, 0xe4, 0x35, 0xc2, 0xf5, 0x9e, 0x86, 0x64, 0x6b, 0x1a, 0x6a, 0xa9, 0x07, 0x2c, 0x7a, - 0xda, 0xed, 0x79, 0x69, 0x6c, 0x5b, 0x33, 0xad, 0xda, 0x2b, 0x63, 0x98, 0xae, 0xa3, 0x4d, 0xf2, - 0x1e, 0xe1, 0xb9, 0xcc, 0x10, 0xc9, 0xc5, 0xc9, 0xc9, 0xfb, 0xa6, 0x69, 0xdd, 0xab, 0x52, 0xb7, - 0x2c, 0xad, 0x7d, 0x41, 0x73, 0x9e, 0x25, 0xe3, 0x38, 0xc9, 0x27, 0x84, 0x6b, 0xb9, 0x19, 0x91, - 0xcb, 0x93, 0x31, 0x4b, 0x96, 0x55, 0x71, 0x89, 0x1d, 0x8d, 0x79, 0x69, 0xbc, 0x9c, 0xa6, 0x77, - 0xbd, 0x42, 0xb8, 0x96, 0xdb, 0xcf, 0x34, 0xec, 0x92, 0x49, 0x59, 0x53, 0x3a, 0xb8, 0x5f, 0xdf, - 0xa2, 0xe7, 0x36, 0xa7, 0xf5, 0xdc, 0x67, 0x84, 0x97, 0x5c, 0x90, 0x71, 0x22, 0x3c, 0xc8, 0x1c, - 0x6b, 0x5a, 0xad, 0xfb, 0xae, 0x56, 0x6d, 0xad, 0xb3, 0xb4, 0xf6, 0x35, 0xcd, 0x4c, 0xc9, 0x95, - 0xc9, 0xcc, 0x8e, 0x28, 0x78, 0xb7, 0x94, 0x00, 0xb8, 0xb5, 0xfb, 0xf5, 0xa4, 0x89, 0xbe, 0x9d, - 0x34, 0xd1, 0x8f, 0x93, 0x26, 0x7a, 0x7c, 0xe3, 0x74, 0xef, 0x0e, 0x2f, 0x0c, 0x20, 0x32, 0x1f, - 0x3a, 0xfb, 0x35, 0xfd, 0xda, 0xb8, 0xfa, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x30, 0x08, 0x85, 0x97, - 0x17, 0x09, 0x00, 0x00, + 0x18, 0xc7, 0x99, 0xb6, 0x6c, 0xb7, 0xd3, 0xf2, 0xfb, 0xc1, 0x80, 0xed, 0x1a, 0x75, 0x5d, 0x02, + 0xd6, 0xda, 0xda, 0x09, 0x5d, 0x3d, 0xd5, 0x93, 0x7f, 0xa0, 0x14, 0x8a, 0x68, 0x56, 0x14, 0xf4, + 0x20, 0xd3, 0xec, 0x43, 0x1a, 0x9b, 0x4d, 0xc6, 0x99, 0x49, 0xa0, 0x14, 0x2f, 0x82, 0x67, 0x0f, + 0xa2, 0x2f, 0x40, 0x2f, 0xbe, 0x00, 0xef, 0x1e, 0xbc, 0x78, 0x14, 0x7c, 0x03, 0x52, 0x7c, 0x19, + 0x1e, 0x24, 0x93, 0xec, 0xb6, 0x19, 0xf6, 0x4f, 0xc1, 0xe8, 0x2d, 0x4f, 0x66, 0xf2, 0x3c, 0x9f, + 0xf9, 0x3e, 0x4f, 0xbe, 0x0c, 0x5e, 0x95, 0x20, 0x52, 0x10, 0x0e, 0xe3, 0x3c, 0x0c, 0x3c, 0xa6, + 0x82, 0x38, 0x92, 0xa0, 0x8c, 0x90, 0x72, 0x11, 0xab, 0x98, 0xfc, 0x57, 0x7e, 0x6b, 0x9d, 0xf7, + 0xe3, 0xd8, 0x0f, 0xc1, 0x61, 0x3c, 0x70, 0x58, 0x14, 0xc5, 0x2a, 0x5f, 0xc9, 0x77, 0x5b, 0x3b, + 0x7e, 0xa0, 0xf6, 0x92, 0x5d, 0xea, 0xc5, 0x3d, 0x87, 0x09, 0x3f, 0xe6, 0x22, 0x7e, 0xa6, 0x1f, + 0xd6, 0xbd, 0xae, 0x93, 0xb6, 0x1d, 0xbe, 0xef, 0x67, 0x5f, 0xca, 0x93, 0xb5, 0x9c, 0x74, 0x83, + 0x85, 0x7c, 0x8f, 0x6d, 0x38, 0x3e, 0x44, 0x20, 0x98, 0x82, 0x6e, 0x9e, 0xcd, 0x7e, 0x88, 0x17, + 0x6f, 0x1e, 0xef, 0xeb, 0x80, 0xda, 0x02, 0x75, 0x3f, 0x01, 0x71, 0x40, 0x08, 0x9e, 0x89, 0x58, + 0x0f, 0x1a, 0xa8, 0x85, 0x56, 0xe6, 0x5c, 0xfd, 0x4c, 0x56, 0xf0, 0xff, 0x8c, 0x73, 0x09, 0xea, + 0x2e, 0xeb, 0x81, 0xe4, 0xcc, 0x83, 0xc6, 0x94, 0x5e, 0x36, 0x5f, 0xdb, 0x87, 0x78, 0xa9, 0x9c, + 0x77, 0x27, 0x90, 0x45, 0x62, 0x0b, 0xd7, 0x33, 0x66, 0xf0, 0x94, 0x6c, 0xa0, 0xd6, 0xf4, 0xca, + 0x9c, 0x3b, 0x88, 0xb3, 0x35, 0x09, 0x21, 0x78, 0x2a, 0x16, 0x45, 0xe6, 0x41, 0x3c, 0xac, 0xf8, + 0xf4, 0xf0, 0xe2, 0x1f, 0x91, 0x79, 0x2a, 0x17, 0x24, 0xcf, 0xc4, 0x25, 0x0d, 0x3c, 0x5b, 0x14, + 0x2b, 0x0e, 0xd6, 0x0f, 0x89, 0xc2, 0x46, 0x1f, 0x34, 0xc0, 0x7c, 0x7b, 0x87, 0x1e, 0x0b, 0x4e, + 0xfb, 0x82, 0xeb, 0x87, 0xa7, 0x5e, 0x97, 0xa6, 0x6d, 0xca, 0xf7, 0x7d, 0x9a, 0x09, 0x4e, 0x4f, + 0x7c, 0x4e, 0xfb, 0x82, 0x53, 0x83, 0xc3, 0xa8, 0x61, 0x7f, 0x41, 0xf8, 0x5c, 0x79, 0xcb, 0x6d, + 0x01, 0x4c, 0x81, 0x0b, 0xcf, 0x13, 0x90, 0xc3, 0xa8, 0xd0, 0xdf, 0xa7, 0x22, 0x8b, 0xb8, 0x96, + 0x70, 0x09, 0x22, 0xd7, 0xa0, 0xee, 0x16, 0x51, 0xf6, 0xbe, 0x2b, 0x0e, 0xdc, 0x24, 0xd2, 0xca, + 0xd7, 0xdd, 0x22, 0xb2, 0x9f, 0x98, 0x87, 0xb8, 0x03, 0x21, 0x1c, 0x1f, 0xe2, 0xcf, 0x46, 0xe9, + 0x91, 0x39, 0x4a, 0x0f, 0x04, 0x40, 0x15, 0x33, 0xfa, 0x16, 0xe1, 0x0b, 0xe6, 0xf0, 0xe7, 0x7f, + 0xc7, 0x70, 0xf5, 0x3b, 0xff, 0x40, 0xfd, 0x0e, 0x28, 0xfb, 0x35, 0xc2, 0xcd, 0x51, 0x5c, 0xc5, + 0x18, 0xf7, 0xf0, 0xc2, 0xc9, 0x96, 0xe9, 0xff, 0x68, 0xbe, 0xbd, 0x5d, 0x19, 0x96, 0x5b, 0x4a, + 0xdf, 0xfe, 0x35, 0x8b, 0xcf, 0x94, 0x89, 0x3a, 0x20, 0xd2, 0xc0, 0x03, 0xf2, 0x01, 0xe1, 0xe9, + 0x2d, 0x50, 0x64, 0x99, 0x1a, 0xd6, 0x36, 0xdc, 0x55, 0xac, 0x4a, 0x95, 0xb3, 0x97, 0x5f, 0x7e, + 0xff, 0xf9, 0x66, 0xaa, 0x45, 0x9a, 0xda, 0x2b, 0xd3, 0x0d, 0xc3, 0x5f, 0xa5, 0x73, 0x98, 0x8d, + 0xc4, 0x0b, 0xf2, 0x0e, 0xe1, 0x7a, 0x5f, 0x43, 0xb2, 0x3e, 0x09, 0xb5, 0x34, 0x03, 0x16, 0x3d, + 0xed, 0xf6, 0xbc, 0x35, 0xf6, 0x9a, 0x66, 0xba, 0x64, 0xb7, 0x46, 0x31, 0xf5, 0x2d, 0x78, 0x13, + 0xad, 0x92, 0xf7, 0x08, 0xcf, 0x64, 0xce, 0x48, 0x2e, 0x8f, 0xaf, 0x32, 0x70, 0x4f, 0xeb, 0x5e, + 0x95, 0x02, 0x66, 0x69, 0xed, 0x8b, 0x1a, 0xf8, 0x2c, 0x59, 0x1a, 0x01, 0x4c, 0x3e, 0x21, 0x5c, + 0xcb, 0x5d, 0x89, 0xac, 0x8d, 0xc7, 0x2c, 0x79, 0x57, 0xc5, 0xbd, 0x76, 0x34, 0xe6, 0x15, 0x7b, + 0x14, 0xe6, 0xa6, 0x69, 0x62, 0xaf, 0x10, 0xae, 0xe5, 0x3e, 0x34, 0x09, 0xbb, 0xe4, 0x56, 0xd6, + 0x84, 0x51, 0x1e, 0x34, 0xba, 0x18, 0xbe, 0xd5, 0x49, 0xc3, 0xf7, 0x19, 0xe1, 0x05, 0x17, 0x64, + 0x9c, 0x08, 0x0f, 0x32, 0xeb, 0x9a, 0xd4, 0xeb, 0x81, 0xbd, 0x55, 0xdb, 0xeb, 0x2c, 0xad, 0x7d, + 0x5d, 0x33, 0x53, 0x72, 0x75, 0x3c, 0xb3, 0x23, 0x0a, 0xde, 0x75, 0x25, 0x00, 0x6e, 0x6d, 0x7f, + 0x3d, 0x6a, 0xa2, 0x6f, 0x47, 0x4d, 0xf4, 0xe3, 0xa8, 0x89, 0x1e, 0xdf, 0x38, 0xdd, 0x05, 0xc4, + 0x0b, 0x03, 0x88, 0xcc, 0x1b, 0xcf, 0x6e, 0x4d, 0x5f, 0x3b, 0xae, 0xfd, 0x0e, 0x00, 0x00, 0xff, + 0xff, 0x05, 0x4d, 0x64, 0x24, 0x20, 0x09, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/pkg/apiclient/applicationset/applicationset.pb.gw.go b/pkg/apiclient/applicationset/applicationset.pb.gw.go index 349c5729bea94..5a85818bfb3eb 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.gw.go +++ b/pkg/apiclient/applicationset/applicationset.pb.gw.go @@ -682,7 +682,7 @@ func RegisterApplicationSetServiceHandlerClient(ctx context.Context, mux *runtim var ( pattern_ApplicationSetService_Get_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "applicationsets", "name"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_ApplicationSetService_Generate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "applicationsets"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_ApplicationSetService_Generate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "applicationsets", "generate"}, "", runtime.AssumeColonVerbOpt(true))) pattern_ApplicationSetService_List_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "applicationsets"}, "", runtime.AssumeColonVerbOpt(true))) diff --git a/pkg/apiclient/repocreds/repocreds.pb.go b/pkg/apiclient/repocreds/repocreds.pb.go index 132f2d23c9e68..6a856e869f126 100644 --- a/pkg/apiclient/repocreds/repocreds.pb.go +++ b/pkg/apiclient/repocreds/repocreds.pb.go @@ -285,38 +285,43 @@ func init() { func init() { proto.RegisterFile("server/repocreds/repocreds.proto", fileDescriptor_b0b5fce4710a8821) } var fileDescriptor_b0b5fce4710a8821 = []byte{ - // 481 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x94, 0xc1, 0x6a, 0x14, 0x31, - 0x18, 0xc7, 0x49, 0xa5, 0xc5, 0x46, 0x90, 0x76, 0x0a, 0xb5, 0x3b, 0x5b, 0xd7, 0x35, 0x07, 0x29, - 0x45, 0x13, 0x76, 0x05, 0x0f, 0x1e, 0x6d, 0xc1, 0x83, 0xbd, 0x38, 0xe2, 0x45, 0x10, 0x49, 0x67, - 0x3e, 0xa6, 0xb1, 0x71, 0x12, 0x93, 0xcc, 0x48, 0x11, 0x11, 0x7c, 0x01, 0x0f, 0x5e, 0xc5, 0x17, - 0xf0, 0x01, 0x7c, 0x05, 0x8f, 0x82, 0x2f, 0x20, 0x8b, 0x0f, 0x22, 0xc9, 0xee, 0xcc, 0xec, 0xd2, - 0x39, 0xec, 0x61, 0xf1, 0xf6, 0x4d, 0xf2, 0xe5, 0x9f, 0xdf, 0x7f, 0xbe, 0xef, 0x0b, 0x1e, 0x5a, - 0x30, 0x15, 0x18, 0x66, 0x40, 0xab, 0xd4, 0x40, 0x66, 0xdb, 0x88, 0x6a, 0xa3, 0x9c, 0x8a, 0x36, - 0x9b, 0x85, 0x78, 0x3f, 0x57, 0x2a, 0x97, 0xc0, 0xb8, 0x16, 0x8c, 0x17, 0x85, 0x72, 0xdc, 0x09, - 0x55, 0xcc, 0x12, 0xe3, 0x93, 0x5c, 0xb8, 0xb3, 0xf2, 0x94, 0xa6, 0xea, 0x0d, 0xe3, 0x26, 0x57, - 0xda, 0xa8, 0xd7, 0x21, 0xb8, 0x97, 0x66, 0xac, 0x1a, 0x33, 0x7d, 0x9e, 0xfb, 0x93, 0x96, 0x71, - 0xad, 0xa5, 0x48, 0xc3, 0x59, 0x56, 0x8d, 0xb8, 0xd4, 0x67, 0x7c, 0xc4, 0x72, 0x28, 0xc0, 0x70, - 0x07, 0xd9, 0x54, 0x8d, 0x10, 0x7c, 0x3d, 0x01, 0xad, 0x8e, 0xfc, 0xc5, 0x4f, 0x4b, 0x30, 0x17, - 0xd1, 0x16, 0xbe, 0x52, 0x1a, 0xb9, 0x87, 0x86, 0xe8, 0x60, 0x33, 0xf1, 0x21, 0x39, 0xc4, 0xbb, - 0x4d, 0xce, 0x31, 0x48, 0x70, 0x90, 0xc0, 0xdb, 0x12, 0xac, 0xeb, 0xc8, 0xdd, 0xc1, 0xdb, 0x4d, - 0x6e, 0x02, 0x56, 0xab, 0xc2, 0x02, 0xf9, 0x8c, 0xe6, 0x14, 0x8e, 0x0c, 0xf0, 0x56, 0xe1, 0x25, - 0x5e, 0x0f, 0xa6, 0x83, 0xc6, 0xb5, 0xf1, 0x63, 0xda, 0xba, 0xa3, 0xb5, 0xbb, 0x10, 0xbc, 0x4a, - 0x33, 0x5a, 0x8d, 0xa9, 0x3e, 0xcf, 0xa9, 0x77, 0x47, 0xe7, 0xdc, 0xd1, 0xda, 0x1d, 0x6d, 0xaf, - 0x9e, 0xaa, 0x46, 0xbb, 0x78, 0xa3, 0xd4, 0x16, 0x8c, 0xdb, 0x5b, 0x1b, 0xa2, 0x83, 0xab, 0xc9, - 0xec, 0x8b, 0xbc, 0x9b, 0x03, 0x7a, 0xae, 0xb3, 0xff, 0x06, 0x34, 0xfe, 0xba, 0x8e, 0xb7, 0x9a, - 0xc5, 0x67, 0x60, 0x2a, 0x91, 0x42, 0xf4, 0x0d, 0xe1, 0xde, 0x89, 0xb0, 0xce, 0x6f, 0x58, 0xe1, - 0x94, 0xb9, 0xf0, 0xdb, 0x50, 0x38, 0xc1, 0xa5, 0x8d, 0x7a, 0xb4, 0xed, 0x95, 0xc5, 0x5a, 0xc5, - 0x4f, 0x56, 0x44, 0xe7, 0x2f, 0x27, 0xbd, 0x4f, 0xbf, 0xff, 0x7e, 0x59, 0xdb, 0x89, 0xb6, 0x43, - 0xe3, 0x55, 0xa3, 0xb6, 0x45, 0xa3, 0xef, 0x08, 0xf7, 0xeb, 0xba, 0x75, 0x21, 0xde, 0xee, 0x42, - 0x5c, 0x28, 0x74, 0xbc, 0xaa, 0x1f, 0x49, 0x86, 0x01, 0x33, 0x26, 0x97, 0x31, 0x1f, 0xce, 0x8a, - 0xfe, 0x03, 0xe1, 0x7e, 0x5d, 0xd4, 0xa5, 0x69, 0x17, 0xba, 0x60, 0x75, 0xb4, 0x77, 0x03, 0xed, - 0x9d, 0xf8, 0xe6, 0x25, 0x5a, 0xf6, 0x7e, 0x4a, 0x50, 0x1a, 0xf9, 0xa1, 0x26, 0xff, 0x88, 0xfb, - 0xf5, 0x80, 0x2d, 0x0d, 0xbe, 0x30, 0x91, 0xf1, 0x7e, 0x57, 0x4a, 0x33, 0x88, 0xb7, 0x02, 0x4d, - 0xef, 0xf0, 0x46, 0x07, 0x8d, 0xe7, 0x78, 0x74, 0xfc, 0x73, 0x32, 0x40, 0xbf, 0x26, 0x03, 0xf4, - 0x67, 0x32, 0x40, 0x2f, 0x1e, 0x2c, 0xf7, 0xd4, 0xa4, 0x52, 0x40, 0xe1, 0x5a, 0xad, 0xd3, 0x8d, - 0xf0, 0xb6, 0xdc, 0xff, 0x17, 0x00, 0x00, 0xff, 0xff, 0x10, 0xaa, 0x0b, 0x07, 0xf6, 0x04, 0x00, - 0x00, + // 570 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x95, 0x41, 0x6b, 0xd4, 0x40, + 0x14, 0xc7, 0x99, 0x8a, 0xc5, 0x8e, 0x20, 0x6d, 0x0a, 0x6d, 0x37, 0xdb, 0x6e, 0x63, 0xc4, 0x52, + 0x96, 0x76, 0xc2, 0xae, 0xe0, 0xc1, 0xa3, 0x2d, 0x78, 0xb0, 0x17, 0x57, 0x44, 0x10, 0x44, 0xa6, + 0xd9, 0x47, 0x3a, 0x36, 0x66, 0xc6, 0x99, 0x49, 0x4a, 0x11, 0x11, 0x3c, 0x7a, 0xf1, 0xe0, 0xdd, + 0xbb, 0x78, 0xd7, 0xbb, 0x27, 0x8f, 0x42, 0xbf, 0x80, 0x2c, 0x7e, 0x10, 0x99, 0xc9, 0x66, 0xb3, + 0x4b, 0xb3, 0xb2, 0x0b, 0x6b, 0x7b, 0x7b, 0x49, 0x5e, 0xde, 0xfb, 0xfd, 0xff, 0xf3, 0x66, 0x06, + 0x7b, 0x0a, 0x64, 0x06, 0x32, 0x90, 0x20, 0x78, 0x28, 0xa1, 0xab, 0xca, 0x88, 0x08, 0xc9, 0x35, + 0x77, 0x16, 0x06, 0x2f, 0xdc, 0xf5, 0x88, 0xf3, 0x28, 0x86, 0x80, 0x0a, 0x16, 0xd0, 0x24, 0xe1, + 0x9a, 0x6a, 0xc6, 0x93, 0x7e, 0xa2, 0x7b, 0x10, 0x31, 0x7d, 0x94, 0x1e, 0x92, 0x90, 0xbf, 0x0a, + 0xa8, 0x8c, 0xb8, 0x90, 0xfc, 0xa5, 0x0d, 0x76, 0xc3, 0x6e, 0x90, 0xb5, 0x03, 0x71, 0x1c, 0x99, + 0x3f, 0x55, 0x40, 0x85, 0x88, 0x59, 0x68, 0xff, 0x0d, 0xb2, 0x16, 0x8d, 0xc5, 0x11, 0x6d, 0x05, + 0x11, 0x24, 0x20, 0xa9, 0x86, 0x6e, 0x5e, 0xcd, 0xf7, 0xf1, 0x8d, 0x0e, 0x08, 0xbe, 0x67, 0x1a, + 0x3f, 0x4a, 0x41, 0x9e, 0x3a, 0x8b, 0xf8, 0x4a, 0x2a, 0xe3, 0x35, 0xe4, 0xa1, 0xed, 0x85, 0x8e, + 0x09, 0xfd, 0x26, 0x5e, 0x19, 0xe4, 0xec, 0x43, 0x0c, 0x1a, 0x3a, 0xf0, 0x3a, 0x05, 0xa5, 0x2b, + 0x72, 0x97, 0xf1, 0xd2, 0x20, 0xb7, 0x03, 0x4a, 0xf0, 0x44, 0x81, 0xff, 0x11, 0x0d, 0x55, 0xd8, + 0x93, 0x40, 0xcb, 0x0a, 0xcf, 0xf1, 0x55, 0x2b, 0xda, 0xd6, 0xb8, 0xde, 0x7e, 0x40, 0x4a, 0x75, + 0xa4, 0x50, 0x67, 0x83, 0x17, 0x61, 0x97, 0x64, 0x6d, 0x22, 0x8e, 0x23, 0x62, 0xd4, 0x91, 0x21, + 0x75, 0xa4, 0x50, 0x47, 0xca, 0xd6, 0x79, 0x55, 0x67, 0x05, 0xcf, 0xa7, 0x42, 0x81, 0xd4, 0x6b, + 0x73, 0x1e, 0xda, 0xbe, 0xd6, 0xe9, 0x3f, 0xf9, 0x27, 0x43, 0x40, 0x4f, 0x44, 0xf7, 0xc2, 0x80, + 0xda, 0x67, 0x18, 0x2f, 0x0e, 0x5e, 0x3e, 0x06, 0x99, 0xb1, 0x10, 0x9c, 0xcf, 0x08, 0xd7, 0x0e, + 0x98, 0xd2, 0xe6, 0x83, 0x62, 0x9a, 0xcb, 0x53, 0xf3, 0x19, 0x12, 0xcd, 0x68, 0xac, 0x9c, 0x1a, + 0x29, 0x67, 0x65, 0x74, 0xad, 0xdc, 0x87, 0x33, 0xa2, 0x33, 0xcd, 0xfd, 0xda, 0xfb, 0xb3, 0x3f, + 0x9f, 0xe6, 0x96, 0x9d, 0x25, 0x3b, 0x78, 0x59, 0xab, 0x1c, 0x51, 0xe7, 0x0b, 0xc2, 0x0d, 0x93, + 0xf3, 0x54, 0x32, 0xe3, 0xd4, 0x65, 0x52, 0x6e, 0x5a, 0xca, 0x9a, 0xb3, 0x5a, 0x50, 0x9e, 0x18, + 0xa6, 0xdd, 0x92, 0xf5, 0x2b, 0xc2, 0xf5, 0x62, 0xc6, 0xaa, 0x40, 0x6f, 0x56, 0x81, 0x8e, 0x0c, + 0xa5, 0x3b, 0xab, 0x45, 0xf7, 0x3d, 0x0b, 0xeb, 0xfa, 0xe7, 0x2d, 0xbd, 0xd7, 0x1f, 0xd0, 0x6f, + 0x08, 0x7b, 0x79, 0xf3, 0x7f, 0x78, 0x7b, 0x91, 0xc8, 0x5b, 0x16, 0xd9, 0xf3, 0xc7, 0xf9, 0x5b, + 0x80, 0x7f, 0x47, 0xb8, 0x5e, 0xec, 0x9c, 0x89, 0x99, 0x47, 0xb6, 0xda, 0xec, 0x98, 0x77, 0x2c, + 0xf3, 0x96, 0xbb, 0x71, 0xce, 0xe6, 0xe0, 0x4d, 0x4e, 0x90, 0xca, 0xf8, 0x6d, 0x41, 0xfe, 0x03, + 0x61, 0x2f, 0x07, 0x99, 0xd6, 0xf2, 0xff, 0x84, 0xdf, 0xb6, 0xf8, 0x3b, 0xee, 0xad, 0x31, 0x96, + 0x57, 0x89, 0x78, 0x87, 0xeb, 0xc5, 0x51, 0x3c, 0x31, 0xfe, 0xc8, 0xd9, 0xed, 0xae, 0x57, 0xa5, + 0x0c, 0x8e, 0xec, 0xfe, 0x36, 0x6b, 0xae, 0x56, 0x58, 0x6a, 0x38, 0x9c, 0x0f, 0x08, 0x7b, 0x79, + 0xc1, 0x69, 0x5d, 0x9c, 0x06, 0xe3, 0xb6, 0xc5, 0xd8, 0x6c, 0x6e, 0x8c, 0xb5, 0xc6, 0xc0, 0xdc, + 0xdf, 0xff, 0xd9, 0x6b, 0xa0, 0x5f, 0xbd, 0x06, 0xfa, 0xdd, 0x6b, 0xa0, 0x67, 0x77, 0x27, 0xbb, + 0x21, 0xc3, 0x98, 0x41, 0xa2, 0x4b, 0x61, 0x87, 0xf3, 0xf6, 0x4a, 0xbc, 0xf3, 0x37, 0x00, 0x00, + 0xff, 0xff, 0xe4, 0x00, 0xe9, 0x59, 0xad, 0x07, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -333,12 +338,20 @@ const _ = grpc.SupportPackageIsVersion4 type RepoCredsServiceClient interface { // ListRepositoryCredentials gets a list of all configured repository credential sets ListRepositoryCredentials(ctx context.Context, in *RepoCredsQuery, opts ...grpc.CallOption) (*v1alpha1.RepoCredsList, error) + //ListWriteRepositoryCredentials gets a list of all configured repository credential sets that have write access + ListWriteRepositoryCredentials(ctx context.Context, in *RepoCredsQuery, opts ...grpc.CallOption) (*v1alpha1.RepoCredsList, error) // CreateRepositoryCredentials creates a new repository credential set CreateRepositoryCredentials(ctx context.Context, in *RepoCredsCreateRequest, opts ...grpc.CallOption) (*v1alpha1.RepoCreds, error) + // CreateWriteRepositoryCredentials creates a new repository credential set with write access + CreateWriteRepositoryCredentials(ctx context.Context, in *RepoCredsCreateRequest, opts ...grpc.CallOption) (*v1alpha1.RepoCreds, error) // UpdateRepositoryCredentials updates a repository credential set UpdateRepositoryCredentials(ctx context.Context, in *RepoCredsUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.RepoCreds, error) + // UpdateWriteRepositoryCredentials updates a repository credential set with write access + UpdateWriteRepositoryCredentials(ctx context.Context, in *RepoCredsUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.RepoCreds, error) // DeleteRepositoryCredentials deletes a repository credential set from the configuration DeleteRepositoryCredentials(ctx context.Context, in *RepoCredsDeleteRequest, opts ...grpc.CallOption) (*RepoCredsResponse, error) + // DeleteWriteRepositoryCredentials deletes a repository credential set with write access from the configuration + DeleteWriteRepositoryCredentials(ctx context.Context, in *RepoCredsDeleteRequest, opts ...grpc.CallOption) (*RepoCredsResponse, error) } type repoCredsServiceClient struct { @@ -358,6 +371,15 @@ func (c *repoCredsServiceClient) ListRepositoryCredentials(ctx context.Context, return out, nil } +func (c *repoCredsServiceClient) ListWriteRepositoryCredentials(ctx context.Context, in *RepoCredsQuery, opts ...grpc.CallOption) (*v1alpha1.RepoCredsList, error) { + out := new(v1alpha1.RepoCredsList) + err := c.cc.Invoke(ctx, "/repocreds.RepoCredsService/ListWriteRepositoryCredentials", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *repoCredsServiceClient) CreateRepositoryCredentials(ctx context.Context, in *RepoCredsCreateRequest, opts ...grpc.CallOption) (*v1alpha1.RepoCreds, error) { out := new(v1alpha1.RepoCreds) err := c.cc.Invoke(ctx, "/repocreds.RepoCredsService/CreateRepositoryCredentials", in, out, opts...) @@ -367,6 +389,15 @@ func (c *repoCredsServiceClient) CreateRepositoryCredentials(ctx context.Context return out, nil } +func (c *repoCredsServiceClient) CreateWriteRepositoryCredentials(ctx context.Context, in *RepoCredsCreateRequest, opts ...grpc.CallOption) (*v1alpha1.RepoCreds, error) { + out := new(v1alpha1.RepoCreds) + err := c.cc.Invoke(ctx, "/repocreds.RepoCredsService/CreateWriteRepositoryCredentials", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *repoCredsServiceClient) UpdateRepositoryCredentials(ctx context.Context, in *RepoCredsUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.RepoCreds, error) { out := new(v1alpha1.RepoCreds) err := c.cc.Invoke(ctx, "/repocreds.RepoCredsService/UpdateRepositoryCredentials", in, out, opts...) @@ -376,6 +407,15 @@ func (c *repoCredsServiceClient) UpdateRepositoryCredentials(ctx context.Context return out, nil } +func (c *repoCredsServiceClient) UpdateWriteRepositoryCredentials(ctx context.Context, in *RepoCredsUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.RepoCreds, error) { + out := new(v1alpha1.RepoCreds) + err := c.cc.Invoke(ctx, "/repocreds.RepoCredsService/UpdateWriteRepositoryCredentials", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *repoCredsServiceClient) DeleteRepositoryCredentials(ctx context.Context, in *RepoCredsDeleteRequest, opts ...grpc.CallOption) (*RepoCredsResponse, error) { out := new(RepoCredsResponse) err := c.cc.Invoke(ctx, "/repocreds.RepoCredsService/DeleteRepositoryCredentials", in, out, opts...) @@ -385,16 +425,33 @@ func (c *repoCredsServiceClient) DeleteRepositoryCredentials(ctx context.Context return out, nil } +func (c *repoCredsServiceClient) DeleteWriteRepositoryCredentials(ctx context.Context, in *RepoCredsDeleteRequest, opts ...grpc.CallOption) (*RepoCredsResponse, error) { + out := new(RepoCredsResponse) + err := c.cc.Invoke(ctx, "/repocreds.RepoCredsService/DeleteWriteRepositoryCredentials", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // RepoCredsServiceServer is the server API for RepoCredsService service. type RepoCredsServiceServer interface { // ListRepositoryCredentials gets a list of all configured repository credential sets ListRepositoryCredentials(context.Context, *RepoCredsQuery) (*v1alpha1.RepoCredsList, error) + //ListWriteRepositoryCredentials gets a list of all configured repository credential sets that have write access + ListWriteRepositoryCredentials(context.Context, *RepoCredsQuery) (*v1alpha1.RepoCredsList, error) // CreateRepositoryCredentials creates a new repository credential set CreateRepositoryCredentials(context.Context, *RepoCredsCreateRequest) (*v1alpha1.RepoCreds, error) + // CreateWriteRepositoryCredentials creates a new repository credential set with write access + CreateWriteRepositoryCredentials(context.Context, *RepoCredsCreateRequest) (*v1alpha1.RepoCreds, error) // UpdateRepositoryCredentials updates a repository credential set UpdateRepositoryCredentials(context.Context, *RepoCredsUpdateRequest) (*v1alpha1.RepoCreds, error) + // UpdateWriteRepositoryCredentials updates a repository credential set with write access + UpdateWriteRepositoryCredentials(context.Context, *RepoCredsUpdateRequest) (*v1alpha1.RepoCreds, error) // DeleteRepositoryCredentials deletes a repository credential set from the configuration DeleteRepositoryCredentials(context.Context, *RepoCredsDeleteRequest) (*RepoCredsResponse, error) + // DeleteWriteRepositoryCredentials deletes a repository credential set with write access from the configuration + DeleteWriteRepositoryCredentials(context.Context, *RepoCredsDeleteRequest) (*RepoCredsResponse, error) } // UnimplementedRepoCredsServiceServer can be embedded to have forward compatible implementations. @@ -404,15 +461,27 @@ type UnimplementedRepoCredsServiceServer struct { func (*UnimplementedRepoCredsServiceServer) ListRepositoryCredentials(ctx context.Context, req *RepoCredsQuery) (*v1alpha1.RepoCredsList, error) { return nil, status.Errorf(codes.Unimplemented, "method ListRepositoryCredentials not implemented") } +func (*UnimplementedRepoCredsServiceServer) ListWriteRepositoryCredentials(ctx context.Context, req *RepoCredsQuery) (*v1alpha1.RepoCredsList, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListWriteRepositoryCredentials not implemented") +} func (*UnimplementedRepoCredsServiceServer) CreateRepositoryCredentials(ctx context.Context, req *RepoCredsCreateRequest) (*v1alpha1.RepoCreds, error) { return nil, status.Errorf(codes.Unimplemented, "method CreateRepositoryCredentials not implemented") } +func (*UnimplementedRepoCredsServiceServer) CreateWriteRepositoryCredentials(ctx context.Context, req *RepoCredsCreateRequest) (*v1alpha1.RepoCreds, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateWriteRepositoryCredentials not implemented") +} func (*UnimplementedRepoCredsServiceServer) UpdateRepositoryCredentials(ctx context.Context, req *RepoCredsUpdateRequest) (*v1alpha1.RepoCreds, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateRepositoryCredentials not implemented") } +func (*UnimplementedRepoCredsServiceServer) UpdateWriteRepositoryCredentials(ctx context.Context, req *RepoCredsUpdateRequest) (*v1alpha1.RepoCreds, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateWriteRepositoryCredentials not implemented") +} func (*UnimplementedRepoCredsServiceServer) DeleteRepositoryCredentials(ctx context.Context, req *RepoCredsDeleteRequest) (*RepoCredsResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method DeleteRepositoryCredentials not implemented") } +func (*UnimplementedRepoCredsServiceServer) DeleteWriteRepositoryCredentials(ctx context.Context, req *RepoCredsDeleteRequest) (*RepoCredsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteWriteRepositoryCredentials not implemented") +} func RegisterRepoCredsServiceServer(s *grpc.Server, srv RepoCredsServiceServer) { s.RegisterService(&_RepoCredsService_serviceDesc, srv) @@ -436,6 +505,24 @@ func _RepoCredsService_ListRepositoryCredentials_Handler(srv interface{}, ctx co return interceptor(ctx, in, info, handler) } +func _RepoCredsService_ListWriteRepositoryCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoCredsQuery) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepoCredsServiceServer).ListWriteRepositoryCredentials(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repocreds.RepoCredsService/ListWriteRepositoryCredentials", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepoCredsServiceServer).ListWriteRepositoryCredentials(ctx, req.(*RepoCredsQuery)) + } + return interceptor(ctx, in, info, handler) +} + func _RepoCredsService_CreateRepositoryCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoCredsCreateRequest) if err := dec(in); err != nil { @@ -454,6 +541,24 @@ func _RepoCredsService_CreateRepositoryCredentials_Handler(srv interface{}, ctx return interceptor(ctx, in, info, handler) } +func _RepoCredsService_CreateWriteRepositoryCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoCredsCreateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepoCredsServiceServer).CreateWriteRepositoryCredentials(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repocreds.RepoCredsService/CreateWriteRepositoryCredentials", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepoCredsServiceServer).CreateWriteRepositoryCredentials(ctx, req.(*RepoCredsCreateRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _RepoCredsService_UpdateRepositoryCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoCredsUpdateRequest) if err := dec(in); err != nil { @@ -472,6 +577,24 @@ func _RepoCredsService_UpdateRepositoryCredentials_Handler(srv interface{}, ctx return interceptor(ctx, in, info, handler) } +func _RepoCredsService_UpdateWriteRepositoryCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoCredsUpdateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepoCredsServiceServer).UpdateWriteRepositoryCredentials(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repocreds.RepoCredsService/UpdateWriteRepositoryCredentials", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepoCredsServiceServer).UpdateWriteRepositoryCredentials(ctx, req.(*RepoCredsUpdateRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _RepoCredsService_DeleteRepositoryCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoCredsDeleteRequest) if err := dec(in); err != nil { @@ -490,6 +613,24 @@ func _RepoCredsService_DeleteRepositoryCredentials_Handler(srv interface{}, ctx return interceptor(ctx, in, info, handler) } +func _RepoCredsService_DeleteWriteRepositoryCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoCredsDeleteRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepoCredsServiceServer).DeleteWriteRepositoryCredentials(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repocreds.RepoCredsService/DeleteWriteRepositoryCredentials", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepoCredsServiceServer).DeleteWriteRepositoryCredentials(ctx, req.(*RepoCredsDeleteRequest)) + } + return interceptor(ctx, in, info, handler) +} + var _RepoCredsService_serviceDesc = grpc.ServiceDesc{ ServiceName: "repocreds.RepoCredsService", HandlerType: (*RepoCredsServiceServer)(nil), @@ -498,18 +639,34 @@ var _RepoCredsService_serviceDesc = grpc.ServiceDesc{ MethodName: "ListRepositoryCredentials", Handler: _RepoCredsService_ListRepositoryCredentials_Handler, }, + { + MethodName: "ListWriteRepositoryCredentials", + Handler: _RepoCredsService_ListWriteRepositoryCredentials_Handler, + }, { MethodName: "CreateRepositoryCredentials", Handler: _RepoCredsService_CreateRepositoryCredentials_Handler, }, + { + MethodName: "CreateWriteRepositoryCredentials", + Handler: _RepoCredsService_CreateWriteRepositoryCredentials_Handler, + }, { MethodName: "UpdateRepositoryCredentials", Handler: _RepoCredsService_UpdateRepositoryCredentials_Handler, }, + { + MethodName: "UpdateWriteRepositoryCredentials", + Handler: _RepoCredsService_UpdateWriteRepositoryCredentials_Handler, + }, { MethodName: "DeleteRepositoryCredentials", Handler: _RepoCredsService_DeleteRepositoryCredentials_Handler, }, + { + MethodName: "DeleteWriteRepositoryCredentials", + Handler: _RepoCredsService_DeleteWriteRepositoryCredentials_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "server/repocreds/repocreds.proto", diff --git a/pkg/apiclient/repocreds/repocreds.pb.gw.go b/pkg/apiclient/repocreds/repocreds.pb.gw.go index cbf003fbfaa54..699a8620935a3 100644 --- a/pkg/apiclient/repocreds/repocreds.pb.gw.go +++ b/pkg/apiclient/repocreds/repocreds.pb.gw.go @@ -69,6 +69,42 @@ func local_request_RepoCredsService_ListRepositoryCredentials_0(ctx context.Cont } +var ( + filter_RepoCredsService_ListWriteRepositoryCredentials_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} +) + +func request_RepoCredsService_ListWriteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, client RepoCredsServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCredsQuery + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepoCredsService_ListWriteRepositoryCredentials_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ListWriteRepositoryCredentials(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepoCredsService_ListWriteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, server RepoCredsServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCredsQuery + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepoCredsService_ListWriteRepositoryCredentials_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.ListWriteRepositoryCredentials(ctx, &protoReq) + return msg, metadata, err + +} + var ( filter_RepoCredsService_CreateRepositoryCredentials_0 = &utilities.DoubleArray{Encoding: map[string]int{"creds": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} ) @@ -121,6 +157,58 @@ func local_request_RepoCredsService_CreateRepositoryCredentials_0(ctx context.Co } +var ( + filter_RepoCredsService_CreateWriteRepositoryCredentials_0 = &utilities.DoubleArray{Encoding: map[string]int{"creds": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + +func request_RepoCredsService_CreateWriteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, client RepoCredsServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCredsCreateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Creds); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepoCredsService_CreateWriteRepositoryCredentials_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.CreateWriteRepositoryCredentials(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepoCredsService_CreateWriteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, server RepoCredsServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCredsCreateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Creds); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepoCredsService_CreateWriteRepositoryCredentials_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.CreateWriteRepositoryCredentials(ctx, &protoReq) + return msg, metadata, err + +} + func request_RepoCredsService_UpdateRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, client RepoCredsServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq RepoCredsUpdateRequest var metadata runtime.ServerMetadata @@ -191,6 +279,76 @@ func local_request_RepoCredsService_UpdateRepositoryCredentials_0(ctx context.Co } +func request_RepoCredsService_UpdateWriteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, client RepoCredsServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCredsUpdateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Creds); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["creds.url"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "creds.url") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "creds.url", val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "creds.url", err) + } + + msg, err := client.UpdateWriteRepositoryCredentials(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepoCredsService_UpdateWriteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, server RepoCredsServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCredsUpdateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Creds); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["creds.url"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "creds.url") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "creds.url", val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "creds.url", err) + } + + msg, err := server.UpdateWriteRepositoryCredentials(ctx, &protoReq) + return msg, metadata, err + +} + func request_RepoCredsService_DeleteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, client RepoCredsServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq RepoCredsDeleteRequest var metadata runtime.ServerMetadata @@ -245,6 +403,60 @@ func local_request_RepoCredsService_DeleteRepositoryCredentials_0(ctx context.Co } +func request_RepoCredsService_DeleteWriteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, client RepoCredsServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCredsDeleteRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["url"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "url") + } + + protoReq.Url, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "url", err) + } + + msg, err := client.DeleteWriteRepositoryCredentials(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepoCredsService_DeleteWriteRepositoryCredentials_0(ctx context.Context, marshaler runtime.Marshaler, server RepoCredsServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCredsDeleteRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["url"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "url") + } + + protoReq.Url, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "url", err) + } + + msg, err := server.DeleteWriteRepositoryCredentials(ctx, &protoReq) + return msg, metadata, err + +} + // RegisterRepoCredsServiceHandlerServer registers the http handlers for service RepoCredsService to "mux". // UnaryRPC :call RepoCredsServiceServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -274,6 +486,29 @@ func RegisterRepoCredsServiceHandlerServer(ctx context.Context, mux *runtime.Ser }) + mux.Handle("GET", pattern_RepoCredsService_ListWriteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepoCredsService_ListWriteRepositoryCredentials_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepoCredsService_ListWriteRepositoryCredentials_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("POST", pattern_RepoCredsService_CreateRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -297,6 +532,29 @@ func RegisterRepoCredsServiceHandlerServer(ctx context.Context, mux *runtime.Ser }) + mux.Handle("POST", pattern_RepoCredsService_CreateWriteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepoCredsService_CreateWriteRepositoryCredentials_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepoCredsService_CreateWriteRepositoryCredentials_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("PUT", pattern_RepoCredsService_UpdateRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -320,6 +578,29 @@ func RegisterRepoCredsServiceHandlerServer(ctx context.Context, mux *runtime.Ser }) + mux.Handle("PUT", pattern_RepoCredsService_UpdateWriteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepoCredsService_UpdateWriteRepositoryCredentials_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepoCredsService_UpdateWriteRepositoryCredentials_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("DELETE", pattern_RepoCredsService_DeleteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -343,6 +624,29 @@ func RegisterRepoCredsServiceHandlerServer(ctx context.Context, mux *runtime.Ser }) + mux.Handle("DELETE", pattern_RepoCredsService_DeleteWriteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepoCredsService_DeleteWriteRepositoryCredentials_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepoCredsService_DeleteWriteRepositoryCredentials_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -404,6 +708,26 @@ func RegisterRepoCredsServiceHandlerClient(ctx context.Context, mux *runtime.Ser }) + mux.Handle("GET", pattern_RepoCredsService_ListWriteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepoCredsService_ListWriteRepositoryCredentials_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepoCredsService_ListWriteRepositoryCredentials_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("POST", pattern_RepoCredsService_CreateRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -424,6 +748,26 @@ func RegisterRepoCredsServiceHandlerClient(ctx context.Context, mux *runtime.Ser }) + mux.Handle("POST", pattern_RepoCredsService_CreateWriteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepoCredsService_CreateWriteRepositoryCredentials_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepoCredsService_CreateWriteRepositoryCredentials_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("PUT", pattern_RepoCredsService_UpdateRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -444,6 +788,26 @@ func RegisterRepoCredsServiceHandlerClient(ctx context.Context, mux *runtime.Ser }) + mux.Handle("PUT", pattern_RepoCredsService_UpdateWriteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepoCredsService_UpdateWriteRepositoryCredentials_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepoCredsService_UpdateWriteRepositoryCredentials_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("DELETE", pattern_RepoCredsService_DeleteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -464,25 +828,61 @@ func RegisterRepoCredsServiceHandlerClient(ctx context.Context, mux *runtime.Ser }) + mux.Handle("DELETE", pattern_RepoCredsService_DeleteWriteRepositoryCredentials_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepoCredsService_DeleteWriteRepositoryCredentials_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepoCredsService_DeleteWriteRepositoryCredentials_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } var ( pattern_RepoCredsService_ListRepositoryCredentials_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "repocreds"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepoCredsService_ListWriteRepositoryCredentials_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "write-repocreds"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepoCredsService_CreateRepositoryCredentials_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "repocreds"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepoCredsService_CreateWriteRepositoryCredentials_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "write-repocreds"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepoCredsService_UpdateRepositoryCredentials_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "repocreds", "creds.url"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepoCredsService_UpdateWriteRepositoryCredentials_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "write-repocreds", "creds.url"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepoCredsService_DeleteRepositoryCredentials_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "repocreds", "url"}, "", runtime.AssumeColonVerbOpt(true))) + + pattern_RepoCredsService_DeleteWriteRepositoryCredentials_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "write-repocreds", "url"}, "", runtime.AssumeColonVerbOpt(true))) ) var ( forward_RepoCredsService_ListRepositoryCredentials_0 = runtime.ForwardResponseMessage + forward_RepoCredsService_ListWriteRepositoryCredentials_0 = runtime.ForwardResponseMessage + forward_RepoCredsService_CreateRepositoryCredentials_0 = runtime.ForwardResponseMessage + forward_RepoCredsService_CreateWriteRepositoryCredentials_0 = runtime.ForwardResponseMessage + forward_RepoCredsService_UpdateRepositoryCredentials_0 = runtime.ForwardResponseMessage + forward_RepoCredsService_UpdateWriteRepositoryCredentials_0 = runtime.ForwardResponseMessage + forward_RepoCredsService_DeleteRepositoryCredentials_0 = runtime.ForwardResponseMessage + + forward_RepoCredsService_DeleteWriteRepositoryCredentials_0 = runtime.ForwardResponseMessage ) diff --git a/pkg/apiclient/repository/repository.pb.go b/pkg/apiclient/repository/repository.pb.go index 8dbb20ce7bc70..feb1003e454b5 100644 --- a/pkg/apiclient/repository/repository.pb.go +++ b/pkg/apiclient/repository/repository.pb.go @@ -730,81 +730,89 @@ func init() { } var fileDescriptor_8d38260443475705 = []byte{ - // 1178 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x5d, 0x6f, 0x1b, 0x45, - 0x17, 0xd6, 0x26, 0x8d, 0x93, 0x9c, 0x7c, 0xd4, 0x99, 0xe4, 0xed, 0xbb, 0xb8, 0x6e, 0x1a, 0x6d, - 0x4b, 0x15, 0xa2, 0xb2, 0x6e, 0x8c, 0x10, 0xa8, 0x08, 0x24, 0xe7, 0x43, 0x4d, 0x44, 0x44, 0xca, - 0x56, 0xe1, 0x02, 0x81, 0xd0, 0x64, 0x7d, 0x62, 0x6f, 0xbb, 0xde, 0x9d, 0xce, 0x8c, 0x4d, 0xad, - 0xaa, 0x37, 0x5c, 0x21, 0xc1, 0x0d, 0x42, 0x48, 0xdc, 0x21, 0x24, 0x24, 0x2e, 0xf8, 0x23, 0x5c, - 0x22, 0xf1, 0x07, 0x50, 0xc4, 0x8f, 0xe0, 0x0a, 0xa1, 0x99, 0x59, 0xef, 0xae, 0x13, 0xdb, 0x49, - 0x45, 0xc8, 0xdd, 0xcc, 0x73, 0xce, 0x9e, 0xf3, 0xcc, 0xb3, 0xe7, 0x9c, 0x9d, 0x05, 0x47, 0x20, - 0xef, 0x20, 0xaf, 0x70, 0x64, 0xb1, 0x08, 0x64, 0xcc, 0xbb, 0xb9, 0xa5, 0xcb, 0x78, 0x2c, 0x63, - 0x02, 0x19, 0x52, 0x2a, 0x37, 0xe2, 0xb8, 0x11, 0x62, 0x85, 0xb2, 0xa0, 0x42, 0xa3, 0x28, 0x96, - 0x54, 0x06, 0x71, 0x24, 0x8c, 0x67, 0x69, 0xaf, 0x11, 0xc8, 0x66, 0xfb, 0xd0, 0xf5, 0xe3, 0x56, - 0x85, 0xf2, 0x46, 0xcc, 0x78, 0xfc, 0x58, 0x2f, 0x5e, 0xf7, 0xeb, 0x95, 0x4e, 0xb5, 0xc2, 0x9e, - 0x34, 0xd4, 0x93, 0xa2, 0x42, 0x19, 0x0b, 0x03, 0x5f, 0x3f, 0x5b, 0xe9, 0xac, 0xd3, 0x90, 0x35, - 0xe9, 0x7a, 0xa5, 0x81, 0x11, 0x72, 0x2a, 0xb1, 0x9e, 0x44, 0xdb, 0x3e, 0x23, 0x9a, 0xa6, 0x75, - 0x26, 0x7d, 0xa7, 0x0b, 0x73, 0x1e, 0xb2, 0xb8, 0xc6, 0x98, 0xf8, 0xb0, 0x8d, 0xbc, 0x4b, 0x08, - 0x5c, 0x51, 0x4e, 0xb6, 0xb5, 0x62, 0xad, 0x4e, 0x7b, 0x7a, 0x4d, 0x4a, 0x30, 0xc5, 0xb1, 0x13, - 0x88, 0x20, 0x8e, 0xec, 0x31, 0x8d, 0xa7, 0x7b, 0x62, 0xc3, 0x24, 0x65, 0xec, 0x03, 0xda, 0x42, - 0x7b, 0x5c, 0x9b, 0x7a, 0x5b, 0xb2, 0x0c, 0x40, 0x19, 0x7b, 0xc8, 0xe3, 0xc7, 0xe8, 0x4b, 0xfb, - 0x8a, 0x36, 0xe6, 0x10, 0x67, 0x1d, 0x26, 0x6b, 0x8c, 0xed, 0x46, 0x47, 0xb1, 0x4a, 0x2a, 0xbb, - 0x0c, 0x7b, 0x49, 0xd5, 0x5a, 0x61, 0x8c, 0xca, 0x66, 0x92, 0x50, 0xaf, 0x9d, 0xbf, 0x2c, 0x58, - 0x4c, 0xe8, 0x6e, 0xa1, 0xa4, 0x41, 0x98, 0x90, 0x6e, 0x40, 0x41, 0xc4, 0x6d, 0xee, 0x9b, 0x08, - 0x33, 0xd5, 0x7d, 0x37, 0x53, 0xc7, 0xed, 0xa9, 0xa3, 0x17, 0x9f, 0xf9, 0x75, 0xb7, 0x53, 0x75, - 0xd9, 0x93, 0x86, 0xab, 0xb4, 0x76, 0x73, 0x5a, 0xbb, 0x3d, 0xad, 0xdd, 0x5a, 0x06, 0x3e, 0xd2, - 0x61, 0xbd, 0x24, 0x7c, 0xfe, 0xb4, 0x63, 0xa3, 0x4e, 0x3b, 0x7e, 0xf2, 0xb4, 0x64, 0x05, 0x66, - 0x4c, 0x8c, 0xdd, 0xa8, 0x8e, 0xcf, 0xb4, 0x1c, 0x13, 0x5e, 0x1e, 0x22, 0x65, 0x98, 0xee, 0x20, - 0x57, 0xa2, 0xee, 0xd6, 0xed, 0x09, 0x6d, 0xcf, 0x00, 0xe7, 0x5d, 0x28, 0xf6, 0x5e, 0x94, 0x87, - 0x82, 0xc5, 0x91, 0x40, 0xf2, 0x1a, 0x4c, 0x04, 0x12, 0x5b, 0xc2, 0xb6, 0x56, 0xc6, 0x57, 0x67, - 0xaa, 0x8b, 0x6e, 0xee, 0xf5, 0x26, 0xd2, 0x7a, 0xc6, 0xc3, 0xf1, 0x61, 0x5a, 0x3d, 0x3e, 0xfc, - 0x1d, 0x3b, 0x30, 0x7b, 0x14, 0xab, 0xa3, 0xe2, 0x11, 0x47, 0x61, 0x64, 0x9f, 0xf2, 0xfa, 0xb0, - 0xb3, 0xce, 0xe8, 0xfc, 0x38, 0x01, 0x57, 0x35, 0x49, 0xdf, 0x47, 0x31, 0xba, 0x9e, 0xda, 0x02, - 0x79, 0x94, 0xc9, 0x98, 0xee, 0x95, 0x8d, 0x51, 0x21, 0x3e, 0x8f, 0x79, 0x3d, 0xc9, 0x90, 0xee, - 0xc9, 0x6d, 0x98, 0x13, 0xa2, 0xf9, 0x90, 0x07, 0x1d, 0x2a, 0xf1, 0x7d, 0xec, 0x26, 0x45, 0xd5, - 0x0f, 0xaa, 0x08, 0x41, 0x24, 0xd0, 0x6f, 0x73, 0xd4, 0x32, 0x4e, 0x79, 0xe9, 0x9e, 0xdc, 0x85, - 0x05, 0x19, 0x8a, 0xcd, 0x30, 0xc0, 0x48, 0x6e, 0x22, 0x97, 0x5b, 0x54, 0x52, 0xbb, 0xa0, 0xa3, - 0x9c, 0x36, 0x90, 0x35, 0x28, 0xf6, 0x81, 0x2a, 0xe5, 0xa4, 0x76, 0x3e, 0x85, 0xa7, 0x25, 0x3c, - 0xdd, 0x5f, 0xc2, 0xfa, 0x8c, 0x60, 0x30, 0x7d, 0xbe, 0x32, 0x4c, 0x63, 0x44, 0x0f, 0x43, 0xdc, - 0xf7, 0x03, 0x7b, 0x46, 0xd3, 0xcb, 0x00, 0x72, 0x0f, 0x16, 0x4d, 0xe5, 0xd6, 0x94, 0xaa, 0xe9, - 0x39, 0x67, 0x75, 0x80, 0x41, 0x26, 0x55, 0x57, 0x29, 0xbc, 0xbb, 0x65, 0xcf, 0xad, 0x58, 0xab, - 0xe3, 0x5e, 0x1e, 0x22, 0x6f, 0xc3, 0xff, 0xb3, 0x6d, 0x24, 0x24, 0x0d, 0x43, 0x5d, 0xda, 0xbb, - 0x5b, 0xf6, 0xbc, 0xf6, 0x1e, 0x66, 0x26, 0xef, 0x41, 0x29, 0x35, 0x6d, 0x47, 0x12, 0x39, 0xe3, - 0x81, 0xc0, 0x0d, 0x2a, 0xf0, 0x80, 0x87, 0xf6, 0x55, 0x4d, 0x6a, 0x84, 0x07, 0x59, 0x82, 0x09, - 0xc6, 0xe3, 0x67, 0x5d, 0xbb, 0xa8, 0x5d, 0xcd, 0x46, 0xf5, 0x10, 0x4b, 0x4a, 0x68, 0xc1, 0xf4, - 0x50, 0xb2, 0x25, 0x55, 0x58, 0x6a, 0xf8, 0xec, 0x11, 0xf2, 0x4e, 0xe0, 0x63, 0xcd, 0xf7, 0xe3, - 0x76, 0xa4, 0x35, 0x27, 0xda, 0x6d, 0xa0, 0x8d, 0xb8, 0x40, 0x74, 0x8d, 0xee, 0x48, 0xc9, 0x36, - 0xa8, 0x08, 0xfc, 0x5a, 0x5b, 0x36, 0xed, 0x45, 0x2d, 0xec, 0x00, 0x8b, 0x33, 0x0f, 0xb3, 0xaa, - 0x44, 0x7b, 0x3d, 0xe4, 0xfc, 0x6c, 0xc1, 0x82, 0x02, 0x36, 0x39, 0x52, 0x89, 0x1e, 0x3e, 0x6d, - 0xa3, 0x90, 0xe4, 0x93, 0x5c, 0xd5, 0xce, 0x54, 0x77, 0xfe, 0xdd, 0x38, 0xf1, 0xd2, 0xae, 0x4c, - 0xea, 0xff, 0x1a, 0x14, 0xda, 0x4c, 0x20, 0x97, 0x49, 0x97, 0x25, 0x3b, 0x55, 0x1b, 0x3e, 0xc7, - 0xba, 0xd8, 0x8f, 0xc2, 0xae, 0x2e, 0xfe, 0x29, 0x2f, 0x03, 0x9c, 0xa7, 0x86, 0xe8, 0x01, 0xab, - 0x5f, 0x16, 0xd1, 0xea, 0xdf, 0xf3, 0x26, 0xa7, 0x01, 0x13, 0xf1, 0xc9, 0xd7, 0x16, 0x5c, 0xd9, - 0x0b, 0x84, 0x24, 0xff, 0xcb, 0x0f, 0x9c, 0x74, 0xbc, 0x94, 0xf6, 0x2e, 0x8a, 0x85, 0x4a, 0xe2, - 0xdc, 0xfc, 0xe2, 0xf7, 0x3f, 0xbf, 0x1d, 0xbb, 0x46, 0x96, 0xf4, 0x67, 0xb5, 0xb3, 0x9e, 0x7d, - 0xc3, 0x02, 0x14, 0x5f, 0x8e, 0x59, 0xe4, 0x2b, 0x0b, 0xc6, 0x1f, 0xe0, 0x50, 0x36, 0x17, 0xa6, - 0x89, 0x73, 0x4b, 0x33, 0xb9, 0x41, 0xae, 0x0f, 0x62, 0x52, 0x79, 0xae, 0x76, 0x2f, 0xc8, 0x77, - 0x16, 0x14, 0x15, 0x6f, 0x2f, 0x67, 0xbb, 0x1c, 0xa1, 0xca, 0xa3, 0x84, 0x22, 0x9f, 0xc2, 0x94, - 0xa1, 0x75, 0x34, 0x94, 0x4e, 0xb1, 0x1f, 0x3e, 0x12, 0xce, 0xaa, 0x0e, 0xe9, 0x90, 0x95, 0x11, - 0x27, 0xae, 0x70, 0x15, 0xb2, 0x65, 0xc2, 0xab, 0xcf, 0x13, 0x79, 0xe5, 0x64, 0xf8, 0xf4, 0x76, - 0x51, 0x2a, 0x0f, 0x32, 0xa5, 0xbd, 0x78, 0xae, 0x74, 0x54, 0xa5, 0xf8, 0xc6, 0x82, 0xb9, 0x07, - 0x28, 0xb3, 0x7b, 0x00, 0xb9, 0x39, 0x20, 0x72, 0xfe, 0x8e, 0x50, 0x72, 0x86, 0x3b, 0xa4, 0x04, - 0xde, 0xd1, 0x04, 0xde, 0x74, 0xee, 0x0d, 0x26, 0x60, 0xbe, 0xd6, 0x3a, 0xce, 0x81, 0xb7, 0xa7, - 0xa9, 0xd4, 0x4d, 0x84, 0xfb, 0xd6, 0x1a, 0xe9, 0x68, 0x4a, 0x3b, 0x18, 0xb6, 0x36, 0x9b, 0x94, - 0xcb, 0xa1, 0x32, 0x2f, 0xe7, 0xe1, 0xcc, 0x3d, 0x25, 0xe1, 0x6a, 0x12, 0xab, 0xe4, 0xce, 0x28, - 0x15, 0x9a, 0x18, 0xb6, 0x7c, 0x93, 0xe6, 0x7b, 0x0b, 0x0a, 0x66, 0x7a, 0x91, 0x1b, 0x27, 0x33, - 0xf6, 0x4d, 0xb5, 0x0b, 0x6c, 0x85, 0x57, 0x35, 0xc7, 0xb2, 0x33, 0xb0, 0xd6, 0xee, 0xeb, 0xe1, - 0xa1, 0x5a, 0xf3, 0x07, 0x0b, 0x8a, 0x3d, 0x0a, 0xbd, 0x67, 0x2f, 0x8f, 0xa4, 0x73, 0x36, 0x49, - 0xf2, 0x93, 0x05, 0x05, 0x33, 0x51, 0x4f, 0xf3, 0xea, 0x9b, 0xb4, 0x17, 0xc8, 0x6b, 0xdd, 0xbc, - 0xe0, 0xd2, 0x88, 0x32, 0xd7, 0x54, 0x5e, 0x64, 0x42, 0xfe, 0x62, 0x41, 0xb1, 0x47, 0x67, 0xb8, - 0x90, 0xff, 0x15, 0x61, 0xf7, 0xe5, 0x08, 0x13, 0x0a, 0x85, 0x2d, 0x0c, 0x51, 0xe2, 0xb0, 0x16, - 0xb0, 0x4f, 0xc2, 0x69, 0xf1, 0xdf, 0x31, 0x33, 0x76, 0x6d, 0xd4, 0x8c, 0x55, 0x82, 0x34, 0xa1, - 0x68, 0x52, 0xe4, 0xf4, 0x78, 0xe9, 0x64, 0xb7, 0xce, 0x91, 0x8c, 0x3c, 0x87, 0xf9, 0x8f, 0x68, - 0x18, 0x28, 0x65, 0xcd, 0xbd, 0x96, 0x5c, 0x3f, 0x35, 0x49, 0xb2, 0xfb, 0xee, 0x88, 0x6c, 0x55, - 0x9d, 0xed, 0xae, 0x73, 0x7b, 0x54, 0x5f, 0x77, 0x92, 0x54, 0x46, 0xc9, 0x8d, 0xed, 0x5f, 0x8f, - 0x97, 0xad, 0xdf, 0x8e, 0x97, 0xad, 0x3f, 0x8e, 0x97, 0xad, 0x8f, 0xdf, 0x3a, 0xdf, 0x1f, 0xa4, - 0xaf, 0x2f, 0xa6, 0xb9, 0x7f, 0xbd, 0xc3, 0x82, 0xfe, 0xd9, 0x7b, 0xe3, 0x9f, 0x00, 0x00, 0x00, - 0xff, 0xff, 0x56, 0xc6, 0x8e, 0x59, 0xd1, 0x0e, 0x00, 0x00, + // 1304 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x98, 0xdd, 0x6e, 0x1b, 0x45, + 0x14, 0xc7, 0xb5, 0x49, 0xe3, 0x26, 0x27, 0x4d, 0xeb, 0x4e, 0x9a, 0xb2, 0xb8, 0x69, 0x1a, 0xb6, + 0xa5, 0x4a, 0xa3, 0x76, 0xdd, 0x18, 0x10, 0x55, 0x11, 0x48, 0x6e, 0x52, 0xb5, 0x11, 0x11, 0x2d, + 0x5b, 0x15, 0x24, 0x04, 0x42, 0xd3, 0xf5, 0x89, 0xbd, 0xed, 0x7a, 0x77, 0x3a, 0x33, 0x76, 0x6b, + 0x55, 0xbd, 0xe1, 0x02, 0x21, 0xc1, 0x0d, 0x42, 0x20, 0xae, 0xf8, 0x90, 0x90, 0x90, 0xe0, 0x9e, + 0x67, 0xe0, 0x12, 0x89, 0x17, 0x40, 0x15, 0x0f, 0xc1, 0x25, 0x9a, 0x99, 0xf5, 0xee, 0xda, 0xf1, + 0x47, 0xaa, 0x26, 0xb9, 0x9b, 0x39, 0x67, 0xf6, 0x9c, 0xdf, 0xfc, 0xe7, 0xcc, 0x87, 0x0d, 0x8e, + 0x40, 0xde, 0x46, 0x5e, 0xe6, 0xc8, 0x62, 0x11, 0xc8, 0x98, 0x77, 0x72, 0x4d, 0x97, 0xf1, 0x58, + 0xc6, 0x04, 0x32, 0x4b, 0x69, 0xb1, 0x1e, 0xc7, 0xf5, 0x10, 0xcb, 0x94, 0x05, 0x65, 0x1a, 0x45, + 0xb1, 0xa4, 0x32, 0x88, 0x23, 0x61, 0x46, 0x96, 0xb6, 0xea, 0x81, 0x6c, 0xb4, 0xee, 0xb9, 0x7e, + 0xdc, 0x2c, 0x53, 0x5e, 0x8f, 0x19, 0x8f, 0xef, 0xeb, 0xc6, 0x25, 0xbf, 0x56, 0x6e, 0x57, 0xca, + 0xec, 0x41, 0x5d, 0x7d, 0x29, 0xca, 0x94, 0xb1, 0x30, 0xf0, 0xf5, 0xb7, 0xe5, 0xf6, 0x1a, 0x0d, + 0x59, 0x83, 0xae, 0x95, 0xeb, 0x18, 0x21, 0xa7, 0x12, 0x6b, 0x49, 0xb4, 0xeb, 0x63, 0xa2, 0x69, + 0xac, 0xb1, 0xf8, 0x4e, 0x07, 0xe6, 0x3c, 0x64, 0x71, 0x95, 0x31, 0xf1, 0x7e, 0x0b, 0x79, 0x87, + 0x10, 0x38, 0xa4, 0x06, 0xd9, 0xd6, 0xb2, 0xb5, 0x32, 0xe3, 0xe9, 0x36, 0x29, 0xc1, 0x34, 0xc7, + 0x76, 0x20, 0x82, 0x38, 0xb2, 0x27, 0xb4, 0x3d, 0xed, 0x13, 0x1b, 0x0e, 0x53, 0xc6, 0xde, 0xa3, + 0x4d, 0xb4, 0x27, 0xb5, 0xab, 0xdb, 0x25, 0x4b, 0x00, 0x94, 0xb1, 0xdb, 0x3c, 0xbe, 0x8f, 0xbe, + 0xb4, 0x0f, 0x69, 0x67, 0xce, 0xe2, 0xac, 0xc1, 0xe1, 0x2a, 0x63, 0x9b, 0xd1, 0x76, 0xac, 0x92, + 0xca, 0x0e, 0xc3, 0x6e, 0x52, 0xd5, 0x56, 0x36, 0x46, 0x65, 0x23, 0x49, 0xa8, 0xdb, 0xce, 0x7f, + 0x16, 0xcc, 0x27, 0xb8, 0x1b, 0x28, 0x69, 0x10, 0x26, 0xd0, 0x75, 0x28, 0x88, 0xb8, 0xc5, 0x7d, + 0x13, 0x61, 0xb6, 0x72, 0xcb, 0xcd, 0xd4, 0x71, 0xbb, 0xea, 0xe8, 0xc6, 0xa7, 0x7e, 0xcd, 0x6d, + 0x57, 0x5c, 0xf6, 0xa0, 0xee, 0x2a, 0xad, 0xdd, 0x9c, 0xd6, 0x6e, 0x57, 0x6b, 0xb7, 0x9a, 0x19, + 0xef, 0xe8, 0xb0, 0x5e, 0x12, 0x3e, 0x3f, 0xdb, 0x89, 0x51, 0xb3, 0x9d, 0xec, 0x9f, 0x2d, 0x59, + 0x86, 0x59, 0x13, 0x63, 0x33, 0xaa, 0xe1, 0x63, 0x2d, 0xc7, 0x94, 0x97, 0x37, 0x91, 0x45, 0x98, + 0x69, 0x23, 0x57, 0xa2, 0x6e, 0xd6, 0xec, 0x29, 0xed, 0xcf, 0x0c, 0xce, 0xdb, 0x50, 0xec, 0x2e, + 0x94, 0x87, 0x82, 0xc5, 0x91, 0x40, 0x72, 0x01, 0xa6, 0x02, 0x89, 0x4d, 0x61, 0x5b, 0xcb, 0x93, + 0x2b, 0xb3, 0x95, 0x79, 0x37, 0xb7, 0xbc, 0x89, 0xb4, 0x9e, 0x19, 0xe1, 0xf8, 0x30, 0xa3, 0x3e, + 0x1f, 0xbe, 0xc6, 0x0e, 0x1c, 0xd9, 0x8e, 0xd5, 0x54, 0x71, 0x9b, 0xa3, 0x30, 0xb2, 0x4f, 0x7b, + 0x3d, 0xb6, 0x71, 0x73, 0x74, 0x7e, 0x9e, 0x82, 0x63, 0x1a, 0xd2, 0xf7, 0x51, 0x8c, 0xae, 0xa7, + 0x96, 0x40, 0x1e, 0x65, 0x32, 0xa6, 0x7d, 0xe5, 0x63, 0x54, 0x88, 0x47, 0x31, 0xaf, 0x25, 0x19, + 0xd2, 0x3e, 0x39, 0x07, 0x73, 0x42, 0x34, 0x6e, 0xf3, 0xa0, 0x4d, 0x25, 0xbe, 0x8b, 0x9d, 0xa4, + 0xa8, 0x7a, 0x8d, 0x2a, 0x42, 0x10, 0x09, 0xf4, 0x5b, 0x1c, 0xb5, 0x8c, 0xd3, 0x5e, 0xda, 0x27, + 0x17, 0xe1, 0xb8, 0x0c, 0xc5, 0x7a, 0x18, 0x60, 0x24, 0xd7, 0x91, 0xcb, 0x0d, 0x2a, 0xa9, 0x5d, + 0xd0, 0x51, 0x76, 0x3a, 0xc8, 0x2a, 0x14, 0x7b, 0x8c, 0x2a, 0xe5, 0x61, 0x3d, 0x78, 0x87, 0x3d, + 0x2d, 0xe1, 0x99, 0xde, 0x12, 0xd6, 0x73, 0x04, 0x63, 0xd3, 0xf3, 0x5b, 0x84, 0x19, 0x8c, 0xe8, + 0xbd, 0x10, 0x6f, 0xf9, 0x81, 0x3d, 0xab, 0xf1, 0x32, 0x03, 0xb9, 0x0c, 0xf3, 0xa6, 0x72, 0xab, + 0x4a, 0xd5, 0x74, 0x9e, 0x47, 0x74, 0x80, 0x41, 0x2e, 0x55, 0x57, 0xa9, 0x79, 0x73, 0xc3, 0x9e, + 0x5b, 0xb6, 0x56, 0x26, 0xbd, 0xbc, 0x89, 0x5c, 0x81, 0x97, 0xb2, 0x6e, 0x24, 0x24, 0x0d, 0x43, + 0x5d, 0xda, 0x9b, 0x1b, 0xf6, 0x51, 0x3d, 0x7a, 0x98, 0x9b, 0xbc, 0x03, 0xa5, 0xd4, 0x75, 0x3d, + 0x92, 0xc8, 0x19, 0x0f, 0x04, 0x5e, 0xa3, 0x02, 0xef, 0xf2, 0xd0, 0x3e, 0xa6, 0xa1, 0x46, 0x8c, + 0x20, 0x27, 0x60, 0x8a, 0xf1, 0xf8, 0x71, 0xc7, 0x2e, 0xea, 0xa1, 0xa6, 0xa3, 0xf6, 0x10, 0x4b, + 0x4a, 0xe8, 0xb8, 0xd9, 0x43, 0x49, 0x97, 0x54, 0xe0, 0x44, 0xdd, 0x67, 0x77, 0x90, 0xb7, 0x03, + 0x1f, 0xab, 0xbe, 0x1f, 0xb7, 0x22, 0xad, 0x39, 0xd1, 0xc3, 0x06, 0xfa, 0x88, 0x0b, 0x44, 0xd7, + 0xe8, 0x4d, 0x29, 0xd9, 0x35, 0x2a, 0x02, 0xbf, 0xda, 0x92, 0x0d, 0x7b, 0x5e, 0x0b, 0x3b, 0xc0, + 0xe3, 0x1c, 0x85, 0x23, 0xaa, 0x44, 0xbb, 0x7b, 0xc8, 0xf9, 0xd5, 0x82, 0xe3, 0xca, 0xb0, 0xce, + 0x91, 0x4a, 0xf4, 0xf0, 0x61, 0x0b, 0x85, 0x24, 0x1f, 0xe7, 0xaa, 0x76, 0xb6, 0x72, 0xf3, 0xc5, + 0x8e, 0x13, 0x2f, 0xdd, 0x95, 0x49, 0xfd, 0x9f, 0x84, 0x42, 0x8b, 0x09, 0xe4, 0x32, 0xd9, 0x65, + 0x49, 0x4f, 0xd5, 0x86, 0xcf, 0xb1, 0x26, 0x6e, 0x45, 0x61, 0x47, 0x17, 0xff, 0xb4, 0x97, 0x19, + 0x9c, 0x87, 0x06, 0xf4, 0x2e, 0xab, 0x1d, 0x14, 0x68, 0xe5, 0x87, 0x93, 0x26, 0xa7, 0x31, 0x26, + 0xe2, 0x93, 0xaf, 0x2c, 0x38, 0xb4, 0x15, 0x08, 0x49, 0x16, 0xf2, 0x07, 0x4e, 0x7a, 0xbc, 0x94, + 0xb6, 0xf6, 0x8a, 0x42, 0x25, 0x71, 0xce, 0x7c, 0xf6, 0xf7, 0xbf, 0xdf, 0x4c, 0x9c, 0x24, 0x27, + 0xf4, 0xb5, 0xda, 0x5e, 0xcb, 0xee, 0xb0, 0x00, 0xc5, 0x17, 0x13, 0x16, 0xf9, 0xd2, 0x82, 0xc9, + 0x1b, 0x38, 0x94, 0x66, 0xcf, 0x34, 0x71, 0xce, 0x6a, 0x92, 0xd3, 0xe4, 0xd4, 0x20, 0x92, 0xf2, + 0x13, 0xd5, 0x7b, 0x4a, 0xbe, 0xb3, 0x60, 0xfa, 0x06, 0xca, 0x0f, 0x79, 0x20, 0x71, 0xff, 0x91, + 0x2e, 0x68, 0xa4, 0xb3, 0xe4, 0x95, 0x2e, 0xd2, 0x23, 0x95, 0xf7, 0xd2, 0x20, 0xb0, 0x6f, 0x2d, + 0x28, 0x2a, 0x41, 0xbd, 0x9c, 0xef, 0x60, 0x56, 0x70, 0x71, 0xd4, 0x0a, 0x92, 0x9f, 0x2c, 0x58, + 0x50, 0xc3, 0xb4, 0x62, 0x07, 0x0f, 0xe7, 0x68, 0xb8, 0x45, 0x52, 0x1a, 0xae, 0x20, 0xf9, 0x04, + 0xa6, 0x8d, 0x72, 0xdb, 0x43, 0xa1, 0x8a, 0xbd, 0xe6, 0x6d, 0xe1, 0xac, 0xe8, 0xc0, 0x0e, 0x59, + 0x1e, 0x51, 0x2d, 0x65, 0xae, 0x42, 0x36, 0x4d, 0x78, 0x75, 0xb5, 0x93, 0x97, 0xfb, 0xc3, 0xa7, + 0x2f, 0xb3, 0xd2, 0xe2, 0x20, 0x57, 0x7a, 0x8e, 0xed, 0x2a, 0x1d, 0x55, 0x29, 0xbe, 0xb6, 0x60, + 0xee, 0x06, 0xca, 0xec, 0x0d, 0x45, 0xce, 0x0c, 0x88, 0x9c, 0x7f, 0x5f, 0x95, 0x9c, 0xe1, 0x03, + 0x52, 0x80, 0xb7, 0x34, 0xc0, 0x1b, 0xce, 0xe5, 0xc1, 0x00, 0xe6, 0xa5, 0xa3, 0xe3, 0xdc, 0xf5, + 0xb6, 0x34, 0x4a, 0xcd, 0x44, 0xb8, 0x6a, 0xad, 0x92, 0xb6, 0x46, 0xba, 0x89, 0x61, 0x73, 0xbd, + 0x41, 0xb9, 0x1c, 0x2a, 0xf3, 0x52, 0xde, 0x9c, 0x0d, 0x4f, 0x21, 0x5c, 0x0d, 0xb1, 0x42, 0xce, + 0x8f, 0x52, 0xa1, 0x81, 0x61, 0xd3, 0x37, 0x69, 0xbe, 0xb7, 0xa0, 0x60, 0x4e, 0x7e, 0x72, 0xba, + 0x3f, 0x63, 0xcf, 0x8d, 0xb0, 0x87, 0x7b, 0xf6, 0x55, 0x53, 0x71, 0xce, 0xc0, 0xed, 0x70, 0x55, + 0x1f, 0xbc, 0xea, 0x58, 0xfb, 0xd1, 0x82, 0x62, 0x17, 0xa1, 0xfb, 0xed, 0xc1, 0x41, 0x3a, 0xe3, + 0x21, 0xc9, 0x6f, 0x16, 0x2c, 0x98, 0xfc, 0xbd, 0x7b, 0xf7, 0x00, 0x31, 0x93, 0xaa, 0x77, 0x46, + 0xec, 0xde, 0x04, 0xf6, 0x17, 0x0b, 0x0a, 0xe6, 0xea, 0xdc, 0x49, 0xd7, 0x73, 0xa5, 0xee, 0x21, + 0xdd, 0x9a, 0xa9, 0xc6, 0xd2, 0x88, 0x3d, 0xa9, 0x51, 0x9e, 0x66, 0xab, 0xfe, 0xbb, 0x05, 0xc5, + 0x2e, 0xce, 0x70, 0x39, 0xf7, 0x0b, 0xd8, 0x7d, 0x3e, 0x60, 0xf2, 0x87, 0x05, 0x0b, 0x86, 0x65, + 0x6c, 0x05, 0xec, 0x17, 0xf2, 0xeb, 0x1a, 0xd9, 0x2d, 0x9d, 0x1f, 0x77, 0x03, 0xf6, 0x80, 0x53, + 0x28, 0x6c, 0x60, 0x88, 0xc3, 0xaf, 0x68, 0xbb, 0xdf, 0x9c, 0x1e, 0x31, 0xe7, 0xcd, 0x2b, 0x60, + 0x75, 0xd4, 0x2b, 0x40, 0xad, 0x64, 0x03, 0x8a, 0x26, 0x45, 0x4e, 0x95, 0xe7, 0x4e, 0x76, 0x76, + 0x17, 0xc9, 0x88, 0x80, 0x05, 0x93, 0xa9, 0x7f, 0x11, 0x9e, 0x3b, 0x5d, 0xf2, 0x9c, 0x58, 0xdd, + 0xc5, 0x73, 0xe2, 0x09, 0x1c, 0xfd, 0x80, 0x86, 0x81, 0x5a, 0x54, 0xf3, 0x73, 0x8f, 0x9c, 0xda, + 0x71, 0x49, 0x64, 0x3f, 0x03, 0x47, 0xe4, 0xac, 0xe8, 0x9c, 0x17, 0x9d, 0x73, 0xa3, 0x8e, 0xec, + 0x76, 0x92, 0x2a, 0x59, 0xbe, 0xcf, 0x2d, 0x98, 0xef, 0x66, 0xd7, 0x93, 0x7e, 0x31, 0x84, 0x2b, + 0x1a, 0xa1, 0xe2, 0xac, 0x8e, 0x9d, 0x76, 0x1f, 0xc8, 0xb5, 0xeb, 0x7f, 0x3e, 0x5b, 0xb2, 0xfe, + 0x7a, 0xb6, 0x64, 0xfd, 0xf3, 0x6c, 0xc9, 0xfa, 0xe8, 0xcd, 0xdd, 0xfd, 0xc3, 0xe3, 0xeb, 0x1f, + 0x8e, 0xb9, 0xff, 0x62, 0xee, 0x15, 0xf4, 0x9f, 0x31, 0xaf, 0xfd, 0x1f, 0x00, 0x00, 0xff, 0xff, + 0x85, 0x4e, 0xc2, 0x40, 0x71, 0x12, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -823,8 +831,12 @@ type RepositoryServiceClient interface { List(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryList, error) // Get returns a repository or its credentials Get(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*v1alpha1.Repository, error) + // GetWrite returns a repository or its write credentials + GetWrite(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*v1alpha1.Repository, error) // ListRepositories gets a list of all configured repositories ListRepositories(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryList, error) + // ListWriteRepositories gets a list of all configured write repositories + ListWriteRepositories(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryList, error) ListRefs(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*apiclient.Refs, error) // ListApps returns list of apps in the repo ListApps(ctx context.Context, in *RepoAppsQuery, opts ...grpc.CallOption) (*RepoAppsResponse, error) @@ -836,16 +848,24 @@ type RepositoryServiceClient interface { Create(ctx context.Context, in *RepoCreateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) // CreateRepository creates a new repository configuration CreateRepository(ctx context.Context, in *RepoCreateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) + // CreateWriteRepository creates a new write repository configuration + CreateWriteRepository(ctx context.Context, in *RepoCreateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) // Update updates a repo or repo credential set Update(ctx context.Context, in *RepoUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) // UpdateRepository updates a repository configuration UpdateRepository(ctx context.Context, in *RepoUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) + // UpdateWriteRepository updates a write repository configuration + UpdateWriteRepository(ctx context.Context, in *RepoUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) // Delete deletes a repository from the configuration Delete(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*RepoResponse, error) // DeleteRepository deletes a repository from the configuration DeleteRepository(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*RepoResponse, error) + // DeleteWriteRepository deletes a write repository from the configuration + DeleteWriteRepository(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*RepoResponse, error) // ValidateAccess validates access to a repository with given parameters ValidateAccess(ctx context.Context, in *RepoAccessQuery, opts ...grpc.CallOption) (*RepoResponse, error) + // ValidateWriteAccess validates write access to a repository with given parameters + ValidateWriteAccess(ctx context.Context, in *RepoAccessQuery, opts ...grpc.CallOption) (*RepoResponse, error) } type repositoryServiceClient struct { @@ -875,6 +895,15 @@ func (c *repositoryServiceClient) Get(ctx context.Context, in *RepoQuery, opts . return out, nil } +func (c *repositoryServiceClient) GetWrite(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*v1alpha1.Repository, error) { + out := new(v1alpha1.Repository) + err := c.cc.Invoke(ctx, "/repository.RepositoryService/GetWrite", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *repositoryServiceClient) ListRepositories(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryList, error) { out := new(v1alpha1.RepositoryList) err := c.cc.Invoke(ctx, "/repository.RepositoryService/ListRepositories", in, out, opts...) @@ -884,6 +913,15 @@ func (c *repositoryServiceClient) ListRepositories(ctx context.Context, in *Repo return out, nil } +func (c *repositoryServiceClient) ListWriteRepositories(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryList, error) { + out := new(v1alpha1.RepositoryList) + err := c.cc.Invoke(ctx, "/repository.RepositoryService/ListWriteRepositories", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *repositoryServiceClient) ListRefs(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*apiclient.Refs, error) { out := new(apiclient.Refs) err := c.cc.Invoke(ctx, "/repository.RepositoryService/ListRefs", in, out, opts...) @@ -939,6 +977,15 @@ func (c *repositoryServiceClient) CreateRepository(ctx context.Context, in *Repo return out, nil } +func (c *repositoryServiceClient) CreateWriteRepository(ctx context.Context, in *RepoCreateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) { + out := new(v1alpha1.Repository) + err := c.cc.Invoke(ctx, "/repository.RepositoryService/CreateWriteRepository", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // Deprecated: Do not use. func (c *repositoryServiceClient) Update(ctx context.Context, in *RepoUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) { out := new(v1alpha1.Repository) @@ -958,6 +1005,15 @@ func (c *repositoryServiceClient) UpdateRepository(ctx context.Context, in *Repo return out, nil } +func (c *repositoryServiceClient) UpdateWriteRepository(ctx context.Context, in *RepoUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.Repository, error) { + out := new(v1alpha1.Repository) + err := c.cc.Invoke(ctx, "/repository.RepositoryService/UpdateWriteRepository", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // Deprecated: Do not use. func (c *repositoryServiceClient) Delete(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*RepoResponse, error) { out := new(RepoResponse) @@ -977,6 +1033,15 @@ func (c *repositoryServiceClient) DeleteRepository(ctx context.Context, in *Repo return out, nil } +func (c *repositoryServiceClient) DeleteWriteRepository(ctx context.Context, in *RepoQuery, opts ...grpc.CallOption) (*RepoResponse, error) { + out := new(RepoResponse) + err := c.cc.Invoke(ctx, "/repository.RepositoryService/DeleteWriteRepository", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *repositoryServiceClient) ValidateAccess(ctx context.Context, in *RepoAccessQuery, opts ...grpc.CallOption) (*RepoResponse, error) { out := new(RepoResponse) err := c.cc.Invoke(ctx, "/repository.RepositoryService/ValidateAccess", in, out, opts...) @@ -986,14 +1051,27 @@ func (c *repositoryServiceClient) ValidateAccess(ctx context.Context, in *RepoAc return out, nil } +func (c *repositoryServiceClient) ValidateWriteAccess(ctx context.Context, in *RepoAccessQuery, opts ...grpc.CallOption) (*RepoResponse, error) { + out := new(RepoResponse) + err := c.cc.Invoke(ctx, "/repository.RepositoryService/ValidateWriteAccess", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // RepositoryServiceServer is the server API for RepositoryService service. type RepositoryServiceServer interface { // List returns list of repos or repository credentials List(context.Context, *RepoQuery) (*v1alpha1.RepositoryList, error) // Get returns a repository or its credentials Get(context.Context, *RepoQuery) (*v1alpha1.Repository, error) + // GetWrite returns a repository or its write credentials + GetWrite(context.Context, *RepoQuery) (*v1alpha1.Repository, error) // ListRepositories gets a list of all configured repositories ListRepositories(context.Context, *RepoQuery) (*v1alpha1.RepositoryList, error) + // ListWriteRepositories gets a list of all configured write repositories + ListWriteRepositories(context.Context, *RepoQuery) (*v1alpha1.RepositoryList, error) ListRefs(context.Context, *RepoQuery) (*apiclient.Refs, error) // ListApps returns list of apps in the repo ListApps(context.Context, *RepoAppsQuery) (*RepoAppsResponse, error) @@ -1005,16 +1083,24 @@ type RepositoryServiceServer interface { Create(context.Context, *RepoCreateRequest) (*v1alpha1.Repository, error) // CreateRepository creates a new repository configuration CreateRepository(context.Context, *RepoCreateRequest) (*v1alpha1.Repository, error) + // CreateWriteRepository creates a new write repository configuration + CreateWriteRepository(context.Context, *RepoCreateRequest) (*v1alpha1.Repository, error) // Update updates a repo or repo credential set Update(context.Context, *RepoUpdateRequest) (*v1alpha1.Repository, error) // UpdateRepository updates a repository configuration UpdateRepository(context.Context, *RepoUpdateRequest) (*v1alpha1.Repository, error) + // UpdateWriteRepository updates a write repository configuration + UpdateWriteRepository(context.Context, *RepoUpdateRequest) (*v1alpha1.Repository, error) // Delete deletes a repository from the configuration Delete(context.Context, *RepoQuery) (*RepoResponse, error) // DeleteRepository deletes a repository from the configuration DeleteRepository(context.Context, *RepoQuery) (*RepoResponse, error) + // DeleteWriteRepository deletes a write repository from the configuration + DeleteWriteRepository(context.Context, *RepoQuery) (*RepoResponse, error) // ValidateAccess validates access to a repository with given parameters ValidateAccess(context.Context, *RepoAccessQuery) (*RepoResponse, error) + // ValidateWriteAccess validates write access to a repository with given parameters + ValidateWriteAccess(context.Context, *RepoAccessQuery) (*RepoResponse, error) } // UnimplementedRepositoryServiceServer can be embedded to have forward compatible implementations. @@ -1027,9 +1113,15 @@ func (*UnimplementedRepositoryServiceServer) List(ctx context.Context, req *Repo func (*UnimplementedRepositoryServiceServer) Get(ctx context.Context, req *RepoQuery) (*v1alpha1.Repository, error) { return nil, status.Errorf(codes.Unimplemented, "method Get not implemented") } +func (*UnimplementedRepositoryServiceServer) GetWrite(ctx context.Context, req *RepoQuery) (*v1alpha1.Repository, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetWrite not implemented") +} func (*UnimplementedRepositoryServiceServer) ListRepositories(ctx context.Context, req *RepoQuery) (*v1alpha1.RepositoryList, error) { return nil, status.Errorf(codes.Unimplemented, "method ListRepositories not implemented") } +func (*UnimplementedRepositoryServiceServer) ListWriteRepositories(ctx context.Context, req *RepoQuery) (*v1alpha1.RepositoryList, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListWriteRepositories not implemented") +} func (*UnimplementedRepositoryServiceServer) ListRefs(ctx context.Context, req *RepoQuery) (*apiclient.Refs, error) { return nil, status.Errorf(codes.Unimplemented, "method ListRefs not implemented") } @@ -1048,21 +1140,33 @@ func (*UnimplementedRepositoryServiceServer) Create(ctx context.Context, req *Re func (*UnimplementedRepositoryServiceServer) CreateRepository(ctx context.Context, req *RepoCreateRequest) (*v1alpha1.Repository, error) { return nil, status.Errorf(codes.Unimplemented, "method CreateRepository not implemented") } +func (*UnimplementedRepositoryServiceServer) CreateWriteRepository(ctx context.Context, req *RepoCreateRequest) (*v1alpha1.Repository, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateWriteRepository not implemented") +} func (*UnimplementedRepositoryServiceServer) Update(ctx context.Context, req *RepoUpdateRequest) (*v1alpha1.Repository, error) { return nil, status.Errorf(codes.Unimplemented, "method Update not implemented") } func (*UnimplementedRepositoryServiceServer) UpdateRepository(ctx context.Context, req *RepoUpdateRequest) (*v1alpha1.Repository, error) { return nil, status.Errorf(codes.Unimplemented, "method UpdateRepository not implemented") } +func (*UnimplementedRepositoryServiceServer) UpdateWriteRepository(ctx context.Context, req *RepoUpdateRequest) (*v1alpha1.Repository, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateWriteRepository not implemented") +} func (*UnimplementedRepositoryServiceServer) Delete(ctx context.Context, req *RepoQuery) (*RepoResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") } func (*UnimplementedRepositoryServiceServer) DeleteRepository(ctx context.Context, req *RepoQuery) (*RepoResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method DeleteRepository not implemented") } +func (*UnimplementedRepositoryServiceServer) DeleteWriteRepository(ctx context.Context, req *RepoQuery) (*RepoResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteWriteRepository not implemented") +} func (*UnimplementedRepositoryServiceServer) ValidateAccess(ctx context.Context, req *RepoAccessQuery) (*RepoResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ValidateAccess not implemented") } +func (*UnimplementedRepositoryServiceServer) ValidateWriteAccess(ctx context.Context, req *RepoAccessQuery) (*RepoResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ValidateWriteAccess not implemented") +} func RegisterRepositoryServiceServer(s *grpc.Server, srv RepositoryServiceServer) { s.RegisterService(&_RepositoryService_serviceDesc, srv) @@ -1104,6 +1208,24 @@ func _RepositoryService_Get_Handler(srv interface{}, ctx context.Context, dec fu return interceptor(ctx, in, info, handler) } +func _RepositoryService_GetWrite_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoQuery) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepositoryServiceServer).GetWrite(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repository.RepositoryService/GetWrite", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepositoryServiceServer).GetWrite(ctx, req.(*RepoQuery)) + } + return interceptor(ctx, in, info, handler) +} + func _RepositoryService_ListRepositories_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoQuery) if err := dec(in); err != nil { @@ -1122,6 +1244,24 @@ func _RepositoryService_ListRepositories_Handler(srv interface{}, ctx context.Co return interceptor(ctx, in, info, handler) } +func _RepositoryService_ListWriteRepositories_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoQuery) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepositoryServiceServer).ListWriteRepositories(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repository.RepositoryService/ListWriteRepositories", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepositoryServiceServer).ListWriteRepositories(ctx, req.(*RepoQuery)) + } + return interceptor(ctx, in, info, handler) +} + func _RepositoryService_ListRefs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoQuery) if err := dec(in); err != nil { @@ -1230,6 +1370,24 @@ func _RepositoryService_CreateRepository_Handler(srv interface{}, ctx context.Co return interceptor(ctx, in, info, handler) } +func _RepositoryService_CreateWriteRepository_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoCreateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepositoryServiceServer).CreateWriteRepository(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repository.RepositoryService/CreateWriteRepository", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepositoryServiceServer).CreateWriteRepository(ctx, req.(*RepoCreateRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _RepositoryService_Update_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoUpdateRequest) if err := dec(in); err != nil { @@ -1266,6 +1424,24 @@ func _RepositoryService_UpdateRepository_Handler(srv interface{}, ctx context.Co return interceptor(ctx, in, info, handler) } +func _RepositoryService_UpdateWriteRepository_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoUpdateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepositoryServiceServer).UpdateWriteRepository(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repository.RepositoryService/UpdateWriteRepository", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepositoryServiceServer).UpdateWriteRepository(ctx, req.(*RepoUpdateRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _RepositoryService_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoQuery) if err := dec(in); err != nil { @@ -1302,6 +1478,24 @@ func _RepositoryService_DeleteRepository_Handler(srv interface{}, ctx context.Co return interceptor(ctx, in, info, handler) } +func _RepositoryService_DeleteWriteRepository_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoQuery) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepositoryServiceServer).DeleteWriteRepository(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repository.RepositoryService/DeleteWriteRepository", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepositoryServiceServer).DeleteWriteRepository(ctx, req.(*RepoQuery)) + } + return interceptor(ctx, in, info, handler) +} + func _RepositoryService_ValidateAccess_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RepoAccessQuery) if err := dec(in); err != nil { @@ -1320,6 +1514,24 @@ func _RepositoryService_ValidateAccess_Handler(srv interface{}, ctx context.Cont return interceptor(ctx, in, info, handler) } +func _RepositoryService_ValidateWriteAccess_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RepoAccessQuery) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(RepositoryServiceServer).ValidateWriteAccess(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/repository.RepositoryService/ValidateWriteAccess", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(RepositoryServiceServer).ValidateWriteAccess(ctx, req.(*RepoAccessQuery)) + } + return interceptor(ctx, in, info, handler) +} + var _RepositoryService_serviceDesc = grpc.ServiceDesc{ ServiceName: "repository.RepositoryService", HandlerType: (*RepositoryServiceServer)(nil), @@ -1332,10 +1544,18 @@ var _RepositoryService_serviceDesc = grpc.ServiceDesc{ MethodName: "Get", Handler: _RepositoryService_Get_Handler, }, + { + MethodName: "GetWrite", + Handler: _RepositoryService_GetWrite_Handler, + }, { MethodName: "ListRepositories", Handler: _RepositoryService_ListRepositories_Handler, }, + { + MethodName: "ListWriteRepositories", + Handler: _RepositoryService_ListWriteRepositories_Handler, + }, { MethodName: "ListRefs", Handler: _RepositoryService_ListRefs_Handler, @@ -1360,6 +1580,10 @@ var _RepositoryService_serviceDesc = grpc.ServiceDesc{ MethodName: "CreateRepository", Handler: _RepositoryService_CreateRepository_Handler, }, + { + MethodName: "CreateWriteRepository", + Handler: _RepositoryService_CreateWriteRepository_Handler, + }, { MethodName: "Update", Handler: _RepositoryService_Update_Handler, @@ -1368,6 +1592,10 @@ var _RepositoryService_serviceDesc = grpc.ServiceDesc{ MethodName: "UpdateRepository", Handler: _RepositoryService_UpdateRepository_Handler, }, + { + MethodName: "UpdateWriteRepository", + Handler: _RepositoryService_UpdateWriteRepository_Handler, + }, { MethodName: "Delete", Handler: _RepositoryService_Delete_Handler, @@ -1376,10 +1604,18 @@ var _RepositoryService_serviceDesc = grpc.ServiceDesc{ MethodName: "DeleteRepository", Handler: _RepositoryService_DeleteRepository_Handler, }, + { + MethodName: "DeleteWriteRepository", + Handler: _RepositoryService_DeleteWriteRepository_Handler, + }, { MethodName: "ValidateAccess", Handler: _RepositoryService_ValidateAccess_Handler, }, + { + MethodName: "ValidateWriteAccess", + Handler: _RepositoryService_ValidateWriteAccess_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "server/repository/repository.proto", diff --git a/pkg/apiclient/repository/repository.pb.gw.go b/pkg/apiclient/repository/repository.pb.gw.go index da6a5a9eacb28..0a40de1928047 100644 --- a/pkg/apiclient/repository/repository.pb.gw.go +++ b/pkg/apiclient/repository/repository.pb.gw.go @@ -141,6 +141,78 @@ func local_request_RepositoryService_Get_0(ctx context.Context, marshaler runtim } +var ( + filter_RepositoryService_GetWrite_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + +func request_RepositoryService_GetWrite_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoQuery + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["repo"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "repo") + } + + protoReq.Repo, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_GetWrite_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.GetWrite(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepositoryService_GetWrite_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoQuery + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["repo"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "repo") + } + + protoReq.Repo, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_GetWrite_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.GetWrite(ctx, &protoReq) + return msg, metadata, err + +} + var ( filter_RepositoryService_ListRepositories_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} ) @@ -177,6 +249,42 @@ func local_request_RepositoryService_ListRepositories_0(ctx context.Context, mar } +var ( + filter_RepositoryService_ListWriteRepositories_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} +) + +func request_RepositoryService_ListWriteRepositories_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoQuery + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_ListWriteRepositories_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ListWriteRepositories(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepositoryService_ListWriteRepositories_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoQuery + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_ListWriteRepositories_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.ListWriteRepositories(ctx, &protoReq) + return msg, metadata, err + +} + var ( filter_RepositoryService_ListRefs_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} ) @@ -567,6 +675,58 @@ func local_request_RepositoryService_CreateRepository_0(ctx context.Context, mar } +var ( + filter_RepositoryService_CreateWriteRepository_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + +func request_RepositoryService_CreateWriteRepository_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCreateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Repo); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_CreateWriteRepository_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.CreateWriteRepository(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepositoryService_CreateWriteRepository_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoCreateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Repo); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_CreateWriteRepository_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.CreateWriteRepository(ctx, &protoReq) + return msg, metadata, err + +} + func request_RepositoryService_Update_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq RepoUpdateRequest var metadata runtime.ServerMetadata @@ -707,6 +867,76 @@ func local_request_RepositoryService_UpdateRepository_0(ctx context.Context, mar } +func request_RepositoryService_UpdateWriteRepository_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoUpdateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Repo); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["repo.repo"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "repo.repo") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "repo.repo", val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo.repo", err) + } + + msg, err := client.UpdateWriteRepository(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepositoryService_UpdateWriteRepository_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoUpdateRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Repo); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["repo.repo"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "repo.repo") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "repo.repo", val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo.repo", err) + } + + msg, err := server.UpdateWriteRepository(ctx, &protoReq) + return msg, metadata, err + +} + var ( filter_RepositoryService_Delete_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} ) @@ -808,19 +1038,179 @@ func request_RepositoryService_DeleteRepository_0(ctx context.Context, marshaler if err := req.ParseForm(); err != nil { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_DeleteRepository_0); err != nil { + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_DeleteRepository_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.DeleteRepository(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepositoryService_DeleteRepository_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoQuery + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["repo"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "repo") + } + + protoReq.Repo, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_DeleteRepository_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.DeleteRepository(ctx, &protoReq) + return msg, metadata, err + +} + +var ( + filter_RepositoryService_DeleteWriteRepository_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + +func request_RepositoryService_DeleteWriteRepository_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoQuery + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["repo"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "repo") + } + + protoReq.Repo, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_DeleteWriteRepository_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.DeleteWriteRepository(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepositoryService_DeleteWriteRepository_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoQuery + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["repo"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "repo") + } + + protoReq.Repo, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_DeleteWriteRepository_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.DeleteWriteRepository(ctx, &protoReq) + return msg, metadata, err + +} + +var ( + filter_RepositoryService_ValidateAccess_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 2, 0, 0}, Check: []int{0, 1, 2, 2}} +) + +func request_RepositoryService_ValidateAccess_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoAccessQuery + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Repo); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["repo"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "repo") + } + + protoReq.Repo, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "repo", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_ValidateAccess_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ValidateAccess(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_RepositoryService_ValidateAccess_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq RepoAccessQuery + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Repo); err != nil && err != io.EOF { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } - msg, err := client.DeleteRepository(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_RepositoryService_DeleteRepository_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq RepoQuery - var metadata runtime.ServerMetadata - var ( val string ok bool @@ -842,20 +1232,20 @@ func local_request_RepositoryService_DeleteRepository_0(ctx context.Context, mar if err := req.ParseForm(); err != nil { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_DeleteRepository_0); err != nil { + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_ValidateAccess_0); err != nil { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } - msg, err := server.DeleteRepository(ctx, &protoReq) + msg, err := server.ValidateAccess(ctx, &protoReq) return msg, metadata, err } var ( - filter_RepositoryService_ValidateAccess_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 2, 0, 0}, Check: []int{0, 1, 2, 2}} + filter_RepositoryService_ValidateWriteAccess_0 = &utilities.DoubleArray{Encoding: map[string]int{"repo": 0}, Base: []int{1, 2, 0, 0}, Check: []int{0, 1, 2, 2}} ) -func request_RepositoryService_ValidateAccess_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { +func request_RepositoryService_ValidateWriteAccess_0(ctx context.Context, marshaler runtime.Marshaler, client RepositoryServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq RepoAccessQuery var metadata runtime.ServerMetadata @@ -888,16 +1278,16 @@ func request_RepositoryService_ValidateAccess_0(ctx context.Context, marshaler r if err := req.ParseForm(); err != nil { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_ValidateAccess_0); err != nil { + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_ValidateWriteAccess_0); err != nil { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } - msg, err := client.ValidateAccess(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + msg, err := client.ValidateWriteAccess(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) return msg, metadata, err } -func local_request_RepositoryService_ValidateAccess_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { +func local_request_RepositoryService_ValidateWriteAccess_0(ctx context.Context, marshaler runtime.Marshaler, server RepositoryServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq RepoAccessQuery var metadata runtime.ServerMetadata @@ -930,11 +1320,11 @@ func local_request_RepositoryService_ValidateAccess_0(ctx context.Context, marsh if err := req.ParseForm(); err != nil { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_ValidateAccess_0); err != nil { + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_RepositoryService_ValidateWriteAccess_0); err != nil { return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) } - msg, err := server.ValidateAccess(ctx, &protoReq) + msg, err := server.ValidateWriteAccess(ctx, &protoReq) return msg, metadata, err } @@ -991,6 +1381,29 @@ func RegisterRepositoryServiceHandlerServer(ctx context.Context, mux *runtime.Se }) + mux.Handle("GET", pattern_RepositoryService_GetWrite_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepositoryService_GetWrite_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_GetWrite_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("GET", pattern_RepositoryService_ListRepositories_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1014,6 +1427,29 @@ func RegisterRepositoryServiceHandlerServer(ctx context.Context, mux *runtime.Se }) + mux.Handle("GET", pattern_RepositoryService_ListWriteRepositories_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepositoryService_ListWriteRepositories_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_ListWriteRepositories_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("GET", pattern_RepositoryService_ListRefs_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1152,6 +1588,29 @@ func RegisterRepositoryServiceHandlerServer(ctx context.Context, mux *runtime.Se }) + mux.Handle("POST", pattern_RepositoryService_CreateWriteRepository_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepositoryService_CreateWriteRepository_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_CreateWriteRepository_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("PUT", pattern_RepositoryService_Update_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1198,6 +1657,29 @@ func RegisterRepositoryServiceHandlerServer(ctx context.Context, mux *runtime.Se }) + mux.Handle("PUT", pattern_RepositoryService_UpdateWriteRepository_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepositoryService_UpdateWriteRepository_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_UpdateWriteRepository_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("DELETE", pattern_RepositoryService_Delete_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1244,6 +1726,29 @@ func RegisterRepositoryServiceHandlerServer(ctx context.Context, mux *runtime.Se }) + mux.Handle("DELETE", pattern_RepositoryService_DeleteWriteRepository_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepositoryService_DeleteWriteRepository_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_DeleteWriteRepository_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("POST", pattern_RepositoryService_ValidateAccess_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1267,6 +1772,29 @@ func RegisterRepositoryServiceHandlerServer(ctx context.Context, mux *runtime.Se }) + mux.Handle("POST", pattern_RepositoryService_ValidateWriteAccess_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_RepositoryService_ValidateWriteAccess_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_ValidateWriteAccess_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -1348,6 +1876,26 @@ func RegisterRepositoryServiceHandlerClient(ctx context.Context, mux *runtime.Se }) + mux.Handle("GET", pattern_RepositoryService_GetWrite_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepositoryService_GetWrite_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_GetWrite_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("GET", pattern_RepositoryService_ListRepositories_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1368,6 +1916,26 @@ func RegisterRepositoryServiceHandlerClient(ctx context.Context, mux *runtime.Se }) + mux.Handle("GET", pattern_RepositoryService_ListWriteRepositories_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepositoryService_ListWriteRepositories_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_ListWriteRepositories_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("GET", pattern_RepositoryService_ListRefs_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1488,6 +2056,26 @@ func RegisterRepositoryServiceHandlerClient(ctx context.Context, mux *runtime.Se }) + mux.Handle("POST", pattern_RepositoryService_CreateWriteRepository_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepositoryService_CreateWriteRepository_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_CreateWriteRepository_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("PUT", pattern_RepositoryService_Update_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1528,6 +2116,26 @@ func RegisterRepositoryServiceHandlerClient(ctx context.Context, mux *runtime.Se }) + mux.Handle("PUT", pattern_RepositoryService_UpdateWriteRepository_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepositoryService_UpdateWriteRepository_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_UpdateWriteRepository_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("DELETE", pattern_RepositoryService_Delete_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1568,6 +2176,26 @@ func RegisterRepositoryServiceHandlerClient(ctx context.Context, mux *runtime.Se }) + mux.Handle("DELETE", pattern_RepositoryService_DeleteWriteRepository_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepositoryService_DeleteWriteRepository_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_DeleteWriteRepository_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + mux.Handle("POST", pattern_RepositoryService_ValidateAccess_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -1588,6 +2216,26 @@ func RegisterRepositoryServiceHandlerClient(ctx context.Context, mux *runtime.Se }) + mux.Handle("POST", pattern_RepositoryService_ValidateWriteAccess_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_RepositoryService_ValidateWriteAccess_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_RepositoryService_ValidateWriteAccess_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -1596,8 +2244,12 @@ var ( pattern_RepositoryService_Get_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "repositories", "repo"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_GetWrite_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "write-repositories", "repo"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_ListRepositories_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "repositories"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_ListWriteRepositories_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "write-repositories"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_ListRefs_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "repositories", "repo", "refs"}, "", runtime.AssumeColonVerbOpt(true))) pattern_RepositoryService_ListApps_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "repositories", "repo", "apps"}, "", runtime.AssumeColonVerbOpt(true))) @@ -1610,15 +2262,23 @@ var ( pattern_RepositoryService_CreateRepository_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "repositories"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_CreateWriteRepository_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "write-repositories"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_Update_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "repositories", "repo.repo"}, "", runtime.AssumeColonVerbOpt(true))) pattern_RepositoryService_UpdateRepository_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "repositories", "repo.repo"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_UpdateWriteRepository_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "write-repositories", "repo.repo"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_Delete_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "repositories", "repo"}, "", runtime.AssumeColonVerbOpt(true))) pattern_RepositoryService_DeleteRepository_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "repositories", "repo"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_DeleteWriteRepository_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "write-repositories", "repo"}, "", runtime.AssumeColonVerbOpt(true))) + pattern_RepositoryService_ValidateAccess_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "repositories", "repo", "validate"}, "", runtime.AssumeColonVerbOpt(true))) + + pattern_RepositoryService_ValidateWriteAccess_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "write-repositories", "repo", "validate"}, "", runtime.AssumeColonVerbOpt(true))) ) var ( @@ -1626,8 +2286,12 @@ var ( forward_RepositoryService_Get_0 = runtime.ForwardResponseMessage + forward_RepositoryService_GetWrite_0 = runtime.ForwardResponseMessage + forward_RepositoryService_ListRepositories_0 = runtime.ForwardResponseMessage + forward_RepositoryService_ListWriteRepositories_0 = runtime.ForwardResponseMessage + forward_RepositoryService_ListRefs_0 = runtime.ForwardResponseMessage forward_RepositoryService_ListApps_0 = runtime.ForwardResponseMessage @@ -1640,13 +2304,21 @@ var ( forward_RepositoryService_CreateRepository_0 = runtime.ForwardResponseMessage + forward_RepositoryService_CreateWriteRepository_0 = runtime.ForwardResponseMessage + forward_RepositoryService_Update_0 = runtime.ForwardResponseMessage forward_RepositoryService_UpdateRepository_0 = runtime.ForwardResponseMessage + forward_RepositoryService_UpdateWriteRepository_0 = runtime.ForwardResponseMessage + forward_RepositoryService_Delete_0 = runtime.ForwardResponseMessage forward_RepositoryService_DeleteRepository_0 = runtime.ForwardResponseMessage + forward_RepositoryService_DeleteWriteRepository_0 = runtime.ForwardResponseMessage + forward_RepositoryService_ValidateAccess_0 = runtime.ForwardResponseMessage + + forward_RepositoryService_ValidateWriteAccess_0 = runtime.ForwardResponseMessage ) diff --git a/pkg/apiclient/settings/settings.pb.go b/pkg/apiclient/settings/settings.pb.go index 202228f7ef6f1..71bff2ca9edcf 100644 --- a/pkg/apiclient/settings/settings.pb.go +++ b/pkg/apiclient/settings/settings.pb.go @@ -103,6 +103,8 @@ type Settings struct { AppsInAnyNamespaceEnabled bool `protobuf:"varint,24,opt,name=appsInAnyNamespaceEnabled,proto3" json:"appsInAnyNamespaceEnabled,omitempty"` ImpersonationEnabled bool `protobuf:"varint,25,opt,name=impersonationEnabled,proto3" json:"impersonationEnabled,omitempty"` InstallationID string `protobuf:"bytes,26,opt,name=installationID,proto3" json:"installationID,omitempty"` + AdditionalURLs []string `protobuf:"bytes,27,rep,name=additionalUrls,proto3" json:"additionalUrls,omitempty"` + HydratorEnabled bool `protobuf:"varint,28,opt,name=hydratorEnabled,proto3" json:"hydratorEnabled,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -323,6 +325,20 @@ func (m *Settings) GetInstallationID() string { return "" } +func (m *Settings) GetAdditionalURLs() []string { + if m != nil { + return m.AdditionalURLs + } + return nil +} + +func (m *Settings) GetHydratorEnabled() bool { + if m != nil { + return m.HydratorEnabled + } + return false +} + type GoogleAnalyticsConfig struct { TrackingID string `protobuf:"bytes,1,opt,name=trackingID,proto3" json:"trackingID,omitempty"` AnonymizeUsers bool `protobuf:"varint,2,opt,name=anonymizeUsers,proto3" json:"anonymizeUsers,omitempty"` @@ -756,86 +772,88 @@ func init() { func init() { proto.RegisterFile("server/settings/settings.proto", fileDescriptor_a480d494da040caa) } var fileDescriptor_a480d494da040caa = []byte{ - // 1249 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0x4f, 0x6f, 0x1b, 0xb7, - 0x12, 0xc7, 0x46, 0x8e, 0x2d, 0x8d, 0xe3, 0xc8, 0x66, 0x1c, 0x67, 0x23, 0xe4, 0xd9, 0x7a, 0x3a, - 0x04, 0x7a, 0x0f, 0xed, 0x2a, 0x56, 0x50, 0xb4, 0x08, 0x1a, 0xb4, 0x91, 0x14, 0x24, 0x6a, 0x9c, - 0xc4, 0xdd, 0xc4, 0x39, 0xf4, 0x12, 0xd0, 0xab, 0xe9, 0x6a, 0xeb, 0x15, 0xb9, 0x20, 0xb9, 0x6a, - 0x94, 0x63, 0x3f, 0x40, 0x0f, 0x6d, 0x3f, 0x4d, 0xef, 0x45, 0x7b, 0x2c, 0xd0, 0xbb, 0x51, 0x08, - 0xfd, 0x20, 0x05, 0xb9, 0x7f, 0xbc, 0x5e, 0xc9, 0x69, 0x81, 0xdc, 0xc8, 0xdf, 0x6f, 0xfe, 0x71, - 0x38, 0x43, 0x0e, 0xec, 0x4a, 0x14, 0x53, 0x14, 0x1d, 0x89, 0x4a, 0x05, 0xcc, 0x97, 0xf9, 0xc2, - 0x89, 0x04, 0x57, 0x9c, 0xac, 0x79, 0x61, 0x2c, 0x15, 0x8a, 0xc6, 0xb6, 0xcf, 0x7d, 0x6e, 0xb0, - 0x8e, 0x5e, 0x25, 0x74, 0xe3, 0x96, 0xcf, 0xb9, 0x1f, 0x62, 0x87, 0x46, 0x41, 0x87, 0x32, 0xc6, - 0x15, 0x55, 0x01, 0x67, 0xa9, 0x72, 0xe3, 0xc0, 0x0f, 0xd4, 0x38, 0x3e, 0x76, 0x3c, 0x3e, 0xe9, - 0x50, 0x61, 0xd4, 0xbf, 0x31, 0x8b, 0x0f, 0xbd, 0x51, 0x67, 0xda, 0xed, 0x44, 0x27, 0xbe, 0xd6, - 0x94, 0x1d, 0x1a, 0x45, 0x61, 0xe0, 0x19, 0xdd, 0xce, 0x74, 0x9f, 0x86, 0xd1, 0x98, 0xee, 0x77, - 0x7c, 0x64, 0x28, 0xa8, 0xc2, 0x51, 0x6a, 0xed, 0xf3, 0x7f, 0xb0, 0x56, 0x3e, 0x09, 0x0f, 0x46, - 0x5e, 0xc7, 0x0b, 0x69, 0x30, 0x49, 0xe3, 0x69, 0xd5, 0x61, 0xe3, 0x45, 0xca, 0x7e, 0x19, 0xa3, - 0x98, 0xb5, 0x7e, 0xb8, 0x02, 0xd5, 0x0c, 0x21, 0x37, 0xa1, 0x12, 0x8b, 0xd0, 0xb6, 0x9a, 0x56, - 0xbb, 0xd6, 0x5b, 0x9b, 0x9f, 0xee, 0x55, 0x8e, 0xdc, 0x03, 0x57, 0x63, 0xe4, 0x0e, 0xd4, 0x46, - 0xf8, 0xa6, 0xcf, 0xd9, 0xd7, 0x81, 0x6f, 0x5f, 0x6a, 0x5a, 0xed, 0xf5, 0x2e, 0x71, 0xd2, 0xcc, - 0x38, 0x83, 0x8c, 0x71, 0xcf, 0x84, 0x48, 0x1f, 0x40, 0xfb, 0x4f, 0x55, 0x2a, 0x46, 0xe5, 0x5a, - 0xae, 0xf2, 0x7c, 0x38, 0xe8, 0x27, 0x54, 0xef, 0xea, 0xfc, 0x74, 0x0f, 0xce, 0xf6, 0x6e, 0x41, - 0x8d, 0x34, 0x61, 0x9d, 0x46, 0xd1, 0x01, 0x3d, 0xc6, 0xf0, 0x09, 0xce, 0xec, 0x15, 0x1d, 0x99, - 0x5b, 0x84, 0xc8, 0x2b, 0xd8, 0x12, 0x28, 0x79, 0x2c, 0x3c, 0x7c, 0x3e, 0x45, 0x21, 0x82, 0x11, - 0x4a, 0xfb, 0x72, 0xb3, 0xd2, 0x5e, 0xef, 0xb6, 0x73, 0x6f, 0xd9, 0x09, 0x1d, 0xb7, 0x2c, 0xfa, - 0x90, 0x29, 0x31, 0x73, 0x17, 0x4d, 0x10, 0x07, 0x88, 0x54, 0x54, 0xc5, 0xb2, 0x47, 0x47, 0x3e, - 0x3e, 0x64, 0xf4, 0x38, 0xc4, 0x91, 0xbd, 0xda, 0xb4, 0xda, 0x55, 0x77, 0x09, 0x43, 0x1e, 0x43, - 0x3d, 0xa9, 0x84, 0x07, 0x8c, 0x86, 0x33, 0x15, 0x78, 0xd2, 0x5e, 0x33, 0x67, 0xde, 0xcd, 0xa3, - 0x78, 0x74, 0x9e, 0x4f, 0x8f, 0x5b, 0x56, 0x23, 0x6f, 0x61, 0xf3, 0x24, 0x96, 0x8a, 0x4f, 0x82, - 0xb7, 0xf8, 0x3c, 0x32, 0xd5, 0x64, 0x57, 0x8d, 0xa9, 0x67, 0xce, 0x59, 0x01, 0x38, 0x59, 0x01, - 0x98, 0xc5, 0x6b, 0x6f, 0xe4, 0x4c, 0xbb, 0x4e, 0x74, 0xe2, 0x3b, 0xba, 0x9c, 0x9c, 0x42, 0x39, - 0x39, 0x59, 0x39, 0x39, 0x4f, 0x4a, 0x56, 0xdd, 0x05, 0x3f, 0xe4, 0xbf, 0xb0, 0x32, 0xc6, 0x30, - 0xb2, 0x6b, 0xc6, 0xdf, 0x46, 0x1e, 0xfa, 0x63, 0x0c, 0x23, 0xd7, 0x50, 0xe4, 0x7f, 0xb0, 0x16, - 0x85, 0xb1, 0x1f, 0x30, 0x69, 0x83, 0x49, 0x73, 0x3d, 0x97, 0x3a, 0x34, 0xb8, 0x9b, 0xf1, 0x3a, - 0x87, 0xb1, 0x44, 0x71, 0xc0, 0xf5, 0x6e, 0x10, 0xc8, 0x24, 0x87, 0xeb, 0x49, 0x0e, 0x17, 0x19, - 0xf2, 0xbd, 0x05, 0x37, 0x3c, 0x93, 0x95, 0xa7, 0x94, 0x51, 0x1f, 0x27, 0xc8, 0xd4, 0x61, 0xea, - 0xeb, 0x8a, 0xf1, 0xf5, 0xf2, 0xfd, 0x32, 0xd0, 0x5f, 0x6a, 0xdc, 0xbd, 0xc8, 0x29, 0xf9, 0x00, - 0xb6, 0xf2, 0x14, 0xbd, 0x42, 0x21, 0xcd, 0x5d, 0x6c, 0x34, 0x2b, 0xed, 0x9a, 0xbb, 0x48, 0x90, - 0x06, 0x54, 0xe3, 0xa0, 0x2f, 0xe5, 0x91, 0x7b, 0x60, 0x5f, 0x35, 0x95, 0x9a, 0xef, 0x49, 0x1b, - 0xea, 0x71, 0xd0, 0xa3, 0x8c, 0xa1, 0xe8, 0x73, 0xa6, 0x90, 0x29, 0xbb, 0x6e, 0x44, 0xca, 0xb0, - 0x2e, 0xf9, 0x0c, 0xd2, 0x86, 0x36, 0x93, 0x92, 0x2f, 0x40, 0xda, 0x56, 0x44, 0xa5, 0xfc, 0x96, - 0x8b, 0xd1, 0x21, 0x55, 0x0a, 0x05, 0xb3, 0xb7, 0x12, 0x5b, 0x25, 0x98, 0xdc, 0x86, 0xab, 0x4a, - 0x50, 0xef, 0x24, 0x60, 0xfe, 0x53, 0x54, 0x63, 0x3e, 0xb2, 0x89, 0x11, 0x2c, 0xa1, 0xfa, 0x9c, - 0x99, 0x83, 0x43, 0x14, 0x13, 0xca, 0x74, 0x7c, 0xd7, 0xcc, 0x3d, 0x2d, 0x12, 0xe4, 0xff, 0xb0, - 0x99, 0x83, 0x5c, 0x06, 0x3a, 0xc5, 0xf6, 0xb6, 0xb1, 0xbb, 0x80, 0x97, 0xda, 0xc8, 0xe5, 0x5c, - 0x1d, 0x89, 0xd0, 0xbe, 0x6e, 0xa4, 0x97, 0x30, 0xfa, 0xf4, 0xf8, 0x06, 0xbd, 0xac, 0xdf, 0x76, - 0x4c, 0x0c, 0x45, 0x88, 0xdc, 0x81, 0x6b, 0x1e, 0x67, 0x4a, 0xf0, 0x30, 0x44, 0xf1, 0x8c, 0x4e, - 0x50, 0x46, 0xd4, 0x43, 0xfb, 0x86, 0x31, 0xb9, 0x8c, 0x22, 0x9f, 0xc2, 0x4d, 0x1a, 0x45, 0x72, - 0xc8, 0x1e, 0xb0, 0x59, 0x8e, 0x66, 0x1e, 0x6c, 0xe3, 0xe1, 0x62, 0x01, 0xd2, 0x85, 0xed, 0x60, - 0x12, 0xa1, 0x90, 0x9c, 0x99, 0x6a, 0xca, 0x14, 0x6f, 0x1a, 0xc5, 0xa5, 0x9c, 0xce, 0x7b, 0xc0, - 0xa4, 0xa2, 0x61, 0x68, 0xe0, 0xe1, 0xc0, 0x6e, 0x24, 0x79, 0x3f, 0x8f, 0x36, 0x7e, 0xb2, 0x60, - 0x67, 0xf9, 0x93, 0x44, 0x36, 0xa1, 0x72, 0x82, 0xb3, 0xe4, 0x2d, 0x76, 0xf5, 0x92, 0x8c, 0xe0, - 0xf2, 0x94, 0x86, 0x31, 0xa6, 0xcf, 0xef, 0x7b, 0x3e, 0x06, 0x65, 0xb7, 0x6e, 0x62, 0xfc, 0xde, - 0xa5, 0x4f, 0xac, 0xd6, 0x6b, 0xb8, 0xbe, 0xf4, 0xad, 0x22, 0xbb, 0x00, 0x59, 0xe5, 0x0c, 0x07, - 0x69, 0x6c, 0x05, 0x44, 0x9f, 0x9b, 0x32, 0xce, 0x66, 0xba, 0x2d, 0x8e, 0x24, 0x0a, 0x69, 0x62, - 0xad, 0xba, 0x25, 0xb4, 0x35, 0x80, 0x1b, 0xd9, 0x93, 0x9c, 0xb6, 0x9a, 0x8b, 0x32, 0xe2, 0x4c, - 0x62, 0xf1, 0x79, 0xb1, 0xde, 0xfd, 0xbc, 0xb4, 0x7e, 0xb6, 0x60, 0x45, 0x3f, 0x4c, 0xc4, 0x86, - 0x35, 0x6f, 0x4c, 0x4d, 0x65, 0x25, 0x31, 0x65, 0x5b, 0xdd, 0x92, 0x7a, 0xf9, 0x12, 0xdf, 0x28, - 0x13, 0x4a, 0xcd, 0xcd, 0xf7, 0xe4, 0x3e, 0xc0, 0x71, 0xc0, 0xa8, 0x98, 0x1d, 0x89, 0x50, 0xda, - 0x15, 0xe3, 0xec, 0x3f, 0xe7, 0x5e, 0x3c, 0xa7, 0x97, 0xf3, 0xc9, 0x3f, 0x51, 0x50, 0x68, 0xdc, - 0x87, 0x7a, 0x89, 0x5e, 0x72, 0x67, 0xdb, 0xc5, 0x3b, 0xab, 0x15, 0x73, 0x7c, 0x0b, 0x56, 0x93, - 0xf3, 0x10, 0x02, 0x2b, 0x8c, 0x4e, 0x30, 0x55, 0x33, 0xeb, 0xd6, 0x67, 0x50, 0xcb, 0x3f, 0x55, - 0xd2, 0x05, 0xf0, 0x38, 0x63, 0xe8, 0x29, 0x2e, 0xb2, 0xac, 0x9c, 0x7d, 0xbe, 0xfd, 0x8c, 0x72, - 0x0b, 0x52, 0xad, 0xbb, 0x50, 0xcb, 0x89, 0x65, 0x1e, 0x34, 0xa6, 0x66, 0x51, 0x16, 0x98, 0x59, - 0xb7, 0x7e, 0xa9, 0x40, 0xe1, 0x23, 0x5e, 0xaa, 0xb6, 0x03, 0xab, 0x81, 0x94, 0x31, 0x8a, 0x54, - 0x31, 0xdd, 0x91, 0x36, 0x54, 0xbd, 0x30, 0x40, 0xa6, 0x86, 0x03, 0xf3, 0xd7, 0xd7, 0x7a, 0x57, - 0xe6, 0xa7, 0x7b, 0xd5, 0x7e, 0x8a, 0xb9, 0x39, 0x4b, 0xf6, 0x61, 0xdd, 0x0b, 0x83, 0x8c, 0x48, - 0xbe, 0xf4, 0x5e, 0x7d, 0x7e, 0xba, 0xb7, 0xde, 0x3f, 0x18, 0xe6, 0xf2, 0x45, 0x19, 0xed, 0x54, - 0x7a, 0x3c, 0x4a, 0x3f, 0xf6, 0x9a, 0x9b, 0xee, 0xc8, 0x6b, 0xd8, 0x08, 0x46, 0x2f, 0xf9, 0x09, - 0xb2, 0xbe, 0x19, 0x72, 0xec, 0x55, 0x93, 0x9b, 0xdb, 0x4b, 0xa6, 0x0c, 0x67, 0x58, 0x14, 0x34, - 0xd7, 0xd5, 0xdb, 0x9a, 0x9f, 0xee, 0x6d, 0x0c, 0x07, 0x05, 0xdc, 0x3d, 0x6f, 0x8f, 0xdc, 0x03, - 0x1b, 0x4d, 0x4b, 0x1f, 0x3e, 0xe9, 0x3f, 0x7c, 0x10, 0xab, 0x31, 0x32, 0x95, 0x76, 0x92, 0xf9, - 0xdd, 0xab, 0xee, 0x85, 0x7c, 0x63, 0x06, 0x64, 0xd1, 0xe7, 0x92, 0x12, 0x79, 0x7a, 0xbe, 0xad, - 0x3f, 0x7e, 0x67, 0x5b, 0x27, 0x13, 0x9e, 0x93, 0x8f, 0xa8, 0x7a, 0x54, 0x72, 0x8c, 0xfd, 0x42, - 0x6d, 0x75, 0x7f, 0xb5, 0xa0, 0x9e, 0xf5, 0xd7, 0x0b, 0x14, 0xd3, 0xc0, 0x43, 0xf2, 0x05, 0x54, - 0x1e, 0xa1, 0x22, 0x3b, 0x0b, 0x33, 0x91, 0x99, 0x03, 0x1b, 0x5b, 0x0b, 0x78, 0xcb, 0xfe, 0xee, - 0x8f, 0xbf, 0x7e, 0xbc, 0x44, 0xc8, 0xa6, 0x99, 0x6d, 0xa7, 0xfb, 0xf9, 0x5c, 0x49, 0xc6, 0x00, - 0x8f, 0x30, 0xff, 0x24, 0x2f, 0x32, 0xd9, 0x5c, 0xc0, 0x4b, 0xbd, 0xde, 0x6a, 0x1a, 0x0f, 0x0d, - 0x62, 0x97, 0x3d, 0x74, 0xd2, 0x16, 0xef, 0xf5, 0x7f, 0x9b, 0xef, 0x5a, 0xbf, 0xcf, 0x77, 0xad, - 0x3f, 0xe7, 0xbb, 0xd6, 0x57, 0x1f, 0xfd, 0xbb, 0x69, 0x3a, 0x29, 0xb5, 0xdc, 0xd8, 0xf1, 0xaa, - 0x99, 0x7d, 0xef, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x99, 0x28, 0x60, 0x2e, 0xea, 0x0b, 0x00, - 0x00, + // 1293 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0xcd, 0x6e, 0x1b, 0xb7, + 0x16, 0xc6, 0x44, 0x8e, 0x2d, 0x1d, 0xc7, 0x96, 0xcd, 0x38, 0xce, 0x44, 0x37, 0xd7, 0xd6, 0xd5, + 0x22, 0xd0, 0xbd, 0xb8, 0x1d, 0xc5, 0x0a, 0x8a, 0x16, 0x41, 0x83, 0xd6, 0x92, 0x82, 0x44, 0x8d, + 0x92, 0xb8, 0x4c, 0x9c, 0x45, 0x37, 0x01, 0x3d, 0xc3, 0x8e, 0xa6, 0x1e, 0x91, 0x03, 0x92, 0xa3, + 0x46, 0x59, 0xf6, 0x01, 0xba, 0x69, 0x9f, 0xa6, 0xfb, 0xa2, 0x5d, 0x16, 0xe8, 0xde, 0x28, 0x84, + 0x3e, 0x44, 0x97, 0x05, 0x39, 0x3f, 0x1e, 0x8f, 0xe4, 0xb4, 0x40, 0x76, 0xe4, 0xf7, 0x9d, 0x3f, + 0x1e, 0x9e, 0x43, 0x1e, 0xd8, 0x93, 0x54, 0x4c, 0xa9, 0xe8, 0x48, 0xaa, 0x54, 0xc0, 0x7c, 0x99, + 0x2f, 0x9c, 0x48, 0x70, 0xc5, 0xd1, 0x9a, 0x1b, 0xc6, 0x52, 0x51, 0xd1, 0xd8, 0xf1, 0xb9, 0xcf, + 0x0d, 0xd6, 0xd1, 0xab, 0x84, 0x6e, 0xdc, 0xf6, 0x39, 0xf7, 0x43, 0xda, 0x21, 0x51, 0xd0, 0x21, + 0x8c, 0x71, 0x45, 0x54, 0xc0, 0x59, 0xaa, 0xdc, 0x18, 0xf9, 0x81, 0x1a, 0xc7, 0x27, 0x8e, 0xcb, + 0x27, 0x1d, 0x22, 0x8c, 0xfa, 0xd7, 0x66, 0xf1, 0x81, 0xeb, 0x75, 0xa6, 0xdd, 0x4e, 0x74, 0xea, + 0x6b, 0x4d, 0xd9, 0x21, 0x51, 0x14, 0x06, 0xae, 0xd1, 0xed, 0x4c, 0x0f, 0x48, 0x18, 0x8d, 0xc9, + 0x41, 0xc7, 0xa7, 0x8c, 0x0a, 0xa2, 0xa8, 0x97, 0x5a, 0xfb, 0xec, 0x6f, 0xac, 0x95, 0x4f, 0xc2, + 0x03, 0xcf, 0xed, 0xb8, 0x21, 0x09, 0x26, 0x69, 0x3c, 0xad, 0x3a, 0x6c, 0xbc, 0x48, 0xd9, 0x2f, + 0x62, 0x2a, 0x66, 0xad, 0x3f, 0xaf, 0x41, 0x35, 0x43, 0xd0, 0x2d, 0xa8, 0xc4, 0x22, 0xb4, 0xad, + 0xa6, 0xd5, 0xae, 0xf5, 0xd6, 0xe6, 0x67, 0xfb, 0x95, 0x63, 0x3c, 0xc2, 0x1a, 0x43, 0x77, 0xa1, + 0xe6, 0xd1, 0x37, 0x7d, 0xce, 0xbe, 0x0a, 0x7c, 0xfb, 0x4a, 0xd3, 0x6a, 0xaf, 0x77, 0x91, 0x93, + 0x66, 0xc6, 0x19, 0x64, 0x0c, 0x3e, 0x17, 0x42, 0x7d, 0x00, 0xed, 0x3f, 0x55, 0xa9, 0x18, 0x95, + 0xeb, 0xb9, 0xca, 0xf3, 0xe1, 0xa0, 0x9f, 0x50, 0xbd, 0xcd, 0xf9, 0xd9, 0x3e, 0x9c, 0xef, 0x71, + 0x41, 0x0d, 0x35, 0x61, 0x9d, 0x44, 0xd1, 0x88, 0x9c, 0xd0, 0xf0, 0x09, 0x9d, 0xd9, 0x2b, 0x3a, + 0x32, 0x5c, 0x84, 0xd0, 0x2b, 0xd8, 0x16, 0x54, 0xf2, 0x58, 0xb8, 0xf4, 0xf9, 0x94, 0x0a, 0x11, + 0x78, 0x54, 0xda, 0x57, 0x9b, 0x95, 0xf6, 0x7a, 0xb7, 0x9d, 0x7b, 0xcb, 0x4e, 0xe8, 0xe0, 0xb2, + 0xe8, 0x43, 0xa6, 0xc4, 0x0c, 0x2f, 0x9a, 0x40, 0x0e, 0x20, 0xa9, 0x88, 0x8a, 0x65, 0x8f, 0x78, + 0x3e, 0x7d, 0xc8, 0xc8, 0x49, 0x48, 0x3d, 0x7b, 0xb5, 0x69, 0xb5, 0xab, 0x78, 0x09, 0x83, 0x1e, + 0x43, 0x3d, 0xa9, 0x84, 0x43, 0x46, 0xc2, 0x99, 0x0a, 0x5c, 0x69, 0xaf, 0x99, 0x33, 0xef, 0xe5, + 0x51, 0x3c, 0xba, 0xc8, 0xa7, 0xc7, 0x2d, 0xab, 0xa1, 0xb7, 0xb0, 0x75, 0x1a, 0x4b, 0xc5, 0x27, + 0xc1, 0x5b, 0xfa, 0x3c, 0x32, 0xd5, 0x64, 0x57, 0x8d, 0xa9, 0x67, 0xce, 0x79, 0x01, 0x38, 0x59, + 0x01, 0x98, 0xc5, 0x6b, 0xd7, 0x73, 0xa6, 0x5d, 0x27, 0x3a, 0xf5, 0x1d, 0x5d, 0x4e, 0x4e, 0xa1, + 0x9c, 0x9c, 0xac, 0x9c, 0x9c, 0x27, 0x25, 0xab, 0x78, 0xc1, 0x0f, 0xfa, 0x0f, 0xac, 0x8c, 0x69, + 0x18, 0xd9, 0x35, 0xe3, 0x6f, 0x23, 0x0f, 0xfd, 0x31, 0x0d, 0x23, 0x6c, 0x28, 0xf4, 0x5f, 0x58, + 0x8b, 0xc2, 0xd8, 0x0f, 0x98, 0xb4, 0xc1, 0xa4, 0xb9, 0x9e, 0x4b, 0x1d, 0x19, 0x1c, 0x67, 0xbc, + 0xce, 0x61, 0x2c, 0xa9, 0x18, 0x71, 0xbd, 0x1b, 0x04, 0x32, 0xc9, 0xe1, 0x7a, 0x92, 0xc3, 0x45, + 0x06, 0x7d, 0x67, 0xc1, 0x4d, 0xd7, 0x64, 0xe5, 0x29, 0x61, 0xc4, 0xa7, 0x13, 0xca, 0xd4, 0x51, + 0xea, 0xeb, 0x9a, 0xf1, 0xf5, 0xf2, 0xfd, 0x32, 0xd0, 0x5f, 0x6a, 0x1c, 0x5f, 0xe6, 0x14, 0xfd, + 0x1f, 0xb6, 0xf3, 0x14, 0xbd, 0xa2, 0x42, 0x9a, 0xbb, 0xd8, 0x68, 0x56, 0xda, 0x35, 0xbc, 0x48, + 0xa0, 0x06, 0x54, 0xe3, 0xa0, 0x2f, 0xe5, 0x31, 0x1e, 0xd9, 0x9b, 0xa6, 0x52, 0xf3, 0x3d, 0x6a, + 0x43, 0x3d, 0x0e, 0x7a, 0x84, 0x31, 0x2a, 0xfa, 0x9c, 0x29, 0xca, 0x94, 0x5d, 0x37, 0x22, 0x65, + 0x58, 0x97, 0x7c, 0x06, 0x69, 0x43, 0x5b, 0x49, 0xc9, 0x17, 0x20, 0x6d, 0x2b, 0x22, 0x52, 0x7e, + 0xc3, 0x85, 0x77, 0x44, 0x94, 0xa2, 0x82, 0xd9, 0xdb, 0x89, 0xad, 0x12, 0x8c, 0xee, 0xc0, 0xa6, + 0x12, 0xc4, 0x3d, 0x0d, 0x98, 0xff, 0x94, 0xaa, 0x31, 0xf7, 0x6c, 0x64, 0x04, 0x4b, 0xa8, 0x3e, + 0x67, 0xe6, 0xe0, 0x88, 0x8a, 0x09, 0x61, 0x3a, 0xbe, 0xeb, 0xe6, 0x9e, 0x16, 0x09, 0xf4, 0x3f, + 0xd8, 0xca, 0x41, 0x2e, 0x03, 0x9d, 0x62, 0x7b, 0xc7, 0xd8, 0x5d, 0xc0, 0x4b, 0x6d, 0x84, 0x39, + 0x57, 0xc7, 0x22, 0xb4, 0x6f, 0x18, 0xe9, 0x25, 0x8c, 0x3e, 0x3d, 0x7d, 0x43, 0xdd, 0xac, 0xdf, + 0x76, 0x4d, 0x0c, 0x45, 0x08, 0xdd, 0x85, 0xeb, 0x2e, 0x67, 0x4a, 0xf0, 0x30, 0xa4, 0xe2, 0x19, + 0x99, 0x50, 0x19, 0x11, 0x97, 0xda, 0x37, 0x8d, 0xc9, 0x65, 0x14, 0xfa, 0x04, 0x6e, 0x91, 0x28, + 0x92, 0x43, 0x76, 0xc8, 0x66, 0x39, 0x9a, 0x79, 0xb0, 0x8d, 0x87, 0xcb, 0x05, 0x50, 0x17, 0x76, + 0x82, 0x49, 0x44, 0x85, 0xe4, 0xcc, 0x54, 0x53, 0xa6, 0x78, 0xcb, 0x28, 0x2e, 0xe5, 0x74, 0xde, + 0x03, 0x26, 0x15, 0x09, 0x43, 0x03, 0x0f, 0x07, 0x76, 0x23, 0xc9, 0xfb, 0x45, 0x14, 0xdd, 0x87, + 0x4d, 0xe2, 0x79, 0x26, 0x53, 0x24, 0x3c, 0x16, 0xa1, 0xb4, 0xff, 0xa5, 0x8b, 0xab, 0x87, 0xe6, + 0x67, 0xfb, 0x9b, 0x87, 0xe7, 0x0c, 0x1e, 0x49, 0x5c, 0x92, 0xd4, 0x55, 0x30, 0x9e, 0x79, 0x82, + 0x28, 0x2e, 0xb2, 0x90, 0x6e, 0x9b, 0x90, 0xca, 0x70, 0xe3, 0x07, 0x0b, 0x76, 0x97, 0x3f, 0x7c, + 0x68, 0x0b, 0x2a, 0xa7, 0x74, 0x96, 0xbc, 0xf8, 0x58, 0x2f, 0x91, 0x07, 0x57, 0xa7, 0x24, 0x8c, + 0x69, 0xfa, 0xc8, 0xbf, 0xe7, 0x93, 0x53, 0x76, 0x8b, 0x13, 0xe3, 0xf7, 0xaf, 0x7c, 0x6c, 0xb5, + 0x5e, 0xc3, 0x8d, 0xa5, 0x2f, 0x22, 0xda, 0x03, 0xc8, 0xea, 0x73, 0x38, 0x48, 0x63, 0x2b, 0x20, + 0x3a, 0xbb, 0x84, 0x71, 0x36, 0xd3, 0xcd, 0x77, 0x2c, 0xa9, 0x90, 0x26, 0xd6, 0x2a, 0x2e, 0xa1, + 0xad, 0x01, 0xdc, 0xcc, 0x1e, 0xfe, 0xb4, 0xa1, 0x31, 0x95, 0x11, 0x67, 0x92, 0x16, 0x1f, 0x31, + 0xeb, 0xdd, 0x8f, 0x58, 0xeb, 0x47, 0x0b, 0x56, 0xf4, 0xf3, 0x87, 0x6c, 0x58, 0x73, 0xc7, 0xc4, + 0xd4, 0x6f, 0x12, 0x53, 0xb6, 0xd5, 0x8d, 0xaf, 0x97, 0x2f, 0xe9, 0x1b, 0x65, 0x42, 0xa9, 0xe1, + 0x7c, 0x8f, 0x1e, 0x00, 0x9c, 0x04, 0x8c, 0x88, 0x99, 0xb9, 0xde, 0x8a, 0x71, 0xf6, 0xef, 0x0b, + 0xef, 0xaa, 0xd3, 0xcb, 0xf9, 0xe4, 0x37, 0x2a, 0x28, 0x34, 0x1e, 0x40, 0xbd, 0x44, 0x2f, 0xb9, + 0xb3, 0x9d, 0xe2, 0x9d, 0xd5, 0x8a, 0x39, 0xbe, 0x0d, 0xab, 0xc9, 0x79, 0x10, 0x82, 0x15, 0x46, + 0x26, 0x34, 0x55, 0x33, 0xeb, 0xd6, 0xa7, 0x50, 0xcb, 0xbf, 0x6e, 0xd4, 0x05, 0x70, 0x39, 0x63, + 0xd4, 0x55, 0x5c, 0x64, 0x59, 0x39, 0xff, 0xe2, 0xfb, 0x19, 0x85, 0x0b, 0x52, 0xad, 0x7b, 0x50, + 0xcb, 0x89, 0x65, 0x1e, 0x34, 0xa6, 0x66, 0x51, 0x16, 0x98, 0x59, 0xb7, 0x7e, 0xaa, 0x40, 0xe1, + 0xbb, 0x5f, 0xaa, 0xb6, 0x0b, 0xab, 0x81, 0x94, 0x31, 0x15, 0xa9, 0x62, 0xba, 0x43, 0x6d, 0xa8, + 0xba, 0x61, 0x40, 0x99, 0x1a, 0x0e, 0xcc, 0x44, 0x51, 0xeb, 0x5d, 0x9b, 0x9f, 0xed, 0x57, 0xfb, + 0x29, 0x86, 0x73, 0x16, 0x1d, 0xc0, 0xba, 0x1b, 0x06, 0x19, 0x91, 0x0c, 0x0e, 0xbd, 0xfa, 0xfc, + 0x6c, 0x7f, 0xbd, 0x3f, 0x1a, 0xe6, 0xf2, 0x45, 0x19, 0xed, 0x54, 0xba, 0x3c, 0x4a, 0xc7, 0x87, + 0x1a, 0x4e, 0x77, 0xe8, 0x35, 0x6c, 0x04, 0xde, 0x4b, 0x7e, 0x4a, 0x59, 0xdf, 0x8c, 0x52, 0xf6, + 0xaa, 0xc9, 0xcd, 0x9d, 0x25, 0xb3, 0x8c, 0x33, 0x2c, 0x0a, 0x9a, 0xeb, 0xea, 0x6d, 0xcf, 0xcf, + 0xf6, 0x37, 0x86, 0x83, 0x02, 0x8e, 0x2f, 0xda, 0x43, 0xf7, 0xc1, 0xa6, 0xa6, 0x55, 0x8f, 0x9e, + 0xf4, 0x1f, 0x1e, 0xc6, 0x6a, 0x4c, 0x99, 0x4a, 0x3b, 0xc9, 0xcc, 0x10, 0x55, 0x7c, 0x29, 0xdf, + 0x98, 0x01, 0x5a, 0xf4, 0xb9, 0xa4, 0x44, 0x9e, 0x5e, 0x6c, 0xeb, 0x8f, 0xde, 0xd9, 0xd6, 0xc9, + 0x1c, 0xe9, 0xe4, 0x83, 0xb0, 0x1e, 0xc8, 0x1c, 0x63, 0xbf, 0x50, 0x5b, 0xdd, 0x9f, 0x2d, 0xa8, + 0x67, 0xfd, 0xf5, 0x82, 0x8a, 0x69, 0xe0, 0x52, 0xf4, 0x39, 0x54, 0x1e, 0x51, 0x85, 0x76, 0x17, + 0x26, 0x2f, 0x33, 0x6d, 0x36, 0xb6, 0x17, 0xf0, 0x96, 0xfd, 0xed, 0x6f, 0x7f, 0x7c, 0x7f, 0x05, + 0xa1, 0x2d, 0x33, 0x41, 0x4f, 0x0f, 0xf2, 0xe9, 0x15, 0x8d, 0x01, 0x1e, 0xd1, 0xfc, 0x2b, 0xbe, + 0xcc, 0x64, 0x73, 0x01, 0x2f, 0xf5, 0x7a, 0xab, 0x69, 0x3c, 0x34, 0x90, 0x5d, 0xf6, 0xd0, 0x49, + 0x5b, 0xbc, 0xd7, 0xff, 0x65, 0xbe, 0x67, 0xfd, 0x3a, 0xdf, 0xb3, 0x7e, 0x9f, 0xef, 0x59, 0x5f, + 0x7e, 0xf8, 0xcf, 0x66, 0xf6, 0xa4, 0xd4, 0x72, 0x63, 0x27, 0xab, 0x66, 0xc2, 0xbe, 0xf7, 0x57, + 0x00, 0x00, 0x00, 0xff, 0xff, 0x57, 0xdb, 0xcf, 0xcf, 0x50, 0x0c, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1009,6 +1027,29 @@ func (m *Settings) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.HydratorEnabled { + i-- + if m.HydratorEnabled { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xe0 + } + if len(m.AdditionalURLs) > 0 { + for iNdEx := len(m.AdditionalURLs) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.AdditionalURLs[iNdEx]) + copy(dAtA[i:], m.AdditionalURLs[iNdEx]) + i = encodeVarintSettings(dAtA, i, uint64(len(m.AdditionalURLs[iNdEx]))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xda + } + } if len(m.InstallationID) > 0 { i -= len(m.InstallationID) copy(dAtA[i:], m.InstallationID) @@ -1797,6 +1838,15 @@ func (m *Settings) Size() (n int) { if l > 0 { n += 2 + l + sovSettings(uint64(l)) } + if len(m.AdditionalURLs) > 0 { + for _, s := range m.AdditionalURLs { + l = len(s) + n += 2 + l + sovSettings(uint64(l)) + } + } + if m.HydratorEnabled { + n += 3 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2939,6 +2989,58 @@ func (m *Settings) Unmarshal(dAtA []byte) error { } m.InstallationID = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 27: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AdditionalURLs", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowSettings + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthSettings + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthSettings + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AdditionalURLs = append(m.AdditionalURLs, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 28: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field HydratorEnabled", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowSettings + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.HydratorEnabled = bool(v != 0) default: iNdEx = preIndex skippy, err := skipSettings(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/application_annotations.go b/pkg/apis/application/v1alpha1/application_annotations.go index 2c5e4ac3f8b7c..6395b5dbee494 100644 --- a/pkg/apis/application/v1alpha1/application_annotations.go +++ b/pkg/apis/application/v1alpha1/application_annotations.go @@ -4,6 +4,8 @@ const ( // AnnotationKeyRefresh is the annotation key which indicates that app needs to be refreshed. Removed by application controller after app is refreshed. // Might take values 'normal'/'hard'. Value 'hard' means manifest cache and target cluster state cache should be invalidated before refresh. AnnotationKeyRefresh string = "argocd.argoproj.io/refresh" + // AnnotationKeyHydrate is the annotation key which indicates that app needs to be hydrated. Removed by application controller after app is hydrated. + AnnotationKeyHydrate string = "argocd.argoproj.io/hydrate" // AnnotationKeyManifestGeneratePaths is an annotation that contains a list of semicolon-separated paths in the // manifests repository that affects the manifest generation. Paths might be either relative or absolute. The diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 929dcb1e0c6c8..bdb2368203f3b 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -1665,10 +1665,38 @@ func (m *ConnectionState) XXX_DiscardUnknown() { var xxx_messageInfo_ConnectionState proto.InternalMessageInfo +func (m *DrySource) Reset() { *m = DrySource{} } +func (*DrySource) ProtoMessage() {} +func (*DrySource) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{58} +} +func (m *DrySource) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *DrySource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *DrySource) XXX_Merge(src proto.Message) { + xxx_messageInfo_DrySource.Merge(m, src) +} +func (m *DrySource) XXX_Size() int { + return m.Size() +} +func (m *DrySource) XXX_DiscardUnknown() { + xxx_messageInfo_DrySource.DiscardUnknown(m) +} + +var xxx_messageInfo_DrySource proto.InternalMessageInfo + func (m *DuckTypeGenerator) Reset() { *m = DuckTypeGenerator{} } func (*DuckTypeGenerator) ProtoMessage() {} func (*DuckTypeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{58} + return fileDescriptor_030104ce3b95bcac, []int{59} } func (m *DuckTypeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1696,7 +1724,7 @@ var xxx_messageInfo_DuckTypeGenerator proto.InternalMessageInfo func (m *EnvEntry) Reset() { *m = EnvEntry{} } func (*EnvEntry) ProtoMessage() {} func (*EnvEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{59} + return fileDescriptor_030104ce3b95bcac, []int{60} } func (m *EnvEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1724,7 +1752,7 @@ var xxx_messageInfo_EnvEntry proto.InternalMessageInfo func (m *ErrApplicationNotAllowedToUseProject) Reset() { *m = ErrApplicationNotAllowedToUseProject{} } func (*ErrApplicationNotAllowedToUseProject) ProtoMessage() {} func (*ErrApplicationNotAllowedToUseProject) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{60} + return fileDescriptor_030104ce3b95bcac, []int{61} } func (m *ErrApplicationNotAllowedToUseProject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1752,7 +1780,7 @@ var xxx_messageInfo_ErrApplicationNotAllowedToUseProject proto.InternalMessageIn func (m *ExecProviderConfig) Reset() { *m = ExecProviderConfig{} } func (*ExecProviderConfig) ProtoMessage() {} func (*ExecProviderConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{61} + return fileDescriptor_030104ce3b95bcac, []int{62} } func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1780,7 +1808,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo func (m *GitDirectoryGeneratorItem) Reset() { *m = GitDirectoryGeneratorItem{} } func (*GitDirectoryGeneratorItem) ProtoMessage() {} func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{62} + return fileDescriptor_030104ce3b95bcac, []int{63} } func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1808,7 +1836,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo func (m *GitFileGeneratorItem) Reset() { *m = GitFileGeneratorItem{} } func (*GitFileGeneratorItem) ProtoMessage() {} func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{63} + return fileDescriptor_030104ce3b95bcac, []int{64} } func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1836,7 +1864,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo func (m *GitGenerator) Reset() { *m = GitGenerator{} } func (*GitGenerator) ProtoMessage() {} func (*GitGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{64} + return fileDescriptor_030104ce3b95bcac, []int{65} } func (m *GitGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1864,7 +1892,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo func (m *GnuPGPublicKey) Reset() { *m = GnuPGPublicKey{} } func (*GnuPGPublicKey) ProtoMessage() {} func (*GnuPGPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{65} + return fileDescriptor_030104ce3b95bcac, []int{66} } func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1892,7 +1920,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo func (m *GnuPGPublicKeyList) Reset() { *m = GnuPGPublicKeyList{} } func (*GnuPGPublicKeyList) ProtoMessage() {} func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1920,7 +1948,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo func (m *HealthStatus) Reset() { *m = HealthStatus{} } func (*HealthStatus) ProtoMessage() {} func (*HealthStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *HealthStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1948,7 +1976,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo func (m *HelmFileParameter) Reset() { *m = HelmFileParameter{} } func (*HelmFileParameter) ProtoMessage() {} func (*HelmFileParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1976,7 +2004,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo func (m *HelmOptions) Reset() { *m = HelmOptions{} } func (*HelmOptions) ProtoMessage() {} func (*HelmOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *HelmOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2004,7 +2032,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo func (m *HelmParameter) Reset() { *m = HelmParameter{} } func (*HelmParameter) ProtoMessage() {} func (*HelmParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *HelmParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2032,7 +2060,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo func (m *HostInfo) Reset() { *m = HostInfo{} } func (*HostInfo) ProtoMessage() {} func (*HostInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *HostInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2060,7 +2088,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo func (m *HostResourceInfo) Reset() { *m = HostResourceInfo{} } func (*HostResourceInfo) ProtoMessage() {} func (*HostResourceInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2085,10 +2113,66 @@ func (m *HostResourceInfo) XXX_DiscardUnknown() { var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo +func (m *HydrateOperation) Reset() { *m = HydrateOperation{} } +func (*HydrateOperation) ProtoMessage() {} +func (*HydrateOperation) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{74} +} +func (m *HydrateOperation) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *HydrateOperation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *HydrateOperation) XXX_Merge(src proto.Message) { + xxx_messageInfo_HydrateOperation.Merge(m, src) +} +func (m *HydrateOperation) XXX_Size() int { + return m.Size() +} +func (m *HydrateOperation) XXX_DiscardUnknown() { + xxx_messageInfo_HydrateOperation.DiscardUnknown(m) +} + +var xxx_messageInfo_HydrateOperation proto.InternalMessageInfo + +func (m *HydrateTo) Reset() { *m = HydrateTo{} } +func (*HydrateTo) ProtoMessage() {} +func (*HydrateTo) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{75} +} +func (m *HydrateTo) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *HydrateTo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *HydrateTo) XXX_Merge(src proto.Message) { + xxx_messageInfo_HydrateTo.Merge(m, src) +} +func (m *HydrateTo) XXX_Size() int { + return m.Size() +} +func (m *HydrateTo) XXX_DiscardUnknown() { + xxx_messageInfo_HydrateTo.DiscardUnknown(m) +} + +var xxx_messageInfo_HydrateTo proto.InternalMessageInfo + func (m *Info) Reset() { *m = Info{} } func (*Info) ProtoMessage() {} func (*Info) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *Info) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2116,7 +2200,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo func (m *InfoItem) Reset() { *m = InfoItem{} } func (*InfoItem) ProtoMessage() {} func (*InfoItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *InfoItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2144,7 +2228,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo func (m *JWTToken) Reset() { *m = JWTToken{} } func (*JWTToken) ProtoMessage() {} func (*JWTToken) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *JWTToken) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2172,7 +2256,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo func (m *JWTTokens) Reset() { *m = JWTTokens{} } func (*JWTTokens) ProtoMessage() {} func (*JWTTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *JWTTokens) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2200,7 +2284,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo func (m *JsonnetVar) Reset() { *m = JsonnetVar{} } func (*JsonnetVar) ProtoMessage() {} func (*JsonnetVar) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *JsonnetVar) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2228,7 +2312,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo func (m *KnownTypeField) Reset() { *m = KnownTypeField{} } func (*KnownTypeField) ProtoMessage() {} func (*KnownTypeField) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *KnownTypeField) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2256,7 +2340,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo func (m *KustomizeGvk) Reset() { *m = KustomizeGvk{} } func (*KustomizeGvk) ProtoMessage() {} func (*KustomizeGvk) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *KustomizeGvk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2284,7 +2368,7 @@ var xxx_messageInfo_KustomizeGvk proto.InternalMessageInfo func (m *KustomizeOptions) Reset() { *m = KustomizeOptions{} } func (*KustomizeOptions) ProtoMessage() {} func (*KustomizeOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2312,7 +2396,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo func (m *KustomizePatch) Reset() { *m = KustomizePatch{} } func (*KustomizePatch) ProtoMessage() {} func (*KustomizePatch) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *KustomizePatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2340,7 +2424,7 @@ var xxx_messageInfo_KustomizePatch proto.InternalMessageInfo func (m *KustomizeReplica) Reset() { *m = KustomizeReplica{} } func (*KustomizeReplica) ProtoMessage() {} func (*KustomizeReplica) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *KustomizeReplica) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2368,7 +2452,7 @@ var xxx_messageInfo_KustomizeReplica proto.InternalMessageInfo func (m *KustomizeResId) Reset() { *m = KustomizeResId{} } func (*KustomizeResId) ProtoMessage() {} func (*KustomizeResId) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *KustomizeResId) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2396,7 +2480,7 @@ var xxx_messageInfo_KustomizeResId proto.InternalMessageInfo func (m *KustomizeSelector) Reset() { *m = KustomizeSelector{} } func (*KustomizeSelector) ProtoMessage() {} func (*KustomizeSelector) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *KustomizeSelector) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2424,7 +2508,7 @@ var xxx_messageInfo_KustomizeSelector proto.InternalMessageInfo func (m *ListGenerator) Reset() { *m = ListGenerator{} } func (*ListGenerator) ProtoMessage() {} func (*ListGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *ListGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2452,7 +2536,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } func (*ManagedNamespaceMetadata) ProtoMessage() {} func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{89} } func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2480,7 +2564,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{90} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2508,7 +2592,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2536,7 +2620,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2564,7 +2648,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2592,7 +2676,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2620,7 +2704,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2648,7 +2732,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2676,7 +2760,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OptionalArray) Reset() { *m = OptionalArray{} } func (*OptionalArray) ProtoMessage() {} func (*OptionalArray) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *OptionalArray) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2704,7 +2788,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo func (m *OptionalMap) Reset() { *m = OptionalMap{} } func (*OptionalMap) ProtoMessage() {} func (*OptionalMap) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *OptionalMap) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2732,7 +2816,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2760,7 +2844,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2788,7 +2872,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2816,7 +2900,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo func (m *PluginConfigMapRef) Reset() { *m = PluginConfigMapRef{} } func (*PluginConfigMapRef) ProtoMessage() {} func (*PluginConfigMapRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2844,7 +2928,7 @@ var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo func (m *PluginGenerator) Reset() { *m = PluginGenerator{} } func (*PluginGenerator) ProtoMessage() {} func (*PluginGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *PluginGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2872,7 +2956,7 @@ var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo func (m *PluginInput) Reset() { *m = PluginInput{} } func (*PluginInput) ProtoMessage() {} func (*PluginInput) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *PluginInput) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2900,7 +2984,7 @@ var xxx_messageInfo_PluginInput proto.InternalMessageInfo func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2928,7 +3012,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2956,7 +3040,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorAzureDevOps) Reset() { *m = PullRequestGeneratorAzureDevOps{} } func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {} func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2984,7 +3068,7 @@ var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucket) Reset() { *m = PullRequestGeneratorBitbucket{} } func (*PullRequestGeneratorBitbucket) ProtoMessage() {} func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3012,7 +3096,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3040,7 +3124,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3068,7 +3152,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3096,7 +3180,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3124,7 +3208,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3152,7 +3236,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3180,7 +3264,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3208,7 +3292,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3236,7 +3320,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3264,7 +3348,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3292,7 +3376,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3320,7 +3404,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3348,7 +3432,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3376,7 +3460,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3404,7 +3488,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3432,7 +3516,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3460,7 +3544,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3488,7 +3572,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3516,7 +3600,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3544,7 +3628,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3572,7 +3656,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3600,7 +3684,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3628,7 +3712,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3656,7 +3740,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3684,7 +3768,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3712,7 +3796,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3740,7 +3824,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3768,7 +3852,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3796,7 +3880,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3824,7 +3908,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3852,7 +3936,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{139} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3880,7 +3964,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{140} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3908,7 +3992,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{138} + return fileDescriptor_030104ce3b95bcac, []int{141} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3936,7 +4020,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{139} + return fileDescriptor_030104ce3b95bcac, []int{142} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3964,7 +4048,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{140} + return fileDescriptor_030104ce3b95bcac, []int{143} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3992,7 +4076,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{141} + return fileDescriptor_030104ce3b95bcac, []int{144} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4020,7 +4104,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{142} + return fileDescriptor_030104ce3b95bcac, []int{145} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4048,7 +4132,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{143} + return fileDescriptor_030104ce3b95bcac, []int{146} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4073,10 +4157,94 @@ func (m *SignatureKey) XXX_DiscardUnknown() { var xxx_messageInfo_SignatureKey proto.InternalMessageInfo +func (m *SourceHydrator) Reset() { *m = SourceHydrator{} } +func (*SourceHydrator) ProtoMessage() {} +func (*SourceHydrator) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{147} +} +func (m *SourceHydrator) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SourceHydrator) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *SourceHydrator) XXX_Merge(src proto.Message) { + xxx_messageInfo_SourceHydrator.Merge(m, src) +} +func (m *SourceHydrator) XXX_Size() int { + return m.Size() +} +func (m *SourceHydrator) XXX_DiscardUnknown() { + xxx_messageInfo_SourceHydrator.DiscardUnknown(m) +} + +var xxx_messageInfo_SourceHydrator proto.InternalMessageInfo + +func (m *SourceHydratorStatus) Reset() { *m = SourceHydratorStatus{} } +func (*SourceHydratorStatus) ProtoMessage() {} +func (*SourceHydratorStatus) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{148} +} +func (m *SourceHydratorStatus) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SourceHydratorStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *SourceHydratorStatus) XXX_Merge(src proto.Message) { + xxx_messageInfo_SourceHydratorStatus.Merge(m, src) +} +func (m *SourceHydratorStatus) XXX_Size() int { + return m.Size() +} +func (m *SourceHydratorStatus) XXX_DiscardUnknown() { + xxx_messageInfo_SourceHydratorStatus.DiscardUnknown(m) +} + +var xxx_messageInfo_SourceHydratorStatus proto.InternalMessageInfo + +func (m *SuccessfulHydrateOperation) Reset() { *m = SuccessfulHydrateOperation{} } +func (*SuccessfulHydrateOperation) ProtoMessage() {} +func (*SuccessfulHydrateOperation) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{149} +} +func (m *SuccessfulHydrateOperation) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SuccessfulHydrateOperation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *SuccessfulHydrateOperation) XXX_Merge(src proto.Message) { + xxx_messageInfo_SuccessfulHydrateOperation.Merge(m, src) +} +func (m *SuccessfulHydrateOperation) XXX_Size() int { + return m.Size() +} +func (m *SuccessfulHydrateOperation) XXX_DiscardUnknown() { + xxx_messageInfo_SuccessfulHydrateOperation.DiscardUnknown(m) +} + +var xxx_messageInfo_SuccessfulHydrateOperation proto.InternalMessageInfo + func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{144} + return fileDescriptor_030104ce3b95bcac, []int{150} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4104,7 +4272,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{145} + return fileDescriptor_030104ce3b95bcac, []int{151} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4132,7 +4300,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{146} + return fileDescriptor_030104ce3b95bcac, []int{152} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4160,7 +4328,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{147} + return fileDescriptor_030104ce3b95bcac, []int{153} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4188,7 +4356,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{148} + return fileDescriptor_030104ce3b95bcac, []int{154} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4213,10 +4381,38 @@ func (m *SyncPolicyAutomated) XXX_DiscardUnknown() { var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo +func (m *SyncSource) Reset() { *m = SyncSource{} } +func (*SyncSource) ProtoMessage() {} +func (*SyncSource) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{155} +} +func (m *SyncSource) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *SyncSource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *SyncSource) XXX_Merge(src proto.Message) { + xxx_messageInfo_SyncSource.Merge(m, src) +} +func (m *SyncSource) XXX_Size() int { + return m.Size() +} +func (m *SyncSource) XXX_DiscardUnknown() { + xxx_messageInfo_SyncSource.DiscardUnknown(m) +} + +var xxx_messageInfo_SyncSource proto.InternalMessageInfo + func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{149} + return fileDescriptor_030104ce3b95bcac, []int{156} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4244,7 +4440,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{150} + return fileDescriptor_030104ce3b95bcac, []int{157} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4272,7 +4468,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{151} + return fileDescriptor_030104ce3b95bcac, []int{158} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4300,7 +4496,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{152} + return fileDescriptor_030104ce3b95bcac, []int{159} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4328,7 +4524,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{153} + return fileDescriptor_030104ce3b95bcac, []int{160} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4356,7 +4552,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{154} + return fileDescriptor_030104ce3b95bcac, []int{161} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4384,7 +4580,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo func (m *TagFilter) Reset() { *m = TagFilter{} } func (*TagFilter) ProtoMessage() {} func (*TagFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{155} + return fileDescriptor_030104ce3b95bcac, []int{162} } func (m *TagFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4476,6 +4672,7 @@ func init() { proto.RegisterType((*ConfigManagementPlugin)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConfigManagementPlugin") proto.RegisterType((*ConfigMapKeyRef)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConfigMapKeyRef") proto.RegisterType((*ConnectionState)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ConnectionState") + proto.RegisterType((*DrySource)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.DrySource") proto.RegisterType((*DuckTypeGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.DuckTypeGenerator") proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.DuckTypeGenerator.ValuesEntry") proto.RegisterType((*EnvEntry)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.EnvEntry") @@ -4494,6 +4691,8 @@ func init() { proto.RegisterType((*HelmParameter)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HelmParameter") proto.RegisterType((*HostInfo)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HostInfo") proto.RegisterType((*HostResourceInfo)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HostResourceInfo") + proto.RegisterType((*HydrateOperation)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HydrateOperation") + proto.RegisterType((*HydrateTo)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HydrateTo") proto.RegisterType((*Info)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Info") proto.RegisterType((*InfoItem)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.InfoItem") proto.RegisterType((*JWTToken)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.JWTToken") @@ -4574,11 +4773,15 @@ func init() { proto.RegisterType((*SCMProviderGeneratorGitlab)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SCMProviderGeneratorGitlab") proto.RegisterType((*SecretRef)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SecretRef") proto.RegisterType((*SignatureKey)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SignatureKey") + proto.RegisterType((*SourceHydrator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SourceHydrator") + proto.RegisterType((*SourceHydratorStatus)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SourceHydratorStatus") + proto.RegisterType((*SuccessfulHydrateOperation)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SuccessfulHydrateOperation") proto.RegisterType((*SyncOperation)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncOperation") proto.RegisterType((*SyncOperationResource)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncOperationResource") proto.RegisterType((*SyncOperationResult)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncOperationResult") proto.RegisterType((*SyncPolicy)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncPolicy") proto.RegisterType((*SyncPolicyAutomated)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncPolicyAutomated") + proto.RegisterType((*SyncSource)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncSource") proto.RegisterType((*SyncStatus)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncStatus") proto.RegisterType((*SyncStrategy)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncStrategy") proto.RegisterType((*SyncStrategyApply)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.SyncStrategyApply") @@ -4593,726 +4796,749 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 11498 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6f, 0x70, 0x1c, 0xc9, - 0x75, 0x18, 0xae, 0xd9, 0xc5, 0x02, 0xbb, 0x0f, 0xff, 0x88, 0x26, 0x79, 0x87, 0xa3, 0x78, 0x07, - 0x7a, 0x4e, 0x3e, 0x9d, 0x7f, 0xba, 0x03, 0x7c, 0xf4, 0x9d, 0x7c, 0x3f, 0x9d, 0x25, 0x19, 0x7f, - 0x48, 0x10, 0x24, 0x40, 0xe0, 0x1a, 0x20, 0x29, 0x9d, 0x7c, 0x3a, 0x0d, 0x66, 0x1b, 0x8b, 0x21, - 0x66, 0x67, 0xf6, 0x66, 0x66, 0x41, 0xe0, 0x2c, 0xc9, 0x92, 0x25, 0xd9, 0x72, 0xf4, 0xe7, 0x14, - 0x29, 0x55, 0x39, 0x27, 0x96, 0x22, 0x5b, 0x4e, 0x2a, 0xa9, 0x94, 0x2a, 0x4a, 0xf2, 0x21, 0x4e, - 0xd9, 0x2e, 0x57, 0xec, 0x94, 0x4b, 0x89, 0x93, 0xb2, 0xa3, 0x52, 0x59, 0x4a, 0x62, 0x23, 0x12, - 0xe3, 0x94, 0x5d, 0xf9, 0xe0, 0xaa, 0x38, 0xf9, 0x90, 0x62, 0xfc, 0x21, 0xd5, 0xff, 0x7b, 0x66, - 0x67, 0x81, 0x05, 0x31, 0x20, 0x29, 0xe5, 0xbe, 0xed, 0xf6, 0x7b, 0xf3, 0x5e, 0x4f, 0x4f, 0xf7, - 0x7b, 0xaf, 0x5f, 0xbf, 0xf7, 0x1a, 0x16, 0x1b, 0x5e, 0xb2, 0xd9, 0x5e, 0x9f, 0x74, 0xc3, 0xe6, - 0x94, 0x13, 0x35, 0xc2, 0x56, 0x14, 0xde, 0x64, 0x3f, 0x9e, 0x76, 0xeb, 0x53, 0xdb, 0xe7, 0xa7, - 0x5a, 0x5b, 0x8d, 0x29, 0xa7, 0xe5, 0xc5, 0x53, 0x4e, 0xab, 0xe5, 0x7b, 0xae, 0x93, 0x78, 0x61, - 0x30, 0xb5, 0xfd, 0x8c, 0xe3, 0xb7, 0x36, 0x9d, 0x67, 0xa6, 0x1a, 0x24, 0x20, 0x91, 0x93, 0x90, - 0xfa, 0x64, 0x2b, 0x0a, 0x93, 0x10, 0xfd, 0x94, 0xa6, 0x36, 0x29, 0xa9, 0xb1, 0x1f, 0xaf, 0xb8, - 0xf5, 0xc9, 0xed, 0xf3, 0x93, 0xad, 0xad, 0xc6, 0x24, 0xa5, 0x36, 0x69, 0x50, 0x9b, 0x94, 0xd4, - 0xce, 0x3c, 0x6d, 0xf4, 0xa5, 0x11, 0x36, 0xc2, 0x29, 0x46, 0x74, 0xbd, 0xbd, 0xc1, 0xfe, 0xb1, - 0x3f, 0xec, 0x17, 0x67, 0x76, 0xc6, 0xde, 0x7a, 0x3e, 0x9e, 0xf4, 0x42, 0xda, 0xbd, 0x29, 0x37, - 0x8c, 0xc8, 0xd4, 0x76, 0x47, 0x87, 0xce, 0x5c, 0xd2, 0x38, 0x64, 0x27, 0x21, 0x41, 0xec, 0x85, - 0x41, 0xfc, 0x34, 0xed, 0x02, 0x89, 0xb6, 0x49, 0x64, 0xbe, 0x9e, 0x81, 0x90, 0x47, 0xe9, 0x59, - 0x4d, 0xa9, 0xe9, 0xb8, 0x9b, 0x5e, 0x40, 0xa2, 0x5d, 0xfd, 0x78, 0x93, 0x24, 0x4e, 0xde, 0x53, - 0x53, 0xdd, 0x9e, 0x8a, 0xda, 0x41, 0xe2, 0x35, 0x49, 0xc7, 0x03, 0xef, 0x3c, 0xe8, 0x81, 0xd8, - 0xdd, 0x24, 0x4d, 0xa7, 0xe3, 0xb9, 0x9f, 0xe8, 0xf6, 0x5c, 0x3b, 0xf1, 0xfc, 0x29, 0x2f, 0x48, - 0xe2, 0x24, 0xca, 0x3e, 0x64, 0xff, 0x8a, 0x05, 0xc3, 0xd3, 0x37, 0x56, 0xa7, 0xdb, 0xc9, 0xe6, - 0x6c, 0x18, 0x6c, 0x78, 0x0d, 0xf4, 0x1c, 0x0c, 0xba, 0x7e, 0x3b, 0x4e, 0x48, 0x74, 0xd5, 0x69, - 0x92, 0x71, 0xeb, 0x9c, 0xf5, 0x64, 0x6d, 0xe6, 0xe4, 0x37, 0xf7, 0x26, 0xde, 0x72, 0x7b, 0x6f, - 0x62, 0x70, 0x56, 0x83, 0xb0, 0x89, 0x87, 0x7e, 0x0c, 0x06, 0xa2, 0xd0, 0x27, 0xd3, 0xf8, 0xea, - 0x78, 0x89, 0x3d, 0x32, 0x2a, 0x1e, 0x19, 0xc0, 0xbc, 0x19, 0x4b, 0x38, 0x45, 0x6d, 0x45, 0xe1, - 0x86, 0xe7, 0x93, 0xf1, 0x72, 0x1a, 0x75, 0x85, 0x37, 0x63, 0x09, 0xb7, 0xff, 0xb8, 0x04, 0x30, - 0xdd, 0x6a, 0xad, 0x44, 0xe1, 0x4d, 0xe2, 0x26, 0xe8, 0x43, 0x50, 0xa5, 0xc3, 0x5c, 0x77, 0x12, - 0x87, 0x75, 0x6c, 0xf0, 0xfc, 0x8f, 0x4f, 0xf2, 0xb7, 0x9e, 0x34, 0xdf, 0x5a, 0x4f, 0x32, 0x8a, - 0x3d, 0xb9, 0xfd, 0xcc, 0xe4, 0xf2, 0x3a, 0x7d, 0x7e, 0x89, 0x24, 0xce, 0x0c, 0x12, 0xcc, 0x40, - 0xb7, 0x61, 0x45, 0x15, 0x05, 0xd0, 0x17, 0xb7, 0x88, 0xcb, 0xde, 0x61, 0xf0, 0xfc, 0xe2, 0xe4, - 0x51, 0x66, 0xf3, 0xa4, 0xee, 0xf9, 0x6a, 0x8b, 0xb8, 0x33, 0x43, 0x82, 0x73, 0x1f, 0xfd, 0x87, - 0x19, 0x1f, 0xb4, 0x0d, 0xfd, 0x71, 0xe2, 0x24, 0xed, 0x98, 0x0d, 0xc5, 0xe0, 0xf9, 0xab, 0x85, - 0x71, 0x64, 0x54, 0x67, 0x46, 0x04, 0xcf, 0x7e, 0xfe, 0x1f, 0x0b, 0x6e, 0xf6, 0x9f, 0x5a, 0x30, - 0xa2, 0x91, 0x17, 0xbd, 0x38, 0x41, 0x3f, 0xd3, 0x31, 0xb8, 0x93, 0xbd, 0x0d, 0x2e, 0x7d, 0x9a, - 0x0d, 0xed, 0x09, 0xc1, 0xac, 0x2a, 0x5b, 0x8c, 0x81, 0x6d, 0x42, 0xc5, 0x4b, 0x48, 0x33, 0x1e, - 0x2f, 0x9d, 0x2b, 0x3f, 0x39, 0x78, 0xfe, 0x52, 0x51, 0xef, 0x39, 0x33, 0x2c, 0x98, 0x56, 0x16, - 0x28, 0x79, 0xcc, 0xb9, 0xd8, 0x7f, 0x35, 0x6c, 0xbe, 0x1f, 0x1d, 0x70, 0xf4, 0x0c, 0x0c, 0xc6, - 0x61, 0x3b, 0x72, 0x09, 0x26, 0xad, 0x30, 0x1e, 0xb7, 0xce, 0x95, 0xe9, 0xd4, 0xa3, 0x93, 0x7a, - 0x55, 0x37, 0x63, 0x13, 0x07, 0x7d, 0xde, 0x82, 0xa1, 0x3a, 0x89, 0x13, 0x2f, 0x60, 0xfc, 0x65, - 0xe7, 0xd7, 0x8e, 0xdc, 0x79, 0xd9, 0x38, 0xa7, 0x89, 0xcf, 0x9c, 0x12, 0x2f, 0x32, 0x64, 0x34, - 0xc6, 0x38, 0xc5, 0x9f, 0x2e, 0xce, 0x3a, 0x89, 0xdd, 0xc8, 0x6b, 0xd1, 0xff, 0x62, 0xf9, 0xa8, - 0xc5, 0x39, 0xa7, 0x41, 0xd8, 0xc4, 0x43, 0x01, 0x54, 0xe8, 0xe2, 0x8b, 0xc7, 0xfb, 0x58, 0xff, - 0x17, 0x8e, 0xd6, 0x7f, 0x31, 0xa8, 0x74, 0x5d, 0xeb, 0xd1, 0xa7, 0xff, 0x62, 0xcc, 0xd9, 0xa0, - 0xcf, 0x59, 0x30, 0x2e, 0x84, 0x03, 0x26, 0x7c, 0x40, 0x6f, 0x6c, 0x7a, 0x09, 0xf1, 0xbd, 0x38, - 0x19, 0xaf, 0xb0, 0x3e, 0x4c, 0xf5, 0x36, 0xb7, 0xe6, 0xa3, 0xb0, 0xdd, 0xba, 0xe2, 0x05, 0xf5, - 0x99, 0x73, 0x82, 0xd3, 0xf8, 0x6c, 0x17, 0xc2, 0xb8, 0x2b, 0x4b, 0xf4, 0x25, 0x0b, 0xce, 0x04, - 0x4e, 0x93, 0xc4, 0x2d, 0x87, 0x7e, 0x5a, 0x0e, 0x9e, 0xf1, 0x1d, 0x77, 0x8b, 0xf5, 0xa8, 0xff, - 0xee, 0x7a, 0x64, 0x8b, 0x1e, 0x9d, 0xb9, 0xda, 0x95, 0x34, 0xde, 0x87, 0x2d, 0xfa, 0x9a, 0x05, - 0x63, 0x61, 0xd4, 0xda, 0x74, 0x02, 0x52, 0x97, 0xd0, 0x78, 0x7c, 0x80, 0x2d, 0xbd, 0x0f, 0x1e, - 0xed, 0x13, 0x2d, 0x67, 0xc9, 0x2e, 0x85, 0x81, 0x97, 0x84, 0xd1, 0x2a, 0x49, 0x12, 0x2f, 0x68, - 0xc4, 0x33, 0xa7, 0x6f, 0xef, 0x4d, 0x8c, 0x75, 0x60, 0xe1, 0xce, 0xfe, 0xa0, 0x9f, 0x85, 0xc1, - 0x78, 0x37, 0x70, 0x6f, 0x78, 0x41, 0x3d, 0xbc, 0x15, 0x8f, 0x57, 0x8b, 0x58, 0xbe, 0xab, 0x8a, - 0xa0, 0x58, 0x80, 0x9a, 0x01, 0x36, 0xb9, 0xe5, 0x7f, 0x38, 0x3d, 0x95, 0x6a, 0x45, 0x7f, 0x38, - 0x3d, 0x99, 0xf6, 0x61, 0x8b, 0x7e, 0xd1, 0x82, 0xe1, 0xd8, 0x6b, 0x04, 0x4e, 0xd2, 0x8e, 0xc8, - 0x15, 0xb2, 0x1b, 0x8f, 0x03, 0xeb, 0xc8, 0xe5, 0x23, 0x8e, 0x8a, 0x41, 0x72, 0xe6, 0xb4, 0xe8, - 0xe3, 0xb0, 0xd9, 0x1a, 0xe3, 0x34, 0xdf, 0xbc, 0x85, 0xa6, 0xa7, 0xf5, 0x60, 0xb1, 0x0b, 0x4d, - 0x4f, 0xea, 0xae, 0x2c, 0xd1, 0x4f, 0xc3, 0x09, 0xde, 0xa4, 0x46, 0x36, 0x1e, 0x1f, 0x62, 0x82, - 0xf6, 0xd4, 0xed, 0xbd, 0x89, 0x13, 0xab, 0x19, 0x18, 0xee, 0xc0, 0x46, 0xaf, 0xc2, 0x44, 0x8b, - 0x44, 0x4d, 0x2f, 0x59, 0x0e, 0xfc, 0x5d, 0x29, 0xbe, 0xdd, 0xb0, 0x45, 0xea, 0xa2, 0x3b, 0xf1, - 0xf8, 0xf0, 0x39, 0xeb, 0xc9, 0xea, 0xcc, 0xdb, 0x45, 0x37, 0x27, 0x56, 0xf6, 0x47, 0xc7, 0x07, - 0xd1, 0x43, 0xbf, 0x6f, 0xc1, 0x19, 0x43, 0xca, 0xae, 0x92, 0x68, 0xdb, 0x73, 0xc9, 0xb4, 0xeb, - 0x86, 0xed, 0x20, 0x89, 0xc7, 0x47, 0xd8, 0x30, 0xae, 0x1f, 0x87, 0xcc, 0x4f, 0xb3, 0xd2, 0xf3, - 0xb2, 0x2b, 0x4a, 0x8c, 0xf7, 0xe9, 0xa9, 0xfd, 0x6f, 0x4a, 0x70, 0x22, 0x6b, 0x01, 0xa0, 0x7f, - 0x60, 0xc1, 0xe8, 0xcd, 0x5b, 0xc9, 0x5a, 0xb8, 0x45, 0x82, 0x78, 0x66, 0x97, 0xca, 0x69, 0xa6, - 0xfb, 0x06, 0xcf, 0xbb, 0xc5, 0xda, 0x1a, 0x93, 0x97, 0xd3, 0x5c, 0x2e, 0x04, 0x49, 0xb4, 0x3b, - 0xf3, 0xb0, 0x78, 0xa7, 0xd1, 0xcb, 0x37, 0xd6, 0x4c, 0x28, 0xce, 0x76, 0xea, 0xcc, 0x67, 0x2c, - 0x38, 0x95, 0x47, 0x02, 0x9d, 0x80, 0xf2, 0x16, 0xd9, 0xe5, 0x96, 0x28, 0xa6, 0x3f, 0xd1, 0xcb, - 0x50, 0xd9, 0x76, 0xfc, 0x36, 0x11, 0x66, 0xda, 0xfc, 0xd1, 0x5e, 0x44, 0xf5, 0x0c, 0x73, 0xaa, - 0xef, 0x2a, 0x3d, 0x6f, 0xd9, 0x7f, 0x58, 0x86, 0x41, 0xe3, 0xa3, 0xdd, 0x03, 0xd3, 0x33, 0x4c, - 0x99, 0x9e, 0x4b, 0x85, 0xcd, 0xb7, 0xae, 0xb6, 0xe7, 0xad, 0x8c, 0xed, 0xb9, 0x5c, 0x1c, 0xcb, - 0x7d, 0x8d, 0x4f, 0x94, 0x40, 0x2d, 0x6c, 0xd1, 0x6d, 0x08, 0xb5, 0x61, 0xfa, 0x8a, 0xf8, 0x84, - 0xcb, 0x92, 0xdc, 0xcc, 0xf0, 0xed, 0xbd, 0x89, 0x9a, 0xfa, 0x8b, 0x35, 0x23, 0xfb, 0x3b, 0x16, - 0x9c, 0x32, 0xfa, 0x38, 0x1b, 0x06, 0x75, 0x8f, 0x7d, 0xda, 0x73, 0xd0, 0x97, 0xec, 0xb6, 0xe4, - 0x56, 0x47, 0x8d, 0xd4, 0xda, 0x6e, 0x8b, 0x60, 0x06, 0xa1, 0x3b, 0x96, 0x26, 0x89, 0x63, 0xa7, - 0x41, 0xb2, 0x9b, 0x9b, 0x25, 0xde, 0x8c, 0x25, 0x1c, 0x45, 0x80, 0x7c, 0x27, 0x4e, 0xd6, 0x22, - 0x27, 0x88, 0x19, 0xf9, 0x35, 0xaf, 0x49, 0xc4, 0x00, 0xff, 0x7f, 0xbd, 0xcd, 0x18, 0xfa, 0xc4, - 0xcc, 0x43, 0xb7, 0xf7, 0x26, 0xd0, 0x62, 0x07, 0x25, 0x9c, 0x43, 0xdd, 0xfe, 0x92, 0x05, 0x0f, - 0xe5, 0x0b, 0x18, 0xf4, 0x04, 0xf4, 0xf3, 0x7d, 0xae, 0x78, 0x3b, 0xfd, 0x49, 0x58, 0x2b, 0x16, - 0x50, 0x34, 0x05, 0x35, 0xa5, 0xf0, 0xc4, 0x3b, 0x8e, 0x09, 0xd4, 0x9a, 0xd6, 0x92, 0x1a, 0x87, - 0x0e, 0x1a, 0xfd, 0x23, 0x4c, 0x50, 0x35, 0x68, 0x6c, 0x63, 0xc8, 0x20, 0xf6, 0xb7, 0x2d, 0x78, - 0x5b, 0x2f, 0x62, 0xef, 0xf8, 0xfa, 0xb8, 0x0a, 0xa7, 0xeb, 0x64, 0xc3, 0x69, 0xfb, 0x49, 0x9a, - 0xa3, 0xe8, 0xf4, 0xa3, 0xe2, 0xe1, 0xd3, 0x73, 0x79, 0x48, 0x38, 0xff, 0x59, 0xfb, 0xbf, 0x58, - 0x30, 0x6a, 0xbc, 0xd6, 0x3d, 0xd8, 0x3a, 0x05, 0xe9, 0xad, 0xd3, 0x42, 0x61, 0xcb, 0xb4, 0xcb, - 0xde, 0xe9, 0x73, 0x16, 0x9c, 0x31, 0xb0, 0x96, 0x9c, 0xc4, 0xdd, 0xbc, 0xb0, 0xd3, 0x8a, 0x48, - 0x1c, 0xd3, 0x29, 0xf5, 0xa8, 0x21, 0x8e, 0x67, 0x06, 0x05, 0x85, 0xf2, 0x15, 0xb2, 0xcb, 0x65, - 0xf3, 0x53, 0x50, 0xe5, 0x6b, 0x2e, 0x8c, 0xc4, 0x47, 0x52, 0xef, 0xb6, 0x2c, 0xda, 0xb1, 0xc2, - 0x40, 0x36, 0xf4, 0x33, 0x99, 0x4b, 0x65, 0x10, 0x35, 0x13, 0x80, 0x7e, 0xf7, 0xeb, 0xac, 0x05, - 0x0b, 0x88, 0x1d, 0xa7, 0xba, 0xb3, 0x12, 0x11, 0x36, 0x1f, 0xea, 0x17, 0x3d, 0xe2, 0xd7, 0x63, - 0xba, 0xad, 0x73, 0x82, 0x20, 0x4c, 0xc4, 0x0e, 0xcd, 0xd8, 0xd6, 0x4d, 0xeb, 0x66, 0x6c, 0xe2, - 0x50, 0xa6, 0xbe, 0xb3, 0x4e, 0x7c, 0x3e, 0xa2, 0x82, 0xe9, 0x22, 0x6b, 0xc1, 0x02, 0x62, 0xdf, - 0x2e, 0xb1, 0x0d, 0xa4, 0x92, 0x68, 0xe4, 0x5e, 0x78, 0x1f, 0xa2, 0x94, 0x0a, 0x58, 0x29, 0x4e, - 0x1e, 0x93, 0xee, 0x1e, 0x88, 0xd7, 0x32, 0x5a, 0x00, 0x17, 0xca, 0x75, 0x7f, 0x2f, 0xc4, 0xc7, - 0xca, 0x30, 0x91, 0x7e, 0xa0, 0x43, 0x89, 0xd0, 0x2d, 0xaf, 0xc1, 0x28, 0xeb, 0x8f, 0x32, 0xf0, - 0xb1, 0x89, 0xd7, 0x45, 0x0e, 0x97, 0x8e, 0x53, 0x0e, 0x9b, 0x6a, 0xa2, 0x7c, 0x80, 0x9a, 0x78, - 0x42, 0x8d, 0x7a, 0x5f, 0x46, 0xe6, 0xa5, 0x55, 0xe5, 0x39, 0xe8, 0x8b, 0x13, 0xd2, 0x1a, 0xaf, - 0xa4, 0xc5, 0xec, 0x6a, 0x42, 0x5a, 0x98, 0x41, 0xd0, 0xbb, 0x61, 0x34, 0x71, 0xa2, 0x06, 0x49, - 0x22, 0xb2, 0xed, 0x31, 0xdf, 0x25, 0xdb, 0xcf, 0xd6, 0x66, 0x4e, 0x52, 0xab, 0x6b, 0x8d, 0x81, - 0xb0, 0x04, 0xe1, 0x2c, 0xae, 0xfd, 0xdf, 0x4b, 0xf0, 0x70, 0xfa, 0x13, 0x68, 0xc5, 0xf8, 0xde, - 0x94, 0x62, 0x7c, 0x87, 0xa9, 0x18, 0xef, 0xec, 0x4d, 0xbc, 0xb5, 0xcb, 0x63, 0x3f, 0x30, 0x7a, - 0x13, 0xcd, 0x67, 0x3e, 0xc2, 0x54, 0xfa, 0x23, 0xdc, 0xd9, 0x9b, 0x78, 0xb4, 0xcb, 0x3b, 0x66, - 0xbe, 0xd2, 0x13, 0xd0, 0x1f, 0x11, 0x27, 0x0e, 0x03, 0xf1, 0x9d, 0xd4, 0xd7, 0xc4, 0xac, 0x15, - 0x0b, 0xa8, 0xfd, 0xad, 0x5a, 0x76, 0xb0, 0xe7, 0xb9, 0x3f, 0x36, 0x8c, 0x90, 0x07, 0x7d, 0x6c, - 0xd7, 0xc6, 0x25, 0xcb, 0x95, 0xa3, 0xad, 0x42, 0xaa, 0x45, 0x14, 0xe9, 0x99, 0x2a, 0xfd, 0x6a, - 0xb4, 0x09, 0x33, 0x16, 0x68, 0x07, 0xaa, 0xae, 0xdc, 0x4c, 0x95, 0x8a, 0x70, 0x3b, 0x8a, 0xad, - 0x94, 0xe6, 0x38, 0x44, 0xc5, 0xbd, 0xda, 0x81, 0x29, 0x6e, 0x88, 0x40, 0xb9, 0xe1, 0x25, 0xe2, - 0xb3, 0x1e, 0x71, 0xbb, 0x3c, 0xef, 0x19, 0xaf, 0x38, 0x40, 0x75, 0xd0, 0xbc, 0x97, 0x60, 0x4a, - 0x1f, 0x7d, 0xca, 0x82, 0xc1, 0xd8, 0x6d, 0xae, 0x44, 0xe1, 0xb6, 0x57, 0x27, 0x91, 0xb0, 0x31, - 0x8f, 0x28, 0xd9, 0x56, 0x67, 0x97, 0x24, 0x41, 0xcd, 0x97, 0xbb, 0x2f, 0x34, 0x04, 0x9b, 0x7c, - 0xe9, 0xde, 0xeb, 0x61, 0xf1, 0xee, 0x73, 0xc4, 0x65, 0x2b, 0x4e, 0xee, 0x99, 0xd9, 0x4c, 0x39, - 0xb2, 0xcd, 0x3d, 0xd7, 0x76, 0xb7, 0xe8, 0x7a, 0xd3, 0x1d, 0x7a, 0xeb, 0xed, 0xbd, 0x89, 0x87, - 0x67, 0xf3, 0x79, 0xe2, 0x6e, 0x9d, 0x61, 0x03, 0xd6, 0x6a, 0xfb, 0x3e, 0x26, 0xaf, 0xb6, 0x09, - 0xf3, 0x88, 0x15, 0x30, 0x60, 0x2b, 0x9a, 0x60, 0x66, 0xc0, 0x0c, 0x08, 0x36, 0xf9, 0xa2, 0x57, - 0xa1, 0xbf, 0xe9, 0x24, 0x91, 0xb7, 0x23, 0xdc, 0x60, 0x47, 0xdc, 0x05, 0x2d, 0x31, 0x5a, 0x9a, - 0x39, 0x53, 0xf4, 0xbc, 0x11, 0x0b, 0x46, 0xa8, 0x09, 0x95, 0x26, 0x89, 0x1a, 0x64, 0xbc, 0x5a, - 0x84, 0xcb, 0x7f, 0x89, 0x92, 0xd2, 0x0c, 0x6b, 0xd4, 0xb8, 0x62, 0x6d, 0x98, 0x73, 0x41, 0x2f, - 0x43, 0x35, 0x26, 0x3e, 0x71, 0xa9, 0x79, 0x54, 0x63, 0x1c, 0x7f, 0xa2, 0x47, 0x53, 0x91, 0xda, - 0x25, 0xab, 0xe2, 0x51, 0xbe, 0xc0, 0xe4, 0x3f, 0xac, 0x48, 0xd2, 0x01, 0x6c, 0xf9, 0xed, 0x86, - 0x17, 0x8c, 0x43, 0x11, 0x03, 0xb8, 0xc2, 0x68, 0x65, 0x06, 0x90, 0x37, 0x62, 0xc1, 0xc8, 0xfe, - 0x6f, 0x16, 0xa0, 0xb4, 0x50, 0xbb, 0x07, 0x36, 0xf1, 0xab, 0x69, 0x9b, 0x78, 0xb1, 0x48, 0xa3, - 0xa5, 0x8b, 0x59, 0xfc, 0x9b, 0x35, 0xc8, 0xa8, 0x83, 0xab, 0x24, 0x4e, 0x48, 0xfd, 0x4d, 0x11, - 0xfe, 0xa6, 0x08, 0x7f, 0x53, 0x84, 0x2b, 0x11, 0xbe, 0x9e, 0x11, 0xe1, 0xef, 0x31, 0x56, 0xbd, - 0x3e, 0x5f, 0x7f, 0x45, 0x1d, 0xc0, 0x9b, 0x3d, 0x30, 0x10, 0xa8, 0x24, 0xb8, 0xbc, 0xba, 0x7c, - 0x35, 0x57, 0x66, 0xbf, 0x92, 0x96, 0xd9, 0x47, 0x65, 0xf1, 0xff, 0x82, 0x94, 0xfe, 0x7d, 0x0b, - 0xde, 0x9e, 0x96, 0x5e, 0x72, 0xe6, 0x2c, 0x34, 0x82, 0x30, 0x22, 0x73, 0xde, 0xc6, 0x06, 0x89, - 0x48, 0xe0, 0x92, 0x58, 0xf9, 0x76, 0xac, 0x6e, 0xbe, 0x1d, 0xf4, 0x2c, 0x0c, 0xdd, 0x8c, 0xc3, - 0x60, 0x25, 0xf4, 0x02, 0x21, 0x82, 0xe8, 0x8e, 0xe3, 0xc4, 0xed, 0xbd, 0x89, 0x21, 0x3a, 0xa2, - 0xb2, 0x1d, 0xa7, 0xb0, 0xd0, 0x2c, 0x8c, 0xdd, 0x7c, 0x75, 0xc5, 0x49, 0x0c, 0x6f, 0x82, 0xdc, - 0xf7, 0xb3, 0xf3, 0xa8, 0xcb, 0x2f, 0x66, 0x80, 0xb8, 0x13, 0xdf, 0xfe, 0xbb, 0x25, 0x78, 0x24, - 0xf3, 0x22, 0xa1, 0xef, 0x87, 0xed, 0x84, 0xee, 0x89, 0xd0, 0x57, 0x2c, 0x38, 0xd1, 0x4c, 0x3b, - 0x2c, 0x62, 0xe1, 0xee, 0x7e, 0x5f, 0x61, 0x3a, 0x22, 0xe3, 0x11, 0x99, 0x19, 0x17, 0x23, 0x74, - 0x22, 0x03, 0x88, 0x71, 0x47, 0x5f, 0xd0, 0xcb, 0x50, 0x6b, 0x3a, 0x3b, 0xd7, 0x5a, 0x75, 0x27, - 0x91, 0xdb, 0xd1, 0xee, 0x5e, 0x84, 0x76, 0xe2, 0xf9, 0x93, 0x3c, 0x72, 0x63, 0x72, 0x21, 0x48, - 0x96, 0xa3, 0xd5, 0x24, 0xf2, 0x82, 0x06, 0x77, 0x72, 0x2e, 0x49, 0x32, 0x58, 0x53, 0xb4, 0xbf, - 0x6c, 0x65, 0x95, 0x94, 0x1a, 0x9d, 0xc8, 0x49, 0x48, 0x63, 0x17, 0x7d, 0x18, 0x2a, 0x74, 0xdf, - 0x28, 0x47, 0xe5, 0x46, 0x91, 0x9a, 0xd3, 0xf8, 0x12, 0x5a, 0x89, 0xd2, 0x7f, 0x31, 0xe6, 0x4c, - 0xed, 0xaf, 0xd4, 0xb2, 0xc6, 0x02, 0x3b, 0x9b, 0x3f, 0x0f, 0xd0, 0x08, 0xd7, 0x48, 0xb3, 0xe5, - 0xd3, 0x61, 0xb1, 0xd8, 0x01, 0x8f, 0x72, 0x95, 0xcc, 0x2b, 0x08, 0x36, 0xb0, 0xd0, 0x2f, 0x59, - 0x00, 0x0d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xad, 0xc8, 0xd7, 0xd1, 0x2b, 0x4a, 0xf7, 0x45, 0x31, - 0xc4, 0x06, 0x73, 0xf4, 0xf3, 0x16, 0x54, 0x13, 0xd9, 0x7d, 0xae, 0x1a, 0xd7, 0x8a, 0xec, 0x89, - 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, 0xd1, 0x2f, 0x58, 0x00, 0xf1, 0x6e, 0xe0, 0xae, - 0x84, 0xbe, 0xe7, 0xee, 0x0a, 0x8d, 0x79, 0xbd, 0x50, 0x77, 0x8e, 0xa2, 0x3e, 0x33, 0x42, 0x47, - 0x43, 0xff, 0xc7, 0x06, 0x67, 0xf4, 0x51, 0xa8, 0xc6, 0x62, 0xba, 0x09, 0x1d, 0xb9, 0x56, 0xac, - 0x53, 0x89, 0xd3, 0x16, 0xe2, 0x55, 0xfc, 0xc3, 0x8a, 0x27, 0xfa, 0xdb, 0x16, 0x8c, 0xb6, 0xd2, - 0x6e, 0x42, 0xa1, 0x0e, 0x8b, 0x93, 0x01, 0x19, 0x37, 0x24, 0xf7, 0xb6, 0x64, 0x1a, 0x71, 0xb6, - 0x17, 0x54, 0x02, 0xea, 0x19, 0xbc, 0xdc, 0xe2, 0x2e, 0xcb, 0x01, 0x2d, 0x01, 0xe7, 0xb3, 0x40, - 0xdc, 0x89, 0x8f, 0x56, 0xe0, 0x14, 0xed, 0xdd, 0x2e, 0x37, 0x3f, 0xa5, 0x7a, 0x89, 0x99, 0x32, - 0xac, 0xce, 0x9c, 0x15, 0x33, 0x84, 0x9d, 0x75, 0x64, 0x71, 0x70, 0xee, 0x93, 0xe8, 0x0f, 0x2d, - 0x38, 0xeb, 0x31, 0x35, 0x60, 0x3a, 0xec, 0xb5, 0x46, 0x10, 0x07, 0xed, 0xa4, 0x50, 0x59, 0xd1, - 0x4d, 0xfd, 0xcc, 0xbc, 0x4d, 0xbc, 0xc1, 0xd9, 0x85, 0x7d, 0xba, 0x84, 0xf7, 0xed, 0x30, 0xfa, - 0x49, 0x18, 0x96, 0xeb, 0x62, 0x85, 0x8a, 0x60, 0xa6, 0x68, 0x6b, 0x33, 0x63, 0xb7, 0xf7, 0x26, - 0x86, 0xd7, 0x4c, 0x00, 0x4e, 0xe3, 0xd9, 0xff, 0xb6, 0x9c, 0x3a, 0x25, 0x52, 0x3e, 0x4c, 0x26, - 0x6e, 0x5c, 0xe9, 0xff, 0x91, 0xd2, 0xb3, 0x50, 0x71, 0xa3, 0xbc, 0x4b, 0x5a, 0xdc, 0xa8, 0xa6, - 0x18, 0x1b, 0xcc, 0xa9, 0x51, 0x3a, 0xe6, 0x64, 0x3d, 0xa5, 0x42, 0x02, 0xbe, 0x5c, 0x64, 0x97, - 0x3a, 0xcf, 0xf4, 0x1e, 0x11, 0x5d, 0x1b, 0xeb, 0x00, 0xe1, 0xce, 0x2e, 0xa1, 0x8f, 0x40, 0x2d, - 0x52, 0x91, 0x2d, 0xe5, 0x22, 0xb6, 0x6a, 0x72, 0xda, 0x88, 0xee, 0xa8, 0x03, 0x20, 0x1d, 0xc3, - 0xa2, 0x39, 0xda, 0x7f, 0x90, 0x3e, 0x18, 0x33, 0x64, 0x47, 0x0f, 0x87, 0x7e, 0x9f, 0xb7, 0x60, - 0x30, 0x0a, 0x7d, 0xdf, 0x0b, 0x1a, 0x54, 0xce, 0x09, 0x65, 0xfd, 0x81, 0x63, 0xd1, 0x97, 0x42, - 0xa0, 0x31, 0xcb, 0x1a, 0x6b, 0x9e, 0xd8, 0xec, 0x80, 0xfd, 0xa7, 0x16, 0x8c, 0x77, 0x93, 0xc7, - 0x88, 0xc0, 0x5b, 0xa5, 0xb0, 0x51, 0x43, 0xb1, 0x1c, 0xcc, 0x11, 0x9f, 0x28, 0xb7, 0x79, 0x75, - 0xe6, 0x71, 0xf1, 0x9a, 0x6f, 0x5d, 0xe9, 0x8e, 0x8a, 0xf7, 0xa3, 0x83, 0x5e, 0x82, 0x13, 0xc6, - 0x7b, 0xc5, 0x6a, 0x60, 0x6a, 0x33, 0x93, 0xd4, 0x00, 0x9a, 0xce, 0xc0, 0xee, 0xec, 0x4d, 0x3c, - 0x94, 0x6d, 0x13, 0x0a, 0xa3, 0x83, 0x8e, 0xfd, 0xeb, 0xa5, 0xec, 0xd7, 0x52, 0xba, 0xfe, 0x0d, - 0xab, 0xc3, 0x9b, 0xf0, 0xbe, 0xe3, 0xd0, 0xaf, 0xcc, 0xef, 0xa0, 0xc2, 0x30, 0xba, 0xe3, 0xdc, - 0xc7, 0x63, 0x7b, 0xfb, 0xdf, 0xf5, 0xc1, 0x3e, 0x3d, 0xeb, 0xc1, 0x78, 0x3f, 0xf4, 0x39, 0xea, - 0x67, 0x2d, 0x75, 0x60, 0xc6, 0xd7, 0x70, 0xfd, 0xb8, 0xc6, 0x9e, 0xef, 0x9f, 0x62, 0x1e, 0x3a, - 0xa2, 0xbc, 0xe8, 0xe9, 0xa3, 0x39, 0xf4, 0x55, 0x2b, 0x7d, 0xe4, 0xc7, 0x83, 0x1a, 0xbd, 0x63, - 0xeb, 0x93, 0x71, 0x8e, 0xc8, 0x3b, 0xa6, 0x4f, 0x9f, 0xba, 0x9d, 0x30, 0x4e, 0x02, 0x6c, 0x78, - 0x81, 0xe3, 0x7b, 0xaf, 0xd1, 0xdd, 0x51, 0x85, 0x29, 0x78, 0x66, 0x31, 0x5d, 0x54, 0xad, 0xd8, - 0xc0, 0x38, 0xf3, 0xff, 0xc3, 0xa0, 0xf1, 0xe6, 0x39, 0x11, 0x2f, 0xa7, 0xcc, 0x88, 0x97, 0x9a, - 0x11, 0xa8, 0x72, 0xe6, 0x3d, 0x70, 0x22, 0xdb, 0xc1, 0xc3, 0x3c, 0x6f, 0xff, 0xef, 0x81, 0xec, - 0x19, 0xdc, 0x1a, 0x89, 0x9a, 0xb4, 0x6b, 0x6f, 0x3a, 0xb6, 0xde, 0x74, 0x6c, 0xbd, 0xe9, 0xd8, - 0x32, 0xcf, 0x26, 0x84, 0xd3, 0x66, 0xe0, 0x1e, 0x39, 0x6d, 0x52, 0x6e, 0xa8, 0x6a, 0xe1, 0x6e, - 0x28, 0xfb, 0x53, 0x1d, 0x9e, 0xfb, 0xb5, 0x88, 0x10, 0x14, 0x42, 0x25, 0x08, 0xeb, 0x44, 0xda, - 0xb8, 0x97, 0x8b, 0x31, 0xd8, 0xae, 0x86, 0x75, 0x23, 0x5c, 0x9c, 0xfe, 0x8b, 0x31, 0xe7, 0x63, - 0x7f, 0xb2, 0x1f, 0x52, 0xe6, 0x24, 0xff, 0xee, 0x3f, 0x06, 0x03, 0x11, 0x69, 0x85, 0xd7, 0xf0, - 0xa2, 0xd0, 0x65, 0x3a, 0xa3, 0x84, 0x37, 0x63, 0x09, 0xa7, 0x3a, 0xaf, 0xe5, 0x24, 0x9b, 0x42, - 0x99, 0x29, 0x9d, 0xb7, 0xe2, 0x24, 0x9b, 0x98, 0x41, 0xd0, 0x7b, 0x60, 0x24, 0x49, 0x1d, 0x85, - 0x8b, 0x23, 0xdf, 0x87, 0x04, 0xee, 0x48, 0xfa, 0xa0, 0x1c, 0x67, 0xb0, 0xd1, 0xab, 0xd0, 0xb7, - 0x49, 0xfc, 0xa6, 0xf8, 0xf4, 0xab, 0xc5, 0xe9, 0x1a, 0xf6, 0xae, 0x97, 0x88, 0xdf, 0xe4, 0x92, - 0x90, 0xfe, 0xc2, 0x8c, 0x15, 0x9d, 0xf7, 0xb5, 0xad, 0x76, 0x9c, 0x84, 0x4d, 0xef, 0x35, 0xe9, - 0xe9, 0x7c, 0x5f, 0xc1, 0x8c, 0xaf, 0x48, 0xfa, 0xdc, 0xa5, 0xa4, 0xfe, 0x62, 0xcd, 0x99, 0xf5, - 0xa3, 0xee, 0x45, 0x6c, 0xca, 0xec, 0x0a, 0x87, 0x65, 0xd1, 0xfd, 0x98, 0x93, 0xf4, 0x79, 0x3f, - 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x5d, 0xb5, 0xfe, 0x06, 0x59, 0x1f, 0xae, 0x15, 0xdc, 0x07, 0xbe, - 0xf6, 0x72, 0xd7, 0xe1, 0xe3, 0x50, 0x71, 0x37, 0x9d, 0x28, 0x19, 0x1f, 0x62, 0x93, 0x46, 0xcd, - 0xe2, 0x59, 0xda, 0x88, 0x39, 0x0c, 0x3d, 0x0a, 0xe5, 0x88, 0x6c, 0xb0, 0xe8, 0x64, 0x23, 0x2e, - 0x0a, 0x93, 0x0d, 0x4c, 0xdb, 0x95, 0x5d, 0x36, 0xd2, 0x35, 0x60, 0xee, 0x57, 0x4b, 0x69, 0xc3, - 0x2e, 0x3d, 0x32, 0x7c, 0x3d, 0xb8, 0xed, 0x28, 0x96, 0x0e, 0x32, 0x63, 0x3d, 0xb0, 0x66, 0x2c, - 0xe1, 0xe8, 0xe3, 0x16, 0x0c, 0xdc, 0x8c, 0xc3, 0x20, 0x20, 0x89, 0x50, 0xa2, 0xd7, 0x0b, 0x1e, - 0xac, 0xcb, 0x9c, 0xba, 0xee, 0x83, 0x68, 0xc0, 0x92, 0x2f, 0xed, 0x2e, 0xd9, 0x71, 0xfd, 0x76, - 0xbd, 0x23, 0x18, 0xe6, 0x02, 0x6f, 0xc6, 0x12, 0x4e, 0x51, 0xbd, 0x80, 0xa3, 0xf6, 0xa5, 0x51, - 0x17, 0x02, 0x81, 0x2a, 0xe0, 0xf6, 0xf7, 0x07, 0xe0, 0x74, 0xee, 0xf2, 0xa1, 0x26, 0x17, 0x33, - 0x6a, 0x2e, 0x7a, 0x3e, 0x91, 0x61, 0x60, 0xcc, 0xe4, 0xba, 0xae, 0x5a, 0xb1, 0x81, 0x81, 0x7e, - 0x0e, 0xa0, 0xe5, 0x44, 0x4e, 0x93, 0x28, 0x07, 0xf6, 0x91, 0x2d, 0x1b, 0xda, 0x8f, 0x15, 0x49, - 0x53, 0x6f, 0xe2, 0x55, 0x53, 0x8c, 0x0d, 0x96, 0xe8, 0x39, 0x18, 0x8c, 0x88, 0x4f, 0x9c, 0x98, - 0x85, 0xbf, 0x67, 0x73, 0x79, 0xb0, 0x06, 0x61, 0x13, 0x0f, 0x3d, 0xa1, 0x22, 0xe6, 0x32, 0x91, - 0x43, 0xe9, 0xa8, 0x39, 0xf4, 0xba, 0x05, 0x23, 0x1b, 0x9e, 0x4f, 0x34, 0x77, 0x91, 0x79, 0xb3, - 0x7c, 0xf4, 0x97, 0xbc, 0x68, 0xd2, 0xd5, 0x32, 0x34, 0xd5, 0x1c, 0xe3, 0x0c, 0x7b, 0xfa, 0x99, - 0xb7, 0x49, 0xc4, 0x84, 0x6f, 0x7f, 0xfa, 0x33, 0x5f, 0xe7, 0xcd, 0x58, 0xc2, 0xd1, 0x34, 0x8c, - 0xb6, 0x9c, 0x38, 0x9e, 0x8d, 0x48, 0x9d, 0x04, 0x89, 0xe7, 0xf8, 0x3c, 0x2f, 0xa6, 0xaa, 0xc3, - 0xc9, 0x57, 0xd2, 0x60, 0x9c, 0xc5, 0x47, 0xef, 0x87, 0x87, 0xb9, 0x87, 0x68, 0xc9, 0x8b, 0x63, - 0x2f, 0x68, 0xe8, 0x69, 0x20, 0x1c, 0x65, 0x13, 0x82, 0xd4, 0xc3, 0x0b, 0xf9, 0x68, 0xb8, 0xdb, - 0xf3, 0xe8, 0x29, 0xa8, 0xc6, 0x5b, 0x5e, 0x6b, 0x36, 0xaa, 0xc7, 0xec, 0x74, 0xa8, 0xaa, 0xdd, - 0xb2, 0xab, 0xa2, 0x1d, 0x2b, 0x0c, 0xe4, 0xc2, 0x10, 0xff, 0x24, 0x3c, 0xe4, 0x4f, 0x48, 0xd0, - 0xa7, 0xbb, 0x2a, 0x72, 0x91, 0xe6, 0x39, 0x89, 0x9d, 0x5b, 0x17, 0xe4, 0x59, 0x15, 0x3f, 0x5a, - 0xb9, 0x6e, 0x90, 0xc1, 0x29, 0xa2, 0xe9, 0x3d, 0xdd, 0x60, 0x0f, 0x7b, 0xba, 0xe7, 0x60, 0x70, - 0xab, 0xbd, 0x4e, 0xc4, 0xc8, 0x0b, 0xc1, 0xa6, 0x66, 0xdf, 0x15, 0x0d, 0xc2, 0x26, 0x1e, 0x8b, - 0xb6, 0x6c, 0x79, 0xe2, 0x5f, 0x3c, 0x3e, 0x6c, 0x44, 0x5b, 0xae, 0x2c, 0xc8, 0x66, 0x6c, 0xe2, - 0xd0, 0xae, 0xd1, 0xb1, 0x58, 0x23, 0x31, 0x4b, 0xa6, 0xa0, 0xc3, 0xa5, 0xba, 0xb6, 0x2a, 0x01, - 0x58, 0xe3, 0xd8, 0xbf, 0x5c, 0x4a, 0xfb, 0x39, 0x4c, 0x81, 0x83, 0x62, 0x2a, 0x56, 0x92, 0xeb, - 0x4e, 0x24, 0xcd, 0x93, 0x23, 0xa6, 0x22, 0x09, 0xba, 0xd7, 0x9d, 0xc8, 0x14, 0x50, 0x8c, 0x01, - 0x96, 0x9c, 0xd0, 0x4d, 0xe8, 0x4b, 0x7c, 0xa7, 0xa0, 0xdc, 0x45, 0x83, 0xa3, 0x76, 0x3b, 0x2d, - 0x4e, 0xc7, 0x98, 0xf1, 0x40, 0x67, 0xe9, 0x5e, 0x6b, 0x5d, 0x9e, 0x8b, 0x89, 0xed, 0xd1, 0x7a, - 0x8c, 0x59, 0xab, 0xfd, 0x67, 0x83, 0x39, 0x3a, 0x42, 0xa9, 0x6d, 0x74, 0x1e, 0x80, 0x7e, 0xe2, - 0x95, 0x88, 0x6c, 0x78, 0x3b, 0xc2, 0x6c, 0x52, 0x72, 0xe8, 0xaa, 0x82, 0x60, 0x03, 0x4b, 0x3e, - 0xb3, 0xda, 0xde, 0xa0, 0xcf, 0x94, 0x3a, 0x9f, 0xe1, 0x10, 0x6c, 0x60, 0xa1, 0x67, 0xa1, 0xdf, - 0x6b, 0x3a, 0x0d, 0x15, 0xb6, 0x7b, 0x96, 0x0a, 0xa0, 0x05, 0xd6, 0x72, 0x67, 0x6f, 0x62, 0x44, - 0x75, 0x88, 0x35, 0x61, 0x81, 0x8b, 0x7e, 0xdd, 0x82, 0x21, 0x37, 0x6c, 0x36, 0xc3, 0x80, 0x6f, - 0x76, 0xc5, 0xce, 0xfd, 0xe6, 0x71, 0x19, 0x35, 0x93, 0xb3, 0x06, 0x33, 0xbe, 0x75, 0x57, 0x49, - 0x96, 0x26, 0x08, 0xa7, 0x7a, 0x65, 0xca, 0xa9, 0xca, 0x01, 0x72, 0xea, 0x37, 0x2c, 0x18, 0xe3, - 0xcf, 0x1a, 0x7b, 0x70, 0x91, 0x4f, 0x18, 0x1e, 0xf3, 0x6b, 0x75, 0xb8, 0x25, 0x94, 0x6b, 0xb6, - 0x03, 0x8e, 0x3b, 0x3b, 0x89, 0xe6, 0x61, 0x6c, 0x23, 0x8c, 0x5c, 0x62, 0x0e, 0x84, 0x10, 0xb2, - 0x8a, 0xd0, 0xc5, 0x2c, 0x02, 0xee, 0x7c, 0x06, 0x5d, 0x87, 0x87, 0x8c, 0x46, 0x73, 0x1c, 0xb8, - 0x9c, 0x7d, 0x4c, 0x50, 0x7b, 0xe8, 0x62, 0x2e, 0x16, 0xee, 0xf2, 0x74, 0x5a, 0xa4, 0xd5, 0x7a, - 0x10, 0x69, 0xaf, 0xc0, 0x23, 0x6e, 0xe7, 0xc8, 0x6c, 0xc7, 0xed, 0xf5, 0x98, 0x4b, 0xdd, 0xea, - 0xcc, 0x8f, 0x08, 0x02, 0x8f, 0xcc, 0x76, 0x43, 0xc4, 0xdd, 0x69, 0xa0, 0x0f, 0x43, 0x35, 0x22, - 0xec, 0xab, 0xc4, 0x22, 0xb9, 0xee, 0x88, 0xbe, 0x09, 0x6d, 0x6f, 0x73, 0xb2, 0x5a, 0x8f, 0x88, - 0x86, 0x18, 0x2b, 0x8e, 0xe8, 0x16, 0x0c, 0xb4, 0x9c, 0xc4, 0xdd, 0x14, 0x29, 0x75, 0x47, 0xf6, - 0xa4, 0x2b, 0xe6, 0xec, 0xe0, 0xc3, 0x48, 0xc2, 0xe7, 0x4c, 0xb0, 0xe4, 0x46, 0x2d, 0x2b, 0x37, - 0x6c, 0xb6, 0xc2, 0x80, 0x04, 0x89, 0x14, 0xf9, 0x23, 0xfc, 0x74, 0x42, 0xb6, 0x62, 0x03, 0x03, - 0xad, 0xc0, 0x29, 0xe6, 0xa9, 0xbb, 0xe1, 0x25, 0x9b, 0x61, 0x3b, 0x91, 0x1b, 0x4f, 0x21, 0xfb, - 0xd5, 0xf9, 0xd4, 0x62, 0x0e, 0x0e, 0xce, 0x7d, 0x32, 0xab, 0xac, 0x46, 0xef, 0x4e, 0x59, 0x9d, - 0x38, 0x58, 0x59, 0x9d, 0x79, 0x2f, 0x8c, 0x75, 0x08, 0x8d, 0x43, 0xb9, 0xe3, 0xe6, 0xe0, 0xa1, - 0xfc, 0xe5, 0x79, 0x28, 0xa7, 0xdc, 0x3f, 0xcf, 0x44, 0x65, 0x1b, 0x1b, 0x94, 0x1e, 0x1c, 0xbc, - 0x0e, 0x94, 0x49, 0xb0, 0x2d, 0xb4, 0xd5, 0xc5, 0xa3, 0xcd, 0x92, 0x0b, 0xc1, 0x36, 0x97, 0x2e, - 0xcc, 0x8b, 0x75, 0x21, 0xd8, 0xc6, 0x94, 0x36, 0xfa, 0xa2, 0x95, 0x32, 0x9f, 0xb9, 0x5b, 0xf8, - 0x83, 0xc7, 0xb2, 0x23, 0xeb, 0xd9, 0xa2, 0xb6, 0xff, 0x7d, 0x09, 0xce, 0x1d, 0x44, 0xa4, 0x87, - 0xe1, 0x7b, 0x1c, 0xfa, 0x63, 0x16, 0x67, 0x21, 0xc4, 0xff, 0x20, 0x5d, 0x15, 0x3c, 0xf2, 0xe2, - 0x15, 0x2c, 0x40, 0xc8, 0x87, 0x72, 0xd3, 0x69, 0x09, 0x6f, 0xe1, 0xc2, 0x51, 0xb3, 0xd7, 0xe8, - 0x7f, 0xc7, 0x5f, 0x72, 0x5a, 0x7c, 0x7a, 0x1a, 0x0d, 0x98, 0xb2, 0x41, 0x09, 0x54, 0x9c, 0x28, - 0x72, 0xe4, 0xa1, 0xfe, 0x95, 0x62, 0xf8, 0x4d, 0x53, 0x92, 0xfc, 0x4c, 0x34, 0xd5, 0x84, 0x39, - 0x33, 0xfb, 0xb3, 0x03, 0xa9, 0x54, 0x27, 0x16, 0xa9, 0x11, 0x43, 0xbf, 0x70, 0x12, 0x5a, 0x45, - 0x27, 0x0d, 0xf2, 0x5c, 0x62, 0xb6, 0xff, 0x16, 0x15, 0x19, 0x04, 0x2b, 0xf4, 0x19, 0x8b, 0xd5, - 0x3d, 0x90, 0xf9, 0x63, 0x62, 0x4f, 0x7b, 0x3c, 0x65, 0x18, 0xcc, 0x6a, 0x0a, 0xb2, 0x11, 0x9b, - 0xdc, 0x45, 0xfd, 0x12, 0x66, 0xcb, 0x77, 0xd6, 0x2f, 0x61, 0xb6, 0xb9, 0x84, 0xa3, 0x9d, 0x9c, - 0x88, 0x8c, 0x02, 0x72, 0xe7, 0x7b, 0x88, 0xc1, 0xf8, 0xaa, 0x05, 0x63, 0x5e, 0xf6, 0x68, 0x5d, - 0xec, 0x00, 0x6f, 0x14, 0xe3, 0xd1, 0xeb, 0x3c, 0xb9, 0x57, 0x86, 0x43, 0x07, 0x08, 0x77, 0x76, - 0x06, 0xd5, 0xa1, 0xcf, 0x0b, 0x36, 0x42, 0x61, 0x2e, 0xcd, 0x1c, 0xad, 0x53, 0x0b, 0xc1, 0x46, - 0xa8, 0x57, 0x33, 0xfd, 0x87, 0x19, 0x75, 0xb4, 0x08, 0xa7, 0x64, 0xb6, 0xcb, 0x25, 0x2f, 0x4e, - 0xc2, 0x68, 0x77, 0xd1, 0x6b, 0x7a, 0x09, 0x33, 0x75, 0xca, 0x33, 0xe3, 0x54, 0x13, 0xe1, 0x1c, - 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x06, 0x03, 0xf2, 0x38, 0xbb, 0x5a, 0xc4, 0x6e, 0xba, 0x73, 0xfe, - 0xab, 0xc9, 0xb4, 0x2a, 0xce, 0xb3, 0x25, 0x43, 0xfb, 0xf5, 0x41, 0xe8, 0x3c, 0x75, 0x4f, 0x1f, - 0xb1, 0x5b, 0xf7, 0xfa, 0x88, 0x9d, 0x6e, 0x8d, 0x62, 0x7d, 0x3a, 0x5e, 0xc0, 0xdc, 0x16, 0x5c, - 0xf5, 0xc9, 0xe7, 0x6e, 0xe0, 0x62, 0xc6, 0x03, 0x45, 0xd0, 0xbf, 0x49, 0x1c, 0x3f, 0xd9, 0x2c, - 0xe6, 0x90, 0xe6, 0x12, 0xa3, 0x95, 0x4d, 0x51, 0xe3, 0xad, 0x58, 0x70, 0x42, 0x3b, 0x30, 0xb0, - 0xc9, 0x27, 0x80, 0xd8, 0xad, 0x2c, 0x1d, 0x75, 0x70, 0x53, 0xb3, 0x4a, 0x7f, 0x6e, 0xd1, 0x80, - 0x25, 0x3b, 0x16, 0xce, 0x65, 0x04, 0x9c, 0xf0, 0xa5, 0x5b, 0x5c, 0x76, 0x5e, 0xef, 0xd1, 0x26, - 0x1f, 0x82, 0xa1, 0x88, 0xb8, 0x61, 0xe0, 0x7a, 0x3e, 0xa9, 0x4f, 0xcb, 0x03, 0x98, 0xc3, 0x24, - 0x65, 0x31, 0xef, 0x05, 0x36, 0x68, 0xe0, 0x14, 0x45, 0xf4, 0x69, 0x0b, 0x46, 0x54, 0xa2, 0x36, - 0xfd, 0x20, 0x44, 0x38, 0xda, 0x17, 0x0b, 0x4a, 0x0b, 0x67, 0x34, 0x67, 0xd0, 0xed, 0xbd, 0x89, - 0x91, 0x74, 0x1b, 0xce, 0xf0, 0x45, 0x2f, 0x01, 0x84, 0xeb, 0x3c, 0x66, 0x6b, 0x3a, 0x11, 0x5e, - 0xf7, 0xc3, 0xbc, 0xea, 0x08, 0x4f, 0xee, 0x94, 0x14, 0xb0, 0x41, 0x0d, 0x5d, 0x01, 0xe0, 0xcb, - 0x66, 0x6d, 0xb7, 0x25, 0xb7, 0x34, 0x32, 0xab, 0x0e, 0x56, 0x15, 0xe4, 0xce, 0xde, 0x44, 0xa7, - 0x8f, 0x93, 0x05, 0xa6, 0x18, 0x8f, 0xa3, 0x9f, 0x85, 0x81, 0xb8, 0xdd, 0x6c, 0x3a, 0xca, 0x27, - 0x5f, 0x60, 0xba, 0x28, 0xa7, 0x6b, 0x88, 0x22, 0xde, 0x80, 0x25, 0x47, 0x74, 0x93, 0x0a, 0xd5, - 0x58, 0x38, 0x5f, 0xd9, 0x2a, 0xe2, 0x36, 0x01, 0xf7, 0x3c, 0xbd, 0x53, 0x9a, 0xf8, 0x38, 0x07, - 0xe7, 0xce, 0xde, 0xc4, 0x43, 0xe9, 0xf6, 0xc5, 0x50, 0x24, 0x70, 0xe6, 0xd2, 0x44, 0x97, 0x65, - 0xdd, 0x26, 0xfa, 0xda, 0xb2, 0x9c, 0xc8, 0x93, 0xba, 0x6e, 0x13, 0x6b, 0xee, 0x3e, 0x66, 0xe6, - 0xc3, 0x68, 0x09, 0x4e, 0xba, 0x61, 0x90, 0x44, 0xa1, 0xef, 0xf3, 0xba, 0x65, 0x7c, 0x77, 0xc9, - 0x7d, 0xf6, 0x6f, 0x15, 0xdd, 0x3e, 0x39, 0xdb, 0x89, 0x82, 0xf3, 0x9e, 0xb3, 0x83, 0xf4, 0xf9, - 0x99, 0x18, 0x9c, 0x67, 0x61, 0x88, 0xec, 0x24, 0x24, 0x0a, 0x1c, 0xff, 0x1a, 0x5e, 0x94, 0xbe, - 0x68, 0xb6, 0x06, 0x2e, 0x18, 0xed, 0x38, 0x85, 0x85, 0x6c, 0xe5, 0x52, 0x31, 0x92, 0x92, 0xb9, - 0x4b, 0x45, 0x3a, 0x50, 0xec, 0x6f, 0x94, 0x53, 0x06, 0xd9, 0x7d, 0x39, 0xad, 0x63, 0xd5, 0x6f, - 0x64, 0x99, 0x20, 0x06, 0x10, 0x1b, 0x8d, 0x22, 0x39, 0xab, 0xea, 0x37, 0xcb, 0x26, 0x23, 0x9c, - 0xe6, 0x8b, 0xb6, 0xa0, 0xb2, 0x19, 0xc6, 0x89, 0xdc, 0x7e, 0x1c, 0x71, 0xa7, 0x73, 0x29, 0x8c, - 0x13, 0x66, 0x45, 0xa8, 0xd7, 0xa6, 0x2d, 0x31, 0xe6, 0x3c, 0xe8, 0x1e, 0x34, 0xde, 0x74, 0xa2, - 0x7a, 0x3c, 0xcb, 0x4a, 0x08, 0xf4, 0x31, 0xf3, 0x41, 0x19, 0x8b, 0xab, 0x1a, 0x84, 0x4d, 0x3c, - 0xfb, 0xcf, 0xad, 0xd4, 0x81, 0xc5, 0x0d, 0x16, 0x0f, 0xbe, 0x4d, 0x02, 0x2a, 0x0d, 0xcc, 0x08, - 0xb4, 0x9f, 0xcc, 0x64, 0xd7, 0xbe, 0xbd, 0x5b, 0x35, 0xbf, 0x5b, 0x94, 0xc2, 0x24, 0x23, 0x61, - 0x04, 0xab, 0x7d, 0xcc, 0x4a, 0xa7, 0x49, 0x97, 0x8a, 0xd8, 0x97, 0x98, 0xa5, 0x02, 0x0e, 0xcc, - 0xb8, 0xb6, 0xbf, 0x68, 0xc1, 0xc0, 0x8c, 0xe3, 0x6e, 0x85, 0x1b, 0x1b, 0xe8, 0x29, 0xa8, 0xd6, - 0xdb, 0x91, 0x99, 0xb1, 0xad, 0x3c, 0x1b, 0x73, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0xf5, 0x37, 0x1c, - 0x57, 0x16, 0x0c, 0x28, 0xf3, 0xa9, 0x7f, 0x91, 0xb5, 0x60, 0x01, 0xa1, 0xc3, 0xdf, 0x74, 0x76, - 0xe4, 0xc3, 0xd9, 0xd3, 0x92, 0x25, 0x0d, 0xc2, 0x26, 0x9e, 0xfd, 0xaf, 0x2d, 0x18, 0x9f, 0x71, - 0x62, 0xcf, 0x9d, 0x6e, 0x27, 0x9b, 0x33, 0x5e, 0xb2, 0xde, 0x76, 0xb7, 0x48, 0xc2, 0x0b, 0x4b, - 0xd0, 0x5e, 0xb6, 0x63, 0xba, 0x02, 0xd5, 0x76, 0x50, 0xf5, 0xf2, 0x9a, 0x68, 0xc7, 0x0a, 0x03, - 0xbd, 0x06, 0x83, 0x2d, 0x27, 0x8e, 0x6f, 0x85, 0x51, 0x1d, 0x93, 0x8d, 0x62, 0x4a, 0xcf, 0xac, - 0x12, 0x37, 0x22, 0x09, 0x26, 0x1b, 0x22, 0xf6, 0x40, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0x97, 0x2c, - 0x38, 0x35, 0x43, 0x9c, 0x88, 0x44, 0xac, 0x52, 0x8d, 0x7a, 0x11, 0xf4, 0x2a, 0x54, 0x13, 0xda, - 0x42, 0x7b, 0x64, 0x15, 0xdb, 0x23, 0x16, 0x35, 0xb0, 0x26, 0x88, 0x63, 0xc5, 0xc6, 0xfe, 0xbc, - 0x05, 0x8f, 0xe4, 0xf5, 0x65, 0xd6, 0x0f, 0xdb, 0xf5, 0xfb, 0xd1, 0xa1, 0xbf, 0x63, 0xc1, 0x10, - 0x3b, 0x89, 0x9d, 0x23, 0x89, 0xe3, 0xf9, 0x1d, 0x55, 0xf2, 0xac, 0x1e, 0xab, 0xe4, 0x9d, 0x83, - 0xbe, 0xcd, 0xb0, 0x49, 0xb2, 0x51, 0x04, 0x97, 0xc2, 0x26, 0xc1, 0x0c, 0x82, 0x9e, 0xa1, 0x93, - 0xd0, 0x0b, 0x12, 0x87, 0x2e, 0x47, 0xe9, 0xfb, 0x1e, 0xe5, 0x13, 0x50, 0x35, 0x63, 0x13, 0xc7, - 0xfe, 0x57, 0x35, 0x18, 0x10, 0x21, 0x2f, 0x3d, 0x17, 0x3a, 0x91, 0x2e, 0x8a, 0x52, 0x57, 0x17, - 0x45, 0x0c, 0xfd, 0x2e, 0x2b, 0xd7, 0x29, 0x2c, 0xe1, 0x2b, 0x85, 0xc4, 0x48, 0xf1, 0x0a, 0xa0, - 0xba, 0x5b, 0xfc, 0x3f, 0x16, 0xac, 0xd0, 0x17, 0x2c, 0x18, 0x75, 0xc3, 0x20, 0x20, 0xae, 0x36, - 0xd3, 0xfa, 0x8a, 0x08, 0x85, 0x99, 0x4d, 0x13, 0xd5, 0x87, 0x7c, 0x19, 0x00, 0xce, 0xb2, 0x47, - 0x2f, 0xc0, 0x30, 0x1f, 0xb3, 0xeb, 0x29, 0x87, 0xbd, 0x2e, 0x9e, 0x66, 0x02, 0x71, 0x1a, 0x17, - 0x4d, 0xf2, 0x83, 0x0f, 0x51, 0xa6, 0xac, 0x5f, 0xfb, 0x35, 0x8d, 0x02, 0x65, 0x06, 0x06, 0x8a, - 0x00, 0x45, 0x64, 0x23, 0x22, 0xf1, 0xa6, 0x08, 0x09, 0x62, 0x26, 0xe2, 0xc0, 0xdd, 0x95, 0x28, - 0xc0, 0x1d, 0x94, 0x70, 0x0e, 0x75, 0xb4, 0x25, 0xf6, 0xc8, 0xd5, 0x22, 0xe4, 0xb9, 0xf8, 0xcc, - 0x5d, 0xb7, 0xca, 0x13, 0x50, 0x61, 0xaa, 0x8b, 0x99, 0xa6, 0x65, 0x9e, 0x16, 0xc7, 0x14, 0x1b, - 0xe6, 0xed, 0x68, 0x0e, 0x4e, 0x64, 0x4a, 0xbf, 0xc5, 0xc2, 0xb1, 0xae, 0x52, 0xa0, 0x32, 0x45, - 0xe3, 0x62, 0xdc, 0xf1, 0x84, 0xe9, 0x3f, 0x19, 0x3c, 0xc0, 0x7f, 0xb2, 0xab, 0x02, 0x4f, 0xb9, - 0xcb, 0xfb, 0xc5, 0x42, 0x06, 0xa0, 0xa7, 0x28, 0xd3, 0xcf, 0x65, 0xa2, 0x4c, 0x87, 0x59, 0x07, - 0xae, 0x17, 0xd3, 0x81, 0xc3, 0x87, 0x94, 0xde, 0xcf, 0x10, 0xd1, 0xff, 0x65, 0x81, 0xfc, 0xae, - 0xb3, 0x8e, 0xbb, 0x49, 0xe8, 0x94, 0x41, 0xef, 0x81, 0x11, 0xe5, 0x05, 0xe0, 0x26, 0x91, 0xc5, - 0x66, 0x8d, 0x8a, 0x06, 0xc0, 0x29, 0x28, 0xce, 0x60, 0xa3, 0x29, 0xa8, 0xd1, 0x71, 0xe2, 0x8f, - 0x72, 0xbd, 0xaf, 0x3c, 0x0d, 0xd3, 0x2b, 0x0b, 0xe2, 0x29, 0x8d, 0x83, 0x42, 0x18, 0xf3, 0x9d, - 0x38, 0x61, 0x3d, 0x58, 0xdd, 0x0d, 0xdc, 0xbb, 0x2c, 0x10, 0xc2, 0xf2, 0x6c, 0x16, 0xb3, 0x84, - 0x70, 0x27, 0x6d, 0xfb, 0x3f, 0x54, 0x60, 0x38, 0x25, 0x19, 0x0f, 0x69, 0x30, 0x3c, 0x05, 0x55, - 0xa9, 0xc3, 0xb3, 0x95, 0x90, 0x94, 0xa2, 0x57, 0x18, 0x54, 0x69, 0xad, 0x6b, 0xad, 0x9a, 0x35, - 0x70, 0x0c, 0x85, 0x8b, 0x4d, 0x3c, 0x26, 0x94, 0x13, 0x3f, 0x9e, 0xf5, 0x3d, 0x12, 0x24, 0xbc, - 0x9b, 0xc5, 0x08, 0xe5, 0xb5, 0xc5, 0x55, 0x93, 0xa8, 0x16, 0xca, 0x19, 0x00, 0xce, 0xb2, 0x47, - 0x9f, 0xb4, 0x60, 0xd8, 0xb9, 0x15, 0xeb, 0x9a, 0xd2, 0x22, 0x9e, 0xf4, 0x88, 0x4a, 0x2a, 0x55, - 0xa6, 0x9a, 0x7b, 0xad, 0x53, 0x4d, 0x38, 0xcd, 0x14, 0xbd, 0x61, 0x01, 0x22, 0x3b, 0xc4, 0x95, - 0x11, 0xaf, 0xa2, 0x2f, 0xfd, 0x45, 0x6c, 0x96, 0x2f, 0x74, 0xd0, 0xe5, 0x52, 0xbd, 0xb3, 0x1d, - 0xe7, 0xf4, 0x01, 0x5d, 0x06, 0x54, 0xf7, 0x62, 0x67, 0xdd, 0x27, 0xb3, 0x61, 0x53, 0xe6, 0x86, - 0x8a, 0xc3, 0xd7, 0x33, 0x62, 0x9c, 0xd1, 0x5c, 0x07, 0x06, 0xce, 0x79, 0x8a, 0xcd, 0xb2, 0x28, - 0xdc, 0xd9, 0xbd, 0x16, 0xf9, 0x4c, 0x4b, 0x98, 0xb3, 0x4c, 0xb4, 0x63, 0x85, 0x61, 0xff, 0x45, - 0x59, 0x2d, 0x65, 0x1d, 0xde, 0xed, 0x18, 0x61, 0xa6, 0xd6, 0xdd, 0x87, 0x99, 0xea, 0x20, 0x98, - 0xce, 0x8c, 0xe7, 0x54, 0x82, 0x64, 0xe9, 0x3e, 0x25, 0x48, 0xfe, 0xbc, 0x95, 0xaa, 0x36, 0x36, - 0x78, 0xfe, 0xa5, 0x62, 0x43, 0xcb, 0x27, 0x79, 0x80, 0x4e, 0x46, 0xaf, 0x64, 0xe2, 0xb2, 0x9e, - 0x82, 0xea, 0x86, 0xef, 0xb0, 0x1a, 0x19, 0x6c, 0xa1, 0x1a, 0xc1, 0x43, 0x17, 0x45, 0x3b, 0x56, - 0x18, 0x54, 0xea, 0x1b, 0x44, 0x0f, 0x25, 0xb5, 0xff, 0x53, 0x19, 0x06, 0x0d, 0x8d, 0x9f, 0x6b, - 0xbe, 0x59, 0x0f, 0x98, 0xf9, 0x56, 0x3a, 0x84, 0xf9, 0xf6, 0x73, 0x50, 0x73, 0xa5, 0x36, 0x2a, - 0xa6, 0x7a, 0x7a, 0x56, 0xc7, 0x69, 0x85, 0xa4, 0x9a, 0xb0, 0xe6, 0x89, 0xe6, 0x53, 0x49, 0x78, - 0x29, 0xbf, 0x40, 0x5e, 0x96, 0x9c, 0xd0, 0x68, 0x9d, 0xcf, 0x64, 0xcf, 0xa9, 0x2b, 0x07, 0x9f, - 0x53, 0xdb, 0xdf, 0xb1, 0xd4, 0xc7, 0xbd, 0x07, 0xd5, 0x56, 0x6e, 0xa6, 0xab, 0xad, 0x5c, 0x28, - 0x64, 0x98, 0xbb, 0x94, 0x59, 0xb9, 0x0a, 0x03, 0xb3, 0x61, 0xb3, 0xe9, 0x04, 0x75, 0xf4, 0xa3, - 0x30, 0xe0, 0xf2, 0x9f, 0xc2, 0x87, 0xc6, 0x4e, 0x62, 0x05, 0x14, 0x4b, 0x18, 0x3a, 0x0b, 0x7d, - 0x4e, 0xd4, 0x90, 0x7e, 0x33, 0x16, 0x31, 0x35, 0x1d, 0x35, 0x62, 0xcc, 0x5a, 0xed, 0x7f, 0xd6, - 0x07, 0x2c, 0x50, 0xc1, 0x89, 0x48, 0x7d, 0x2d, 0x64, 0x45, 0x4f, 0x8f, 0xf5, 0xfc, 0x52, 0x6f, - 0xea, 0x1e, 0xe4, 0x33, 0x4c, 0xe3, 0x1c, 0xab, 0x7c, 0x8f, 0xcf, 0xb1, 0xba, 0x1c, 0x4d, 0xf6, - 0x3d, 0x40, 0x47, 0x93, 0xf6, 0x67, 0x2d, 0x40, 0x2a, 0xba, 0x45, 0xc7, 0x0e, 0x4c, 0x41, 0x4d, - 0xc5, 0xb9, 0x08, 0x03, 0x50, 0x8b, 0x08, 0x09, 0xc0, 0x1a, 0xa7, 0x87, 0x9d, 0xfc, 0xe3, 0x52, - 0x7e, 0x97, 0xd3, 0xa1, 0xe5, 0x4c, 0xea, 0x0b, 0x71, 0x6e, 0xff, 0x6e, 0x09, 0x1e, 0xe2, 0xa6, - 0xc3, 0x92, 0x13, 0x38, 0x0d, 0xd2, 0xa4, 0xbd, 0xea, 0x35, 0x1a, 0xc4, 0xa5, 0x5b, 0x48, 0x4f, - 0x06, 0x82, 0x1f, 0x75, 0xed, 0xf2, 0x35, 0xc7, 0x57, 0xd9, 0x42, 0xe0, 0x25, 0x98, 0x11, 0x47, - 0x31, 0x54, 0xe5, 0xd5, 0x22, 0x42, 0x16, 0x17, 0xc4, 0x48, 0x89, 0x25, 0xa1, 0x65, 0x09, 0x56, - 0x8c, 0xa8, 0x2a, 0xf5, 0x43, 0x77, 0x0b, 0x93, 0x56, 0x98, 0x55, 0xa5, 0x8b, 0xa2, 0x1d, 0x2b, - 0x0c, 0xbb, 0x09, 0xa3, 0x72, 0x0c, 0x5b, 0x57, 0xc8, 0x2e, 0x26, 0x1b, 0x54, 0xff, 0xb8, 0xb2, - 0xc9, 0xb8, 0xed, 0x44, 0xe9, 0x9f, 0x59, 0x13, 0x88, 0xd3, 0xb8, 0xb2, 0x0e, 0x6a, 0x29, 0xbf, - 0x0e, 0xaa, 0xfd, 0xbb, 0x16, 0x64, 0x15, 0xa0, 0x51, 0xf5, 0xd1, 0xda, 0xb7, 0xea, 0xe3, 0x21, - 0xea, 0x26, 0xfe, 0x0c, 0x0c, 0x3a, 0x09, 0xb5, 0x70, 0xb8, 0x37, 0xa2, 0x7c, 0x77, 0x07, 0x56, - 0x4b, 0x61, 0xdd, 0xdb, 0xf0, 0x98, 0x17, 0xc2, 0x24, 0x67, 0xff, 0x55, 0x1f, 0x8c, 0x75, 0xe4, - 0x71, 0xa1, 0xe7, 0x61, 0x48, 0x0d, 0x85, 0xf4, 0xf3, 0xd5, 0xcc, 0xd0, 0x4a, 0x0d, 0xc3, 0x29, - 0xcc, 0x1e, 0xd6, 0xc3, 0x02, 0x9c, 0x8c, 0xc8, 0xab, 0x6d, 0xd2, 0x26, 0xd3, 0x1b, 0x09, 0x89, - 0x56, 0x89, 0x1b, 0x06, 0x75, 0x5e, 0x9b, 0xb4, 0x3c, 0xf3, 0xf0, 0xed, 0xbd, 0x89, 0x93, 0xb8, - 0x13, 0x8c, 0xf3, 0x9e, 0x41, 0x2d, 0x18, 0xf6, 0x4d, 0x03, 0x55, 0xec, 0x8b, 0xee, 0xca, 0xb6, - 0x55, 0x53, 0x22, 0xd5, 0x8c, 0xd3, 0x0c, 0xd2, 0x56, 0x6e, 0xe5, 0x3e, 0x59, 0xb9, 0x9f, 0xd0, - 0x56, 0x2e, 0x8f, 0xac, 0xf8, 0x40, 0xc1, 0x79, 0x7c, 0xbd, 0x98, 0xb9, 0x47, 0x31, 0x5c, 0x5f, - 0x84, 0xaa, 0x8c, 0x3a, 0xeb, 0x29, 0x5a, 0xcb, 0xa4, 0xd3, 0x45, 0x80, 0x3e, 0x01, 0x6f, 0xbb, - 0x10, 0x45, 0xc6, 0x60, 0x5e, 0x0d, 0x93, 0x69, 0xdf, 0x0f, 0x6f, 0x51, 0x9b, 0xe0, 0x5a, 0x4c, - 0x84, 0xe3, 0xc9, 0xbe, 0x53, 0x82, 0x9c, 0x3d, 0x1c, 0x5d, 0x8f, 0xda, 0x10, 0x49, 0xad, 0xc7, - 0xc3, 0x19, 0x23, 0x68, 0x87, 0x47, 0xe6, 0x71, 0x95, 0xfb, 0xfe, 0xa2, 0xf7, 0xa0, 0x3a, 0x58, - 0x4f, 0x89, 0x23, 0x15, 0xb0, 0x77, 0x1e, 0x40, 0xdb, 0x8f, 0x22, 0x75, 0x44, 0x1d, 0xfc, 0x6b, - 0x33, 0x13, 0x1b, 0x58, 0xe8, 0x39, 0x18, 0xf4, 0x82, 0x38, 0x71, 0x7c, 0xff, 0x92, 0x17, 0x24, - 0xc2, 0xb7, 0xaa, 0x6c, 0x8b, 0x05, 0x0d, 0xc2, 0x26, 0xde, 0x99, 0x77, 0x1a, 0xdf, 0xef, 0x30, - 0xdf, 0x7d, 0x13, 0x1e, 0x99, 0xf7, 0x12, 0x95, 0xf0, 0xa4, 0xe6, 0x1b, 0x35, 0x0f, 0x55, 0x8a, - 0x9f, 0xd5, 0x35, 0xc5, 0xcf, 0x48, 0x38, 0x2a, 0xa5, 0xf3, 0xa3, 0xb2, 0x09, 0x47, 0xf6, 0xf3, - 0x70, 0x6a, 0xde, 0x4b, 0x2e, 0x7a, 0x3e, 0x39, 0x24, 0x13, 0xfb, 0x77, 0xfa, 0x61, 0xc8, 0x4c, - 0xee, 0x3d, 0x4c, 0x96, 0xe2, 0xe7, 0xa9, 0x05, 0x28, 0xde, 0xce, 0x53, 0xc7, 0xa6, 0x37, 0x8e, - 0x9c, 0x69, 0x9c, 0x3f, 0x62, 0x86, 0x11, 0xa8, 0x79, 0x62, 0xb3, 0x03, 0xe8, 0x16, 0x54, 0x36, - 0x58, 0x42, 0x4c, 0xb9, 0x88, 0xd8, 0x92, 0xbc, 0x11, 0xd5, 0xcb, 0x91, 0xa7, 0xd4, 0x70, 0x7e, - 0x54, 0x71, 0x47, 0xe9, 0x3c, 0x4c, 0x23, 0xf0, 0x59, 0x64, 0x60, 0x2a, 0x8c, 0x6e, 0x2a, 0xa1, - 0x72, 0x17, 0x2a, 0x21, 0x25, 0xa0, 0xfb, 0xef, 0x93, 0x80, 0x66, 0xc9, 0x4d, 0xc9, 0x26, 0x33, - 0x2b, 0x45, 0xa6, 0xc6, 0x00, 0x1b, 0x04, 0x23, 0xb9, 0x29, 0x05, 0xc6, 0x59, 0x7c, 0xf4, 0x51, - 0x25, 0xe2, 0xab, 0x45, 0xb8, 0xa5, 0xcd, 0x19, 0x7d, 0xdc, 0xd2, 0xfd, 0xb3, 0x25, 0x18, 0x99, - 0x0f, 0xda, 0x2b, 0xf3, 0x2b, 0xed, 0x75, 0xdf, 0x73, 0xaf, 0x90, 0x5d, 0x2a, 0xc2, 0xb7, 0xc8, - 0xee, 0xc2, 0x9c, 0x58, 0x41, 0x6a, 0xce, 0x5c, 0xa1, 0x8d, 0x98, 0xc3, 0xa8, 0x30, 0xda, 0xf0, - 0x82, 0x06, 0x89, 0x5a, 0x91, 0x27, 0x3c, 0xc6, 0x86, 0x30, 0xba, 0xa8, 0x41, 0xd8, 0xc4, 0xa3, - 0xb4, 0xc3, 0x5b, 0x01, 0x89, 0xb2, 0xf6, 0xf5, 0x32, 0x6d, 0xc4, 0x1c, 0x46, 0x91, 0x92, 0xa8, - 0x2d, 0x1c, 0x32, 0x06, 0xd2, 0x1a, 0x6d, 0xc4, 0x1c, 0x46, 0x57, 0x7a, 0xdc, 0x5e, 0x67, 0xa1, - 0x3b, 0x99, 0xb4, 0x90, 0x55, 0xde, 0x8c, 0x25, 0x9c, 0xa2, 0x6e, 0x91, 0xdd, 0x39, 0xba, 0x19, - 0xcf, 0x64, 0xba, 0x5d, 0xe1, 0xcd, 0x58, 0xc2, 0x59, 0xf5, 0xd4, 0xf4, 0x70, 0xfc, 0xc0, 0x55, - 0x4f, 0x4d, 0x77, 0xbf, 0xcb, 0xb6, 0xfe, 0xd7, 0x2c, 0x18, 0x32, 0x03, 0xee, 0x50, 0x23, 0x63, - 0x0b, 0x2f, 0x77, 0x14, 0xdf, 0x7e, 0x77, 0xde, 0xc5, 0x94, 0x0d, 0x2f, 0x09, 0x5b, 0xf1, 0xd3, - 0x24, 0x68, 0x78, 0x01, 0x61, 0x01, 0x11, 0x3c, 0x50, 0x2f, 0x15, 0xcd, 0x37, 0x1b, 0xd6, 0xc9, - 0x5d, 0x18, 0xd3, 0xf6, 0x0d, 0x18, 0xeb, 0x48, 0x6f, 0xec, 0xc1, 0x04, 0x39, 0x30, 0xfd, 0xdc, - 0xc6, 0x30, 0x48, 0x09, 0xcb, 0x0a, 0x5e, 0xb3, 0x30, 0xc6, 0x17, 0x12, 0xe5, 0xb4, 0xea, 0x6e, - 0x92, 0xa6, 0x4a, 0x59, 0x65, 0xc7, 0x13, 0xd7, 0xb3, 0x40, 0xdc, 0x89, 0x6f, 0x7f, 0xce, 0x82, - 0xe1, 0x54, 0xc6, 0x69, 0x41, 0xc6, 0x12, 0x5b, 0x69, 0x21, 0x8b, 0xff, 0x64, 0x41, 0xf0, 0x65, - 0xa6, 0x4c, 0xf5, 0x4a, 0xd3, 0x20, 0x6c, 0xe2, 0xd9, 0x5f, 0x2c, 0x41, 0x55, 0xc6, 0xd0, 0xf4, - 0xd0, 0x95, 0xcf, 0x58, 0x30, 0xac, 0x8e, 0x84, 0x98, 0x0f, 0xaf, 0x54, 0x44, 0x4a, 0x0d, 0xed, - 0x81, 0xf2, 0x02, 0x04, 0x1b, 0xa1, 0xb6, 0xdc, 0xb1, 0xc9, 0x0c, 0xa7, 0x79, 0xa3, 0xeb, 0x00, - 0xf1, 0x6e, 0x9c, 0x90, 0xa6, 0xe1, 0x4d, 0xb4, 0x8d, 0x15, 0x37, 0xe9, 0x86, 0x11, 0xa1, 0xeb, - 0xeb, 0x6a, 0x58, 0x27, 0xab, 0x0a, 0x53, 0x9b, 0x50, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0x7f, 0x52, - 0x82, 0x13, 0xd9, 0x2e, 0xa1, 0x0f, 0xc0, 0x90, 0xe4, 0x6e, 0xec, 0x3a, 0x65, 0x04, 0xd0, 0x10, - 0x36, 0x60, 0x77, 0xf6, 0x26, 0x26, 0x3a, 0x2f, 0x39, 0x9d, 0x34, 0x51, 0x70, 0x8a, 0x18, 0x3f, - 0x97, 0x13, 0x07, 0xc8, 0x33, 0xbb, 0xd3, 0xad, 0x96, 0x38, 0x5c, 0x33, 0xce, 0xe5, 0x4c, 0x28, - 0xce, 0x60, 0xa3, 0x15, 0x38, 0x65, 0xb4, 0x5c, 0x25, 0x5e, 0x63, 0x73, 0x3d, 0x8c, 0xe4, 0x0e, - 0xec, 0xac, 0x0e, 0xed, 0xeb, 0xc4, 0xc1, 0xb9, 0x4f, 0x52, 0x6d, 0xef, 0x3a, 0x2d, 0xc7, 0xf5, - 0x92, 0x5d, 0xe1, 0x1e, 0x55, 0xb2, 0x69, 0x56, 0xb4, 0x63, 0x85, 0x61, 0x2f, 0x41, 0x5f, 0x8f, - 0x33, 0xa8, 0x27, 0xcb, 0xff, 0x45, 0xa8, 0x52, 0x72, 0xd2, 0xbc, 0x2b, 0x82, 0x64, 0x08, 0x55, - 0x79, 0x65, 0x14, 0xb2, 0xa1, 0xec, 0x39, 0xf2, 0xe8, 0x53, 0xbd, 0xd6, 0x42, 0x1c, 0xb7, 0xd9, - 0x66, 0x9a, 0x02, 0xd1, 0xe3, 0x50, 0x26, 0x3b, 0xad, 0xec, 0x19, 0xe7, 0x85, 0x9d, 0x96, 0x17, - 0x91, 0x98, 0x22, 0x91, 0x9d, 0x16, 0x3a, 0x03, 0x25, 0xaf, 0x2e, 0x94, 0x14, 0x08, 0x9c, 0xd2, - 0xc2, 0x1c, 0x2e, 0x79, 0x75, 0x7b, 0x07, 0x6a, 0xea, 0x8e, 0x2a, 0xb4, 0x25, 0x65, 0xb7, 0x55, - 0x44, 0xd0, 0x9b, 0xa4, 0xdb, 0x45, 0x6a, 0xb7, 0x01, 0x74, 0xba, 0x6a, 0x51, 0xf2, 0xe5, 0x1c, - 0xf4, 0xb9, 0xa1, 0x28, 0x0b, 0x50, 0xd5, 0x64, 0x98, 0xd0, 0x66, 0x10, 0xfb, 0x06, 0x8c, 0x5c, - 0x09, 0xc2, 0x5b, 0xec, 0x2a, 0x09, 0x56, 0x39, 0x91, 0x12, 0xde, 0xa0, 0x3f, 0xb2, 0x26, 0x02, - 0x83, 0x62, 0x0e, 0x53, 0x35, 0xdd, 0x4a, 0xdd, 0x6a, 0xba, 0xd9, 0x1f, 0xb3, 0x60, 0x48, 0xe5, - 0xbd, 0xcd, 0x6f, 0x6f, 0x51, 0xba, 0x8d, 0x28, 0x6c, 0xb7, 0xb2, 0x74, 0xd9, 0x75, 0x78, 0x98, - 0xc3, 0xcc, 0x84, 0xd0, 0xd2, 0x01, 0x09, 0xa1, 0xe7, 0xa0, 0x6f, 0xcb, 0x0b, 0xea, 0xd9, 0x6b, - 0x91, 0xae, 0x78, 0x41, 0x1d, 0x33, 0x08, 0xed, 0xc2, 0x09, 0xd5, 0x05, 0xa9, 0x10, 0x9e, 0x87, - 0xa1, 0xf5, 0xb6, 0xe7, 0xd7, 0x65, 0x49, 0xc8, 0x8c, 0x47, 0x65, 0xc6, 0x80, 0xe1, 0x14, 0x26, - 0xdd, 0xd7, 0xad, 0x7b, 0x81, 0x13, 0xed, 0xae, 0x68, 0x0d, 0xa4, 0x84, 0xd2, 0x8c, 0x82, 0x60, - 0x03, 0xcb, 0x7e, 0xbd, 0x0c, 0x23, 0xe9, 0xec, 0xbf, 0x1e, 0xb6, 0x57, 0x8f, 0x43, 0x85, 0x25, - 0x04, 0x66, 0x3f, 0x2d, 0xaf, 0xa2, 0xc8, 0x61, 0x28, 0x86, 0x7e, 0x5e, 0x38, 0xa5, 0x98, 0x2b, - 0xc5, 0x54, 0x27, 0x95, 0x1f, 0x86, 0x85, 0x06, 0x8a, 0x5a, 0x2d, 0x82, 0x15, 0xfa, 0xa4, 0x05, - 0x03, 0x61, 0xcb, 0xac, 0x05, 0xf6, 0xfe, 0x22, 0x33, 0x23, 0x45, 0xba, 0x94, 0xb0, 0x88, 0xd5, - 0xa7, 0x97, 0x9f, 0x43, 0xb2, 0x3e, 0xf3, 0x2e, 0x18, 0x32, 0x31, 0x0f, 0x32, 0x8a, 0xab, 0xa6, - 0x51, 0xfc, 0x19, 0x73, 0x52, 0x88, 0xdc, 0xcf, 0x1e, 0x96, 0xdb, 0x35, 0xa8, 0xb8, 0x2a, 0x7e, - 0xe2, 0xae, 0x0a, 0x09, 0xab, 0x4a, 0x26, 0xec, 0x6c, 0x8a, 0x53, 0xb3, 0xbf, 0x63, 0x19, 0xf3, - 0x03, 0x93, 0x78, 0xa1, 0x8e, 0x22, 0x28, 0x37, 0xb6, 0xb7, 0x84, 0x29, 0x7a, 0xb9, 0xa0, 0xe1, - 0x9d, 0xdf, 0xde, 0xd2, 0x73, 0xdc, 0x6c, 0xc5, 0x94, 0x59, 0x0f, 0xce, 0xc2, 0x54, 0x8a, 0x70, - 0xf9, 0xe0, 0x14, 0x61, 0xfb, 0x8d, 0x12, 0x8c, 0x75, 0x4c, 0x2a, 0xf4, 0x1a, 0x54, 0x22, 0xfa, - 0x96, 0xe2, 0xf5, 0x16, 0x0b, 0x4b, 0xea, 0x8d, 0x17, 0xea, 0x5a, 0xef, 0xa6, 0xdb, 0x31, 0x67, - 0x89, 0x2e, 0x03, 0xd2, 0x51, 0x3e, 0xca, 0x53, 0xc9, 0x5f, 0x59, 0x85, 0x02, 0x4c, 0x77, 0x60, - 0xe0, 0x9c, 0xa7, 0xd0, 0x0b, 0x59, 0x87, 0x67, 0x39, 0xed, 0xce, 0xde, 0xcf, 0x77, 0x69, 0xff, - 0x56, 0x09, 0x86, 0x53, 0xa5, 0xd9, 0x90, 0x0f, 0x55, 0xe2, 0xb3, 0xb3, 0x06, 0xa9, 0x6c, 0x8e, - 0x5a, 0x68, 0x5d, 0x29, 0xc8, 0x0b, 0x82, 0x2e, 0x56, 0x1c, 0x1e, 0x8c, 0x08, 0x81, 0xe7, 0x61, - 0x48, 0x76, 0xe8, 0xfd, 0x4e, 0xd3, 0x17, 0x03, 0xa8, 0xe6, 0xe8, 0x05, 0x03, 0x86, 0x53, 0x98, - 0xf6, 0xef, 0x95, 0x61, 0x9c, 0x1f, 0xce, 0xd4, 0xd5, 0xcc, 0x5b, 0x92, 0xfb, 0xad, 0xbf, 0xa1, - 0x0b, 0x28, 0x5a, 0x45, 0xdc, 0x26, 0xda, 0x8d, 0x51, 0x4f, 0x81, 0x6d, 0x5f, 0xc9, 0x04, 0xb6, - 0x71, 0xb3, 0xbb, 0x71, 0x4c, 0x3d, 0xfa, 0xc1, 0x8a, 0x74, 0xfb, 0x87, 0x25, 0x18, 0xcd, 0x5c, - 0x1a, 0x83, 0x5e, 0x4f, 0xd7, 0x19, 0xb7, 0x8a, 0xf0, 0xa9, 0xef, 0x7b, 0x8f, 0xc8, 0xe1, 0xaa, - 0x8d, 0xdf, 0xa7, 0xa5, 0x62, 0x7f, 0xbb, 0x04, 0x23, 0xe9, 0xdb, 0x6e, 0x1e, 0xc0, 0x91, 0x7a, - 0x07, 0xd4, 0xd8, 0x85, 0x0e, 0xec, 0x92, 0x66, 0xee, 0x92, 0xe7, 0xb5, 0xf3, 0x65, 0x23, 0xd6, - 0xf0, 0x07, 0xa2, 0x88, 0xbb, 0xfd, 0x8f, 0x2d, 0x38, 0xcd, 0xdf, 0x32, 0x3b, 0x0f, 0xff, 0x66, - 0xde, 0xe8, 0xbe, 0x5c, 0x6c, 0x07, 0x33, 0x85, 0x3f, 0x0f, 0x1a, 0x5f, 0x76, 0xa7, 0xaa, 0xe8, - 0x6d, 0x7a, 0x2a, 0x3c, 0x80, 0x9d, 0x3d, 0xd4, 0x64, 0xb0, 0xbf, 0x5d, 0x06, 0x7d, 0x8d, 0x2c, - 0xf2, 0x44, 0x96, 0x6b, 0x21, 0x05, 0x50, 0x57, 0x77, 0x03, 0x57, 0x5f, 0x58, 0x5b, 0xcd, 0x24, - 0xb9, 0xfe, 0xa2, 0x05, 0x83, 0x5e, 0xe0, 0x25, 0x9e, 0xc3, 0xb6, 0xd1, 0xc5, 0xdc, 0x05, 0xa9, - 0xd8, 0x2d, 0x70, 0xca, 0x61, 0x64, 0x9e, 0xe3, 0x28, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, 0x24, 0x62, - 0xcf, 0xcb, 0x85, 0xe5, 0x67, 0x57, 0x33, 0x01, 0xe7, 0x2d, 0x6a, 0x78, 0x25, 0x51, 0x41, 0x65, - 0x0d, 0x30, 0x25, 0xa5, 0x6a, 0x69, 0x2b, 0xd3, 0x96, 0x35, 0x63, 0xce, 0xc8, 0x8e, 0x01, 0x75, - 0x8e, 0xc5, 0x21, 0xe3, 0x7a, 0xa7, 0xa0, 0xe6, 0xb4, 0x93, 0xb0, 0x49, 0x87, 0x49, 0x1c, 0x35, - 0xe9, 0xc8, 0x65, 0x09, 0xc0, 0x1a, 0xc7, 0x7e, 0xbd, 0x02, 0x99, 0xb4, 0x53, 0xb4, 0x63, 0x5e, - 0x81, 0x6c, 0x15, 0x7b, 0x05, 0xb2, 0xea, 0x4c, 0xde, 0x35, 0xc8, 0xa8, 0x01, 0x95, 0xd6, 0xa6, - 0x13, 0x4b, 0xb3, 0xfa, 0x45, 0xb5, 0x8f, 0xa3, 0x8d, 0x77, 0xf6, 0x26, 0x7e, 0xba, 0x37, 0xaf, - 0x2b, 0x9d, 0xab, 0x53, 0xbc, 0x54, 0x8e, 0x66, 0xcd, 0x68, 0x60, 0x4e, 0xff, 0x30, 0xb7, 0x61, - 0x7e, 0x5c, 0xdc, 0x5c, 0x81, 0x49, 0xdc, 0xf6, 0x13, 0x31, 0x1b, 0x5e, 0x2c, 0x70, 0x95, 0x71, - 0xc2, 0xba, 0x60, 0x02, 0xff, 0x8f, 0x0d, 0xa6, 0xe8, 0x03, 0x50, 0x8b, 0x13, 0x27, 0x4a, 0xee, - 0x32, 0xc5, 0x59, 0x97, 0x34, 0x93, 0x44, 0xb0, 0xa6, 0x87, 0x5e, 0x62, 0xf5, 0xa0, 0xbd, 0x78, - 0xf3, 0x2e, 0x53, 0x46, 0x64, 0xed, 0x68, 0x41, 0x01, 0x1b, 0xd4, 0xd0, 0x79, 0x00, 0x36, 0xb7, - 0x79, 0xfc, 0x61, 0x95, 0x79, 0x99, 0x94, 0x28, 0xc4, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0xc7, 0x21, - 0x5d, 0xf1, 0x03, 0x4d, 0xc8, 0x02, 0x23, 0xdc, 0x0b, 0xcd, 0x52, 0x3f, 0x52, 0xb5, 0x40, 0x7e, - 0xc3, 0x02, 0xb3, 0x2c, 0x09, 0x7a, 0x95, 0xd7, 0x3f, 0xb1, 0x8a, 0x38, 0x39, 0x34, 0xe8, 0x4e, - 0x2e, 0x39, 0xad, 0xcc, 0x11, 0xb6, 0x2c, 0x82, 0x72, 0xe6, 0x9d, 0x50, 0x95, 0xd0, 0x43, 0x19, - 0x75, 0x1f, 0x85, 0x93, 0x32, 0x8d, 0x54, 0xfa, 0x4d, 0xc5, 0xa9, 0xd3, 0xc1, 0xae, 0x1f, 0xe9, - 0xcf, 0x29, 0x75, 0xf3, 0xe7, 0xf4, 0x70, 0x11, 0xf6, 0x6f, 0x5a, 0x70, 0x2e, 0xdb, 0x81, 0x78, - 0x29, 0x0c, 0xbc, 0x24, 0x8c, 0x56, 0x49, 0x92, 0x78, 0x41, 0x83, 0x95, 0x7d, 0xbb, 0xe5, 0x44, - 0xb2, 0x50, 0x3f, 0x13, 0x94, 0x37, 0x9c, 0x28, 0xc0, 0xac, 0x15, 0xed, 0x42, 0x3f, 0x0f, 0x52, - 0x13, 0xd6, 0xfa, 0x11, 0xd7, 0x46, 0xce, 0x70, 0xe8, 0xed, 0x02, 0x0f, 0x90, 0xc3, 0x82, 0xa1, - 0xfd, 0x3d, 0x0b, 0xd0, 0xf2, 0x36, 0x89, 0x22, 0xaf, 0x6e, 0x84, 0xd5, 0xb1, 0x1b, 0xa0, 0x8c, - 0x9b, 0x9e, 0xcc, 0x24, 0xe7, 0xcc, 0x0d, 0x50, 0xc6, 0xbf, 0xfc, 0x1b, 0xa0, 0x4a, 0x87, 0xbb, - 0x01, 0x0a, 0x2d, 0xc3, 0xe9, 0x26, 0xdf, 0x6e, 0xf0, 0x5b, 0x55, 0xf8, 0xde, 0x43, 0xe5, 0xe3, - 0x3d, 0x72, 0x7b, 0x6f, 0xe2, 0xf4, 0x52, 0x1e, 0x02, 0xce, 0x7f, 0xce, 0x7e, 0x27, 0x20, 0x1e, - 0x4d, 0x37, 0x9b, 0x17, 0xab, 0xd4, 0xd5, 0xfd, 0x62, 0x7f, 0xb9, 0x02, 0xa3, 0x99, 0x32, 0xce, - 0x74, 0xab, 0xd7, 0x19, 0x1c, 0x75, 0x64, 0xfd, 0xdd, 0xd9, 0xbd, 0x9e, 0xc2, 0xad, 0x02, 0xa8, - 0x78, 0x41, 0xab, 0x9d, 0x14, 0x93, 0x0e, 0xcc, 0x3b, 0xb1, 0x40, 0x09, 0x1a, 0xee, 0x62, 0xfa, - 0x17, 0x73, 0x36, 0x45, 0x06, 0x6f, 0xa5, 0x8c, 0xf1, 0xbe, 0xfb, 0xe4, 0x0e, 0xf8, 0xb8, 0x0e, - 0xa5, 0xaa, 0x14, 0xe1, 0x58, 0xcc, 0x4c, 0x96, 0xe3, 0x3e, 0x6a, 0xff, 0x46, 0x09, 0x06, 0x8d, - 0x8f, 0x86, 0x7e, 0x35, 0x5d, 0xb4, 0xcb, 0x2a, 0xee, 0x95, 0x18, 0xfd, 0x49, 0x5d, 0x96, 0x8b, - 0xbf, 0xd2, 0x13, 0x9d, 0xf5, 0xba, 0xee, 0xec, 0x4d, 0x9c, 0xc8, 0x54, 0xe4, 0x4a, 0xd5, 0xf0, - 0x3a, 0xf3, 0x11, 0x18, 0xcd, 0x90, 0xc9, 0x79, 0xe5, 0x35, 0xf3, 0x95, 0x8f, 0xec, 0x96, 0x32, - 0x87, 0xec, 0xeb, 0x74, 0xc8, 0x44, 0x16, 0x62, 0xe8, 0x93, 0x1e, 0x7c, 0xb0, 0x99, 0x64, 0xe3, - 0x52, 0x8f, 0xc9, 0xc6, 0x4f, 0x42, 0xb5, 0x15, 0xfa, 0x9e, 0xeb, 0xa9, 0x1a, 0x9a, 0x2c, 0xbd, - 0x79, 0x45, 0xb4, 0x61, 0x05, 0x45, 0xb7, 0xa0, 0x76, 0xf3, 0x56, 0xc2, 0x4f, 0x7f, 0x84, 0x7f, - 0xbb, 0xa8, 0x43, 0x1f, 0x65, 0xb4, 0xa8, 0xe3, 0x25, 0xac, 0x79, 0x21, 0x1b, 0xfa, 0x99, 0x12, - 0x94, 0x19, 0x09, 0xcc, 0xf7, 0xce, 0xb4, 0x63, 0x8c, 0x05, 0xc4, 0xfe, 0x5a, 0x0d, 0x4e, 0xe5, - 0xd5, 0xd2, 0x47, 0x1f, 0x86, 0x7e, 0xde, 0xc7, 0x62, 0xae, 0x6b, 0xc9, 0xe3, 0x31, 0xcf, 0x08, - 0x8a, 0x6e, 0xb1, 0xdf, 0x58, 0xf0, 0x14, 0xdc, 0x7d, 0x67, 0x5d, 0xcc, 0x90, 0xe3, 0xe1, 0xbe, - 0xe8, 0x68, 0xee, 0x8b, 0x0e, 0xe7, 0xee, 0x3b, 0xeb, 0x68, 0x07, 0x2a, 0x0d, 0x2f, 0x21, 0x8e, - 0x70, 0x22, 0xdc, 0x38, 0x16, 0xe6, 0xc4, 0xe1, 0x56, 0x1a, 0xfb, 0x89, 0x39, 0x43, 0xf4, 0x55, - 0x0b, 0x46, 0xd7, 0xd3, 0x55, 0x0e, 0x84, 0xf0, 0x74, 0x8e, 0xe1, 0xbe, 0x84, 0x34, 0x23, 0x7e, - 0x05, 0x5a, 0xa6, 0x11, 0x67, 0xbb, 0x83, 0x3e, 0x61, 0xc1, 0xc0, 0x86, 0xe7, 0x1b, 0x05, 0xa9, - 0x8f, 0xe1, 0xe3, 0x5c, 0x64, 0x0c, 0xf4, 0x8e, 0x83, 0xff, 0x8f, 0xb1, 0xe4, 0xdc, 0x4d, 0x53, - 0xf5, 0x1f, 0x55, 0x53, 0x0d, 0xdc, 0x27, 0x4d, 0xf5, 0x69, 0x0b, 0x6a, 0x6a, 0xa4, 0x45, 0xb6, - 0xf8, 0x07, 0x8e, 0xf1, 0x93, 0x73, 0xcf, 0x89, 0xfa, 0x8b, 0x35, 0x73, 0xf4, 0x05, 0x0b, 0x06, - 0x9d, 0xd7, 0xda, 0x11, 0xa9, 0x93, 0xed, 0xb0, 0x15, 0x8b, 0xfb, 0x53, 0x5f, 0x2e, 0xbe, 0x33, - 0xd3, 0x94, 0xc9, 0x1c, 0xd9, 0x5e, 0x6e, 0xc5, 0x22, 0x5b, 0x4a, 0x37, 0x60, 0xb3, 0x0b, 0xf6, - 0x5e, 0x09, 0x26, 0x0e, 0xa0, 0x80, 0x9e, 0x87, 0xa1, 0x30, 0x6a, 0x38, 0x81, 0xf7, 0x9a, 0x59, - 0xb6, 0x44, 0x59, 0x59, 0xcb, 0x06, 0x0c, 0xa7, 0x30, 0xcd, 0x7c, 0xf6, 0xd2, 0x01, 0xf9, 0xec, - 0xe7, 0xa0, 0x2f, 0x22, 0xad, 0x30, 0xbb, 0x59, 0x60, 0x99, 0x0a, 0x0c, 0x82, 0x1e, 0x85, 0xb2, - 0xd3, 0xf2, 0x44, 0x20, 0x9a, 0xda, 0x03, 0x4d, 0xaf, 0x2c, 0x60, 0xda, 0x9e, 0x2a, 0xaf, 0x51, - 0xb9, 0x27, 0xe5, 0x35, 0xa8, 0x1a, 0x10, 0x67, 0x17, 0xfd, 0x5a, 0x0d, 0xa4, 0xcf, 0x14, 0xec, - 0x37, 0xca, 0xf0, 0xe8, 0xbe, 0xf3, 0x45, 0xc7, 0xe1, 0x59, 0xfb, 0xc4, 0xe1, 0xc9, 0xe1, 0x29, - 0x1d, 0x34, 0x3c, 0xe5, 0x2e, 0xc3, 0xf3, 0x09, 0xba, 0x0c, 0x64, 0xb9, 0x97, 0x62, 0x6e, 0xc0, - 0xec, 0x56, 0x3d, 0x46, 0xac, 0x00, 0x09, 0xc5, 0x9a, 0x2f, 0xdd, 0x03, 0xa4, 0x72, 0xb9, 0x2b, - 0x45, 0xa8, 0x81, 0xae, 0x25, 0x57, 0xf8, 0xdc, 0xef, 0x96, 0x20, 0x6e, 0xff, 0x76, 0x1f, 0x3c, - 0xde, 0x83, 0xf4, 0x36, 0x67, 0xb1, 0xd5, 0xe3, 0x2c, 0xfe, 0x01, 0xff, 0x4c, 0x9f, 0xca, 0xfd, - 0x4c, 0xb8, 0xf8, 0xcf, 0xb4, 0xff, 0x17, 0x42, 0x4f, 0x41, 0xd5, 0x0b, 0x62, 0xe2, 0xb6, 0x23, - 0x1e, 0x93, 0x6c, 0xa4, 0x31, 0x2d, 0x88, 0x76, 0xac, 0x30, 0xe8, 0x9e, 0xce, 0x75, 0xe8, 0xf2, - 0x1f, 0x28, 0x28, 0x77, 0xd7, 0xcc, 0x88, 0xe2, 0x26, 0xc5, 0xec, 0x34, 0x95, 0x00, 0x9c, 0x8d, - 0xfd, 0xb7, 0x2c, 0x38, 0xd3, 0x5d, 0xc5, 0xa2, 0x67, 0x60, 0x70, 0x3d, 0x72, 0x02, 0x77, 0x93, - 0xdd, 0x7d, 0x2c, 0xa7, 0x0e, 0x7b, 0x5f, 0xdd, 0x8c, 0x4d, 0x1c, 0x34, 0x0b, 0x63, 0x3c, 0x72, - 0xc3, 0xc0, 0x90, 0x99, 0xbf, 0xb7, 0xf7, 0x26, 0xc6, 0xd6, 0xb2, 0x40, 0xdc, 0x89, 0x6f, 0x7f, - 0xbf, 0x9c, 0xdf, 0x2d, 0x6e, 0x8a, 0x1d, 0x66, 0x36, 0x8b, 0xb9, 0x5a, 0xea, 0x41, 0xe2, 0x96, - 0xef, 0xb5, 0xc4, 0xed, 0xeb, 0x26, 0x71, 0xd1, 0x1c, 0x9c, 0x30, 0x2e, 0xa7, 0xe2, 0xd9, 0xdc, - 0x3c, 0x2c, 0x59, 0x95, 0x62, 0x59, 0xc9, 0xc0, 0x71, 0xc7, 0x13, 0x0f, 0xf8, 0xd4, 0xfb, 0xb5, - 0x12, 0x3c, 0xd2, 0xd5, 0xfa, 0xbd, 0x47, 0x1a, 0xc5, 0xfc, 0xfc, 0x7d, 0xf7, 0xe6, 0xf3, 0x9b, - 0x1f, 0xa5, 0x72, 0xd0, 0x47, 0xb1, 0xff, 0xb8, 0xd4, 0x75, 0x21, 0xd0, 0x9d, 0xd0, 0x0f, 0xed, - 0x28, 0xbd, 0x00, 0xc3, 0x4e, 0xab, 0xc5, 0xf1, 0x58, 0x14, 0x6d, 0xa6, 0xf4, 0xd3, 0xb4, 0x09, - 0xc4, 0x69, 0xdc, 0x9e, 0x6c, 0x9a, 0x3f, 0xb1, 0xa0, 0x86, 0xc9, 0x06, 0x97, 0x46, 0xe8, 0xa6, - 0x18, 0x22, 0xab, 0x88, 0x3a, 0xb7, 0x74, 0x60, 0x63, 0x8f, 0xd5, 0x7f, 0xcd, 0x1b, 0xec, 0xce, - 0xcb, 0xca, 0x4a, 0x87, 0xba, 0xac, 0x4c, 0x5d, 0x57, 0x55, 0xee, 0x7e, 0x5d, 0x95, 0xfd, 0xdd, - 0x01, 0xfa, 0x7a, 0xad, 0x70, 0x36, 0x22, 0xf5, 0x98, 0x7e, 0xdf, 0x76, 0xe4, 0x8b, 0x49, 0xa2, - 0xbe, 0xef, 0x35, 0xbc, 0x88, 0x69, 0x7b, 0xea, 0x80, 0xac, 0x74, 0xa8, 0xc2, 0x37, 0xe5, 0x03, - 0x0b, 0xdf, 0xbc, 0x00, 0xc3, 0x71, 0xbc, 0xb9, 0x12, 0x79, 0xdb, 0x4e, 0x42, 0xae, 0x90, 0x5d, - 0x61, 0xfb, 0xea, 0x22, 0x10, 0xab, 0x97, 0x34, 0x10, 0xa7, 0x71, 0xd1, 0x3c, 0x8c, 0xe9, 0xf2, - 0x33, 0x24, 0x4a, 0x58, 0xce, 0x05, 0x9f, 0x09, 0x2a, 0xe3, 0x5b, 0x17, 0xac, 0x11, 0x08, 0xb8, - 0xf3, 0x19, 0x2a, 0x4f, 0x53, 0x8d, 0xb4, 0x23, 0xfd, 0x69, 0x79, 0x9a, 0xa2, 0x43, 0xfb, 0xd2, - 0xf1, 0x04, 0x5a, 0x82, 0x93, 0x7c, 0x62, 0x4c, 0xb7, 0x5a, 0xc6, 0x1b, 0x0d, 0xa4, 0xeb, 0x8b, - 0xce, 0x77, 0xa2, 0xe0, 0xbc, 0xe7, 0xd0, 0x73, 0x30, 0xa8, 0x9a, 0x17, 0xe6, 0xc4, 0xd9, 0x8e, - 0xf2, 0x2d, 0x29, 0x32, 0x0b, 0x75, 0x6c, 0xe2, 0xa1, 0xf7, 0xc3, 0xc3, 0xfa, 0x2f, 0x4f, 0xcc, - 0xe3, 0x07, 0x9e, 0x73, 0xa2, 0xb2, 0x97, 0xba, 0xfa, 0x68, 0x3e, 0x17, 0xad, 0x8e, 0xbb, 0x3d, - 0x8f, 0xd6, 0xe1, 0x8c, 0x02, 0x5d, 0x08, 0x12, 0x96, 0x65, 0x13, 0x93, 0x19, 0x27, 0x26, 0xd7, - 0x22, 0x5f, 0x5c, 0xb2, 0xad, 0xee, 0xcf, 0x9d, 0xf7, 0x92, 0x4b, 0x79, 0x98, 0x78, 0x11, 0xef, - 0x43, 0x05, 0x4d, 0x41, 0x8d, 0x04, 0xce, 0xba, 0x4f, 0x96, 0x67, 0x17, 0x58, 0x85, 0x30, 0xe3, - 0x7c, 0xf5, 0x82, 0x04, 0x60, 0x8d, 0xa3, 0xe2, 0x7e, 0x87, 0xba, 0xde, 0xe5, 0xbc, 0x02, 0xa7, - 0x1a, 0x6e, 0x8b, 0x5a, 0x84, 0x9e, 0x4b, 0xa6, 0x5d, 0x16, 0xe6, 0x48, 0x3f, 0x0c, 0x2f, 0xfc, - 0xaa, 0x82, 0xda, 0xe7, 0x67, 0x57, 0x3a, 0x70, 0x70, 0xee, 0x93, 0x2c, 0x1c, 0x36, 0x0a, 0x77, - 0x76, 0xc7, 0x4f, 0x66, 0xc2, 0x61, 0x69, 0x23, 0xe6, 0x30, 0x74, 0x19, 0x10, 0xcb, 0x90, 0xb8, - 0x94, 0x24, 0x2d, 0x65, 0x82, 0x8e, 0x9f, 0x4a, 0xd7, 0xf9, 0xb9, 0xd8, 0x81, 0x81, 0x73, 0x9e, - 0xa2, 0x16, 0x4d, 0x10, 0x32, 0xea, 0xe3, 0x0f, 0xa7, 0x2d, 0x9a, 0xab, 0xbc, 0x19, 0x4b, 0xb8, - 0xfd, 0x9f, 0x2d, 0x18, 0x56, 0x4b, 0xfb, 0x1e, 0xa4, 0x13, 0xf9, 0xe9, 0x74, 0xa2, 0xf9, 0xa3, - 0x0b, 0x47, 0xd6, 0xf3, 0x2e, 0x31, 0xe9, 0xdf, 0x18, 0x04, 0xd0, 0x02, 0x54, 0xe9, 0x2e, 0xab, - 0xab, 0xee, 0x7a, 0x60, 0x85, 0x57, 0x5e, 0x45, 0x9e, 0xca, 0xfd, 0xad, 0xc8, 0xb3, 0x0a, 0xa7, - 0xa5, 0x65, 0xc1, 0x0f, 0xfb, 0x2e, 0x85, 0xb1, 0x92, 0x85, 0xd5, 0x99, 0x47, 0x05, 0xa1, 0xd3, - 0x0b, 0x79, 0x48, 0x38, 0xff, 0xd9, 0x94, 0x41, 0x33, 0x70, 0xa0, 0x95, 0xa9, 0x96, 0xff, 0xe2, - 0x86, 0xbc, 0x42, 0x28, 0xb3, 0xfc, 0x17, 0x2f, 0xae, 0x62, 0x8d, 0x93, 0xaf, 0x03, 0x6a, 0x05, - 0xe9, 0x00, 0x38, 0xb4, 0x0e, 0x90, 0xd2, 0x68, 0xb0, 0xab, 0x34, 0x92, 0x87, 0x0a, 0x43, 0x5d, - 0x0f, 0x15, 0xde, 0x03, 0x23, 0x5e, 0xb0, 0x49, 0x22, 0x2f, 0x21, 0x75, 0xb6, 0x16, 0x98, 0xa4, - 0xaa, 0x6a, 0x0b, 0x60, 0x21, 0x05, 0xc5, 0x19, 0xec, 0xb4, 0x08, 0x1d, 0xe9, 0x41, 0x84, 0x76, - 0x51, 0x5c, 0xa3, 0xc5, 0x28, 0xae, 0x13, 0x47, 0x57, 0x5c, 0x63, 0xc7, 0xaa, 0xb8, 0x50, 0x21, - 0x8a, 0xab, 0x27, 0x9d, 0x60, 0xec, 0x4c, 0x4f, 0x1d, 0xb0, 0x33, 0xed, 0xa6, 0xb5, 0x4e, 0xdf, - 0xb5, 0xd6, 0xca, 0x57, 0x48, 0x0f, 0x1d, 0xb7, 0x42, 0xfa, 0x74, 0x09, 0x4e, 0x6b, 0x91, 0x4d, - 0x17, 0x8a, 0xb7, 0x41, 0x85, 0x16, 0xbb, 0xb0, 0x8e, 0x9f, 0xd1, 0x19, 0x89, 0x70, 0x3a, 0xa7, - 0x4e, 0x41, 0xb0, 0x81, 0xc5, 0xf2, 0xc9, 0x48, 0xc4, 0xaa, 0x5f, 0x67, 0xe5, 0xf9, 0xac, 0x68, - 0xc7, 0x0a, 0x83, 0x4e, 0x45, 0xfa, 0x5b, 0xe4, 0xe8, 0x66, 0xeb, 0x2a, 0xce, 0x6a, 0x10, 0x36, - 0xf1, 0xd0, 0x93, 0x9c, 0x09, 0x93, 0x25, 0x54, 0xa6, 0x0f, 0x89, 0x7b, 0xc3, 0xa5, 0xf8, 0x50, - 0x50, 0xd9, 0x1d, 0x96, 0x38, 0x58, 0xe9, 0xec, 0x0e, 0x0b, 0x77, 0x53, 0x18, 0xf6, 0xff, 0xb4, - 0xe0, 0x91, 0xdc, 0xa1, 0xb8, 0x07, 0x7a, 0x7a, 0x27, 0xad, 0xa7, 0x57, 0x8b, 0xda, 0xc4, 0x18, - 0x6f, 0xd1, 0x45, 0x67, 0xff, 0x47, 0x0b, 0x46, 0x34, 0xfe, 0x3d, 0x78, 0x55, 0x2f, 0xfd, 0xaa, - 0xc5, 0xed, 0xd7, 0x6a, 0x1d, 0xef, 0xf6, 0x7b, 0x25, 0x50, 0xb5, 0x4e, 0xa7, 0x5d, 0x59, 0x49, - 0xfa, 0x80, 0x53, 0xe3, 0x5d, 0xe8, 0x67, 0x87, 0xde, 0x71, 0x31, 0x01, 0x3d, 0x69, 0xfe, 0xec, - 0x00, 0x5d, 0x07, 0x14, 0xb0, 0xbf, 0x31, 0x16, 0x0c, 0x59, 0x6d, 0x76, 0x5e, 0x46, 0xb2, 0x2e, - 0x52, 0xf0, 0x74, 0x6d, 0x76, 0xd1, 0x8e, 0x15, 0x06, 0xd5, 0x24, 0x9e, 0x1b, 0x06, 0xb3, 0xbe, - 0x13, 0xcb, 0x1b, 0x67, 0x95, 0x26, 0x59, 0x90, 0x00, 0xac, 0x71, 0xd8, 0x79, 0xb8, 0x17, 0xb7, - 0x7c, 0x67, 0xd7, 0xd8, 0x95, 0x1b, 0xb5, 0x28, 0x14, 0x08, 0x9b, 0x78, 0x76, 0x13, 0xc6, 0xd3, - 0x2f, 0x31, 0x47, 0x36, 0x58, 0x30, 0x6a, 0x4f, 0xc3, 0x39, 0x05, 0x35, 0x87, 0x3d, 0xb5, 0xd8, - 0x76, 0x84, 0x4c, 0xd0, 0x21, 0x99, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0x8f, 0x2c, 0x38, 0x99, 0x33, - 0x68, 0x05, 0xa6, 0x38, 0x26, 0x5a, 0xda, 0xe4, 0xd9, 0x00, 0x3f, 0x06, 0x03, 0x75, 0xb2, 0xe1, - 0xc8, 0x70, 0x47, 0x43, 0x7a, 0xce, 0xf1, 0x66, 0x2c, 0xe1, 0xf6, 0x6f, 0x95, 0x60, 0x34, 0xdd, - 0xd7, 0x98, 0xa5, 0x0d, 0xf1, 0x61, 0xf2, 0x62, 0x37, 0xdc, 0x26, 0xd1, 0x2e, 0x7d, 0x73, 0x2b, - 0x93, 0x36, 0xd4, 0x81, 0x81, 0x73, 0x9e, 0x62, 0x95, 0x8e, 0xeb, 0x6a, 0xb4, 0xe5, 0x8c, 0xbc, - 0x5e, 0xe4, 0x8c, 0xd4, 0x1f, 0xd3, 0x0c, 0x8d, 0x50, 0x2c, 0xb1, 0xc9, 0x9f, 0xda, 0x22, 0x2c, - 0x0e, 0x7b, 0xa6, 0xed, 0xf9, 0x89, 0x17, 0x88, 0x57, 0x16, 0x73, 0x55, 0xd9, 0x22, 0x4b, 0x9d, - 0x28, 0x38, 0xef, 0x39, 0xfb, 0x7b, 0x7d, 0xa0, 0x52, 0xaa, 0x59, 0xe8, 0x5a, 0x41, 0x81, 0x7f, - 0x87, 0x4d, 0x3e, 0x53, 0x73, 0xab, 0x6f, 0xbf, 0x58, 0x12, 0xee, 0xca, 0x31, 0xfd, 0xb9, 0x6a, - 0xc0, 0xd6, 0x34, 0x08, 0x9b, 0x78, 0xb4, 0x27, 0xbe, 0xb7, 0x4d, 0xf8, 0x43, 0xfd, 0xe9, 0x9e, - 0x2c, 0x4a, 0x00, 0xd6, 0x38, 0xb4, 0x27, 0x75, 0x6f, 0x63, 0x43, 0xf8, 0x25, 0x54, 0x4f, 0xe8, - 0xe8, 0x60, 0x06, 0xe1, 0xb5, 0xf0, 0xc3, 0x2d, 0x61, 0x7f, 0x1b, 0xb5, 0xf0, 0xc3, 0x2d, 0xcc, - 0x20, 0xf4, 0x2b, 0x05, 0x61, 0xd4, 0x74, 0x7c, 0xef, 0x35, 0x52, 0x57, 0x5c, 0x84, 0xdd, 0xad, - 0xbe, 0xd2, 0xd5, 0x4e, 0x14, 0x9c, 0xf7, 0x1c, 0x9d, 0xd0, 0xad, 0x88, 0xd4, 0x3d, 0x37, 0x31, - 0xa9, 0x41, 0x7a, 0x42, 0xaf, 0x74, 0x60, 0xe0, 0x9c, 0xa7, 0xd0, 0x34, 0x8c, 0xca, 0x94, 0x78, - 0x59, 0xf0, 0x68, 0x30, 0x5d, 0x60, 0x05, 0xa7, 0xc1, 0x38, 0x8b, 0x4f, 0x85, 0x64, 0x53, 0xd4, - 0x44, 0x63, 0x66, 0xba, 0x21, 0x24, 0x65, 0xad, 0x34, 0xac, 0x30, 0xec, 0x8f, 0x97, 0xa9, 0x52, - 0xef, 0x52, 0x7a, 0xf0, 0x9e, 0x05, 0x9a, 0xa6, 0x67, 0x64, 0x5f, 0x0f, 0x33, 0xf2, 0x59, 0x18, - 0xba, 0x19, 0x87, 0x81, 0x0a, 0xe2, 0xac, 0x74, 0x0d, 0xe2, 0x34, 0xb0, 0xf2, 0x83, 0x38, 0xfb, - 0x8b, 0x0a, 0xe2, 0x1c, 0xb8, 0xcb, 0x20, 0xce, 0x3f, 0xa8, 0x80, 0xba, 0x57, 0xe8, 0x2a, 0x49, - 0x6e, 0x85, 0xd1, 0x96, 0x17, 0x34, 0x58, 0x29, 0x81, 0xaf, 0x5a, 0x30, 0xc4, 0xd7, 0xcb, 0xa2, - 0x99, 0x84, 0xb7, 0x51, 0xd0, 0x85, 0x35, 0x29, 0x66, 0x93, 0x6b, 0x06, 0xa3, 0xcc, 0x9d, 0xc3, - 0x26, 0x08, 0xa7, 0x7a, 0x84, 0x3e, 0x02, 0x20, 0x9d, 0xb8, 0x1b, 0x52, 0x02, 0x2f, 0x14, 0xd3, - 0x3f, 0x4c, 0x36, 0xb4, 0x49, 0xbd, 0xa6, 0x98, 0x60, 0x83, 0x21, 0xfa, 0xb4, 0x4e, 0x50, 0xe4, - 0xd9, 0x1e, 0x1f, 0x3a, 0x96, 0xb1, 0xe9, 0x25, 0x3d, 0x11, 0xc3, 0x80, 0x17, 0x34, 0xe8, 0x3c, - 0x11, 0xc1, 0x6e, 0x6f, 0xcf, 0x2b, 0xc3, 0xb1, 0x18, 0x3a, 0xf5, 0x19, 0xc7, 0x77, 0x02, 0x97, - 0x44, 0x0b, 0x1c, 0x5d, 0x6b, 0x50, 0xd1, 0x80, 0x25, 0xa1, 0x8e, 0x1b, 0x99, 0x2a, 0xbd, 0xdc, - 0xc8, 0x74, 0xe6, 0xbd, 0x30, 0xd6, 0xf1, 0x31, 0x0f, 0x95, 0x8d, 0x78, 0xf7, 0x89, 0x8c, 0xf6, - 0x6f, 0xf7, 0x6b, 0xa5, 0x75, 0x35, 0xac, 0xf3, 0x0b, 0x7e, 0x22, 0xfd, 0x45, 0x85, 0xc9, 0x5c, - 0xe0, 0x14, 0x51, 0x6a, 0xc6, 0x68, 0xc4, 0x26, 0x4b, 0x3a, 0x47, 0x5b, 0x4e, 0x44, 0x82, 0xe3, - 0x9e, 0xa3, 0x2b, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0xcd, 0x54, 0x3a, 0xd2, 0xc5, 0xa3, 0xa7, 0x23, - 0xb1, 0x02, 0x65, 0x79, 0xf7, 0x60, 0x7c, 0xc1, 0x82, 0x91, 0x20, 0x35, 0x73, 0x8b, 0x89, 0x40, - 0xce, 0x5f, 0x15, 0xfc, 0x5a, 0xba, 0x74, 0x1b, 0xce, 0xf0, 0xcf, 0x53, 0x69, 0x95, 0x43, 0xaa, - 0x34, 0x7d, 0xc1, 0x58, 0x7f, 0xb7, 0x0b, 0xc6, 0x50, 0xa0, 0x6e, 0x58, 0x1c, 0x28, 0xfc, 0x86, - 0x45, 0xc8, 0xb9, 0x5d, 0xf1, 0x06, 0xd4, 0xdc, 0x88, 0x38, 0xc9, 0x5d, 0x5e, 0xb6, 0xc7, 0x62, - 0x3b, 0x66, 0x25, 0x01, 0xac, 0x69, 0xd9, 0xff, 0xa7, 0x0f, 0x4e, 0xc8, 0x11, 0x91, 0xd9, 0x0b, - 0x54, 0x3f, 0x72, 0xbe, 0xda, 0x56, 0x56, 0xfa, 0xf1, 0x92, 0x04, 0x60, 0x8d, 0x43, 0xed, 0xb1, - 0x76, 0x4c, 0x96, 0x5b, 0x24, 0x58, 0xf4, 0xd6, 0x63, 0x71, 0x18, 0xab, 0x16, 0xca, 0x35, 0x0d, - 0xc2, 0x26, 0x1e, 0xb5, 0xed, 0x1d, 0xc3, 0x68, 0x35, 0x6c, 0x7b, 0x69, 0xa8, 0x4a, 0x38, 0xfa, - 0xe5, 0xdc, 0x5a, 0xc8, 0xc5, 0xe4, 0xfc, 0x75, 0x24, 0x6d, 0x1c, 0xf2, 0x7e, 0xd6, 0xbf, 0x6f, - 0xc1, 0x69, 0xde, 0x2a, 0x47, 0xf2, 0x5a, 0xab, 0xee, 0x24, 0x24, 0x2e, 0xe6, 0x0e, 0x85, 0x9c, - 0xfe, 0x69, 0xf7, 0x72, 0x1e, 0x5b, 0x9c, 0xdf, 0x1b, 0xf4, 0xba, 0x05, 0xa3, 0x5b, 0xa9, 0x72, - 0x31, 0x52, 0x75, 0x1c, 0xb5, 0x92, 0x43, 0x8a, 0xa8, 0x5e, 0x6a, 0xe9, 0xf6, 0x18, 0x67, 0xb9, - 0xdb, 0xff, 0xc3, 0x02, 0x53, 0x8c, 0xde, 0xfb, 0x2a, 0x33, 0x87, 0x37, 0x05, 0xa5, 0x75, 0x59, - 0xe9, 0x6a, 0x5d, 0x3e, 0x0a, 0xe5, 0xb6, 0x57, 0x17, 0xfb, 0x0b, 0x7d, 0x44, 0xbc, 0x30, 0x87, - 0x69, 0xbb, 0xfd, 0x2f, 0x2b, 0xda, 0x0d, 0x22, 0x52, 0xea, 0x7e, 0x28, 0x5e, 0x7b, 0x43, 0xd5, - 0xa9, 0xe3, 0x6f, 0x7e, 0xb5, 0xa3, 0x4e, 0xdd, 0x4f, 0x1d, 0x3e, 0x63, 0x92, 0x0f, 0x50, 0xb7, - 0x32, 0x75, 0x03, 0x07, 0xa4, 0x4b, 0xde, 0x84, 0x2a, 0xdd, 0x82, 0x31, 0x7f, 0x66, 0x35, 0xd5, - 0xa9, 0xea, 0x25, 0xd1, 0x7e, 0x67, 0x6f, 0xe2, 0x5d, 0x87, 0xef, 0x96, 0x7c, 0x1a, 0x2b, 0xfa, - 0x28, 0x86, 0x1a, 0xfd, 0xcd, 0x32, 0x3b, 0xc5, 0xe6, 0xee, 0x9a, 0x92, 0x99, 0x12, 0x50, 0x48, - 0xda, 0xa8, 0xe6, 0x83, 0x02, 0xa8, 0xb1, 0xab, 0xac, 0x19, 0x53, 0xbe, 0x07, 0x5c, 0x51, 0xf9, - 0x95, 0x12, 0x70, 0x67, 0x6f, 0xe2, 0x85, 0xc3, 0x33, 0x55, 0x8f, 0x63, 0xcd, 0xc2, 0xfe, 0xeb, - 0x3e, 0x3d, 0x77, 0x45, 0x79, 0xc2, 0x1f, 0x8a, 0xb9, 0xfb, 0x7c, 0x66, 0xee, 0x9e, 0xeb, 0x98, - 0xbb, 0x23, 0xfa, 0xca, 0xe5, 0xd4, 0x6c, 0xbc, 0xd7, 0x86, 0xc0, 0xc1, 0xfe, 0x06, 0x66, 0x01, - 0xbd, 0xda, 0xf6, 0x22, 0x12, 0xaf, 0x44, 0xed, 0xc0, 0x0b, 0x1a, 0x6c, 0x3a, 0x56, 0x4d, 0x0b, - 0x28, 0x05, 0xc6, 0x59, 0x7c, 0xba, 0xa9, 0xa7, 0xdf, 0xfc, 0x86, 0xb3, 0xcd, 0x67, 0x95, 0x51, - 0xb1, 0x6d, 0x55, 0xb4, 0x63, 0x85, 0x81, 0x36, 0xe1, 0xac, 0x24, 0x30, 0x47, 0x7c, 0x22, 0xee, - 0x4c, 0xde, 0xf0, 0xa2, 0x26, 0x0f, 0x10, 0xe7, 0x91, 0x09, 0x6f, 0x13, 0x14, 0xce, 0xe2, 0x7d, - 0x70, 0xf1, 0xbe, 0x94, 0xec, 0xaf, 0xb3, 0xf3, 0x7a, 0x23, 0x79, 0x9d, 0xce, 0x3e, 0x9f, 0xdd, - 0x52, 0xce, 0x0b, 0xcb, 0xa9, 0xd9, 0xc7, 0xaf, 0x26, 0xe7, 0x30, 0x74, 0x0b, 0x06, 0xd6, 0xf9, - 0x7d, 0x9b, 0xc5, 0xd4, 0xf6, 0x17, 0x97, 0x77, 0xb2, 0x9b, 0x8c, 0xe4, 0x4d, 0x9e, 0x77, 0xf4, - 0x4f, 0x2c, 0xb9, 0xd9, 0xdf, 0xaa, 0xc0, 0x68, 0xe6, 0x1e, 0xeb, 0x54, 0x49, 0xdf, 0xd2, 0x81, - 0x25, 0x7d, 0x3f, 0x08, 0x50, 0x27, 0x2d, 0x3f, 0xdc, 0x65, 0x86, 0x5f, 0xdf, 0xa1, 0x0d, 0x3f, - 0xb5, 0x57, 0x98, 0x53, 0x54, 0xb0, 0x41, 0x51, 0x54, 0xd3, 0xe3, 0x15, 0x82, 0x33, 0xd5, 0xf4, - 0x8c, 0x1b, 0x40, 0xfa, 0xef, 0xed, 0x0d, 0x20, 0x1e, 0x8c, 0xf2, 0x2e, 0xaa, 0x14, 0xf1, 0xbb, - 0xc8, 0x04, 0x67, 0x49, 0x36, 0x73, 0x69, 0x32, 0x38, 0x4b, 0xf7, 0x7e, 0x5e, 0x53, 0x8f, 0xde, - 0x01, 0x35, 0xf9, 0x9d, 0xe3, 0xf1, 0x9a, 0x2e, 0xb3, 0x21, 0xa7, 0x01, 0xbb, 0x3e, 0x5e, 0xfc, - 0xec, 0xa8, 0x76, 0x01, 0xf7, 0xab, 0xda, 0x85, 0xfd, 0xf9, 0x12, 0xdd, 0x31, 0xf0, 0x7e, 0xa9, - 0xc2, 0x4d, 0x4f, 0x40, 0xbf, 0xd3, 0x4e, 0x36, 0xc3, 0x8e, 0x1b, 0x3b, 0xa7, 0x59, 0x2b, 0x16, - 0x50, 0xb4, 0x08, 0x7d, 0x75, 0x5d, 0x8c, 0xe7, 0x30, 0xdf, 0x53, 0x3b, 0x5f, 0x9d, 0x84, 0x60, - 0x46, 0x05, 0x9d, 0x85, 0xbe, 0xc4, 0x69, 0xc8, 0xbc, 0x40, 0x96, 0x0b, 0xbe, 0xe6, 0x34, 0x62, - 0xcc, 0x5a, 0x4d, 0x43, 0xa1, 0xef, 0x00, 0x43, 0xe1, 0x05, 0x18, 0x8e, 0xbd, 0x46, 0xe0, 0x24, - 0xed, 0x88, 0x18, 0xe7, 0x93, 0x3a, 0x3a, 0xc5, 0x04, 0xe2, 0x34, 0xae, 0xfd, 0x3b, 0x43, 0x70, - 0x6a, 0x75, 0x76, 0x49, 0x96, 0x98, 0x3f, 0xb6, 0xd4, 0xbe, 0x3c, 0x1e, 0xf7, 0x2e, 0xb5, 0xaf, - 0x0b, 0x77, 0xdf, 0x48, 0xed, 0xf3, 0x8d, 0xd4, 0xbe, 0x74, 0x9e, 0x55, 0xb9, 0x88, 0x3c, 0xab, - 0xbc, 0x1e, 0xf4, 0x92, 0x67, 0x75, 0x6c, 0xb9, 0x7e, 0xfb, 0x76, 0xe8, 0x50, 0xb9, 0x7e, 0x2a, - 0x11, 0xb2, 0x90, 0x0c, 0x98, 0x2e, 0x9f, 0x2a, 0x37, 0x11, 0x52, 0x25, 0xa1, 0xf1, 0xec, 0x2e, - 0x21, 0xea, 0x5f, 0x2e, 0xbe, 0x03, 0x3d, 0x24, 0xa1, 0x89, 0x04, 0x33, 0x33, 0xf1, 0x71, 0xa0, - 0x88, 0xc4, 0xc7, 0xbc, 0xee, 0x1c, 0x98, 0xf8, 0xf8, 0x02, 0x0c, 0xbb, 0x7e, 0x18, 0x90, 0x95, - 0x28, 0x4c, 0x42, 0x37, 0x94, 0x77, 0x06, 0xea, 0x2b, 0x6f, 0x4c, 0x20, 0x4e, 0xe3, 0x76, 0xcb, - 0x9a, 0xac, 0x1d, 0x35, 0x6b, 0x12, 0xee, 0x53, 0xd6, 0xe4, 0x2f, 0xe8, 0xfc, 0xfe, 0x41, 0xf6, - 0x45, 0x3e, 0x58, 0xfc, 0x17, 0xe9, 0xe9, 0x52, 0xc0, 0x37, 0xf8, 0x95, 0x99, 0xd4, 0x04, 0x9f, - 0x0d, 0x9b, 0xd4, 0xf0, 0x1b, 0x62, 0x43, 0xf2, 0xca, 0x31, 0x4c, 0xd8, 0x1b, 0xab, 0x9a, 0x8d, - 0xba, 0x46, 0x53, 0x37, 0xe1, 0x74, 0x47, 0x8e, 0x52, 0x7f, 0xe0, 0xcb, 0x25, 0xf8, 0x91, 0x03, - 0xbb, 0x80, 0x6e, 0x01, 0x24, 0x4e, 0x43, 0x4c, 0x54, 0x71, 0x34, 0x73, 0xc4, 0x10, 0xd2, 0x35, - 0x49, 0x8f, 0x17, 0xce, 0x51, 0x7f, 0xd9, 0xa1, 0x87, 0xfc, 0xcd, 0x22, 0x47, 0x43, 0xbf, 0xa3, - 0xbe, 0x28, 0x0e, 0x7d, 0x82, 0x19, 0x84, 0xaa, 0xff, 0x88, 0x34, 0xf4, 0x7d, 0xf3, 0xea, 0xf3, - 0x61, 0xd6, 0x8a, 0x05, 0x14, 0x3d, 0x07, 0x83, 0x8e, 0xef, 0xf3, 0xf4, 0x24, 0x12, 0x8b, 0xbb, - 0xa8, 0x74, 0xa1, 0x43, 0x0d, 0xc2, 0x26, 0x9e, 0xfd, 0x97, 0x25, 0x98, 0x38, 0x40, 0xa6, 0x74, - 0xa4, 0xa5, 0x56, 0x7a, 0x4e, 0x4b, 0x15, 0x29, 0x1b, 0xfd, 0x5d, 0x52, 0x36, 0x9e, 0x83, 0xc1, - 0x84, 0x38, 0x4d, 0x11, 0x74, 0x26, 0x7c, 0x0e, 0xfa, 0xac, 0x59, 0x83, 0xb0, 0x89, 0x47, 0xa5, - 0xd8, 0x88, 0xe3, 0xba, 0x24, 0x8e, 0x65, 0x4e, 0x86, 0xf0, 0xdb, 0x16, 0x96, 0xf0, 0xc1, 0xdc, - 0xe1, 0xd3, 0x29, 0x16, 0x38, 0xc3, 0x32, 0x3b, 0xe0, 0xb5, 0x1e, 0x07, 0xfc, 0x6b, 0x25, 0x78, - 0x74, 0x5f, 0xed, 0xd6, 0x73, 0xba, 0x4c, 0x3b, 0x26, 0x51, 0x76, 0xe2, 0x5c, 0x8b, 0x49, 0x84, - 0x19, 0x84, 0x8f, 0x52, 0xab, 0x65, 0xdc, 0xe7, 0x5f, 0x74, 0xee, 0x18, 0x1f, 0xa5, 0x14, 0x0b, - 0x9c, 0x61, 0x79, 0xb7, 0xd3, 0xf2, 0x5b, 0x7d, 0xf0, 0x78, 0x0f, 0x36, 0x40, 0x81, 0x39, 0x76, - 0xe9, 0x7c, 0xd0, 0xf2, 0x7d, 0xca, 0x07, 0xbd, 0xbb, 0xe1, 0x7a, 0x33, 0x8d, 0xb4, 0xa7, 0x5c, - 0xbe, 0xaf, 0x97, 0xe0, 0x4c, 0x77, 0x83, 0x05, 0xbd, 0x1b, 0x46, 0x23, 0x15, 0x64, 0x67, 0xa6, - 0x92, 0x9e, 0xe4, 0x9e, 0x9d, 0x14, 0x08, 0x67, 0x71, 0xd1, 0x24, 0x40, 0xcb, 0x49, 0x36, 0xe3, - 0x0b, 0x3b, 0x5e, 0x9c, 0x88, 0x82, 0x52, 0x23, 0xfc, 0x2c, 0x51, 0xb6, 0x62, 0x03, 0x83, 0xb2, - 0x63, 0xff, 0xe6, 0xc2, 0xab, 0x61, 0xc2, 0x1f, 0xe2, 0x9b, 0xad, 0x93, 0xf2, 0xfa, 0x1d, 0x03, - 0x84, 0xb3, 0xb8, 0x94, 0x1d, 0x3b, 0xad, 0xe6, 0x1d, 0xe5, 0xbb, 0x30, 0xc6, 0x6e, 0x51, 0xb5, - 0x62, 0x03, 0x23, 0x9b, 0x24, 0x5b, 0x39, 0x38, 0x49, 0xd6, 0xfe, 0x17, 0x25, 0x78, 0xa4, 0xab, - 0xc1, 0xdb, 0x9b, 0x98, 0x7a, 0xf0, 0x12, 0x5b, 0xef, 0x72, 0x85, 0x1d, 0x2e, 0x21, 0xf2, 0x4f, - 0xba, 0xcc, 0x34, 0x91, 0x10, 0x79, 0xf7, 0x75, 0x1e, 0x1e, 0xbc, 0xf1, 0xec, 0xc8, 0x81, 0xec, - 0x3b, 0x44, 0x0e, 0x64, 0xe6, 0x63, 0x54, 0x7a, 0xd4, 0x0e, 0x7f, 0xd6, 0xd7, 0x75, 0x78, 0xe9, - 0x06, 0xb9, 0x27, 0xbf, 0xf9, 0x1c, 0x9c, 0xf0, 0x02, 0x76, 0x15, 0xdb, 0x6a, 0x7b, 0x5d, 0xd4, - 0x18, 0xe2, 0x85, 0x34, 0x55, 0xa2, 0xc5, 0x42, 0x06, 0x8e, 0x3b, 0x9e, 0x78, 0x00, 0x73, 0x52, - 0xef, 0x6e, 0x48, 0x0f, 0x29, 0xb9, 0x97, 0xe1, 0xb4, 0x1c, 0x8a, 0x4d, 0x27, 0x22, 0x75, 0xa1, - 0x6c, 0x63, 0x91, 0x5a, 0xf3, 0x08, 0x4f, 0xcf, 0xc9, 0x41, 0xc0, 0xf9, 0xcf, 0xb1, 0xdb, 0xaf, - 0xc2, 0x96, 0xe7, 0x8a, 0xad, 0xa0, 0xbe, 0xfd, 0x8a, 0x36, 0x62, 0x0e, 0xd3, 0xfa, 0xa2, 0x76, - 0x6f, 0xf4, 0xc5, 0x07, 0xa1, 0xa6, 0xc6, 0x9b, 0x67, 0x09, 0xa8, 0x49, 0xde, 0x91, 0x25, 0xa0, - 0x66, 0xb8, 0x81, 0x75, 0xd0, 0xf5, 0xac, 0x3f, 0x01, 0x43, 0xca, 0xfb, 0xd5, 0xeb, 0x1d, 0x64, - 0xf6, 0x9f, 0xf7, 0xc3, 0x70, 0xaa, 0xae, 0x68, 0xca, 0xed, 0x6d, 0x1d, 0xe8, 0xf6, 0x66, 0x09, - 0x22, 0xed, 0x40, 0x5e, 0x50, 0x68, 0x24, 0x88, 0xb4, 0x03, 0x82, 0x39, 0x8c, 0x6e, 0x3a, 0xea, - 0xd1, 0x2e, 0x6e, 0x07, 0x22, 0xe2, 0x55, 0x6d, 0x3a, 0xe6, 0x58, 0x2b, 0x16, 0x50, 0xf4, 0x31, - 0x0b, 0x86, 0x62, 0x76, 0x7a, 0xc3, 0x0f, 0x0d, 0xc4, 0x24, 0xbf, 0x7c, 0xf4, 0xb2, 0xa9, 0xaa, - 0x86, 0x2e, 0x8b, 0x90, 0x32, 0x5b, 0x70, 0x8a, 0x23, 0xfa, 0xa4, 0x05, 0x35, 0x75, 0x8f, 0x92, - 0xb8, 0x6d, 0x74, 0xb5, 0xd8, 0xb2, 0xad, 0xdc, 0xdb, 0xac, 0x0e, 0xc2, 0x54, 0xfd, 0x4c, 0xac, - 0x19, 0xa3, 0x58, 0x79, 0xf4, 0x07, 0x8e, 0xc7, 0xa3, 0x0f, 0x39, 0xde, 0xfc, 0x77, 0x40, 0xad, - 0xe9, 0x04, 0xde, 0x06, 0x89, 0x13, 0xee, 0x64, 0x97, 0xd5, 0xa4, 0x65, 0x23, 0xd6, 0x70, 0x6a, - 0x00, 0xc4, 0xec, 0xc5, 0x12, 0xc3, 0x2b, 0xce, 0x0c, 0x80, 0x55, 0xdd, 0x8c, 0x4d, 0x1c, 0xd3, - 0x85, 0x0f, 0xf7, 0xd5, 0x85, 0x3f, 0x78, 0x80, 0x0b, 0x7f, 0x15, 0x4e, 0x3b, 0xed, 0x24, 0xbc, - 0x44, 0x1c, 0x7f, 0x9a, 0x5f, 0x1d, 0x2c, 0xae, 0xc2, 0x1f, 0x62, 0x6e, 0x21, 0x15, 0xd3, 0xb1, - 0x4a, 0xfc, 0x8d, 0x0e, 0x24, 0x9c, 0xff, 0xac, 0xfd, 0x4f, 0x2d, 0x38, 0x9d, 0x3b, 0x15, 0x1e, - 0xdc, 0x68, 0x5a, 0xfb, 0x4b, 0x15, 0x38, 0x99, 0x53, 0x75, 0x18, 0xed, 0x9a, 0x8b, 0xc4, 0x2a, - 0x22, 0x30, 0x25, 0x1d, 0x67, 0x21, 0xbf, 0x4d, 0xce, 0xca, 0x38, 0xdc, 0xa9, 0x9c, 0x3e, 0x19, - 0x2b, 0xdf, 0xdb, 0x93, 0x31, 0x63, 0xae, 0xf7, 0xdd, 0xd7, 0xb9, 0x5e, 0x39, 0x60, 0xae, 0x7f, - 0xc3, 0x82, 0xf1, 0x66, 0x97, 0xab, 0x2e, 0x84, 0x8f, 0xf9, 0xfa, 0xf1, 0x5c, 0xa4, 0x31, 0x73, - 0xf6, 0xf6, 0xde, 0x44, 0xd7, 0x1b, 0x46, 0x70, 0xd7, 0x5e, 0xd9, 0xdf, 0x2b, 0x03, 0x2b, 0x79, - 0xcd, 0x2a, 0x4b, 0xee, 0xa2, 0x8f, 0x9a, 0xc5, 0xcb, 0xad, 0xa2, 0x0a, 0x6d, 0x73, 0xe2, 0xaa, - 0xf8, 0x39, 0x1f, 0xc1, 0xbc, 0x5a, 0xe8, 0x59, 0x49, 0x58, 0xea, 0x41, 0x12, 0xfa, 0xb2, 0x4a, - 0x7c, 0xb9, 0xf8, 0x2a, 0xf1, 0xb5, 0x6c, 0x85, 0xf8, 0xfd, 0x3f, 0x71, 0xdf, 0x03, 0xf9, 0x89, - 0x7f, 0xc5, 0xe2, 0x82, 0x27, 0xf3, 0x15, 0xb4, 0xb9, 0x61, 0xed, 0x63, 0x6e, 0x3c, 0x05, 0xd5, - 0x58, 0x48, 0x66, 0x61, 0x96, 0xe8, 0xa0, 0x08, 0xd1, 0x8e, 0x15, 0x06, 0xbb, 0x46, 0xda, 0xf7, - 0xc3, 0x5b, 0x17, 0x9a, 0xad, 0x64, 0x57, 0x18, 0x28, 0xfa, 0x1a, 0x69, 0x05, 0xc1, 0x06, 0x96, - 0xfd, 0xf7, 0x4a, 0x7c, 0x06, 0x8a, 0xc8, 0x9a, 0xe7, 0x33, 0x17, 0x7f, 0xf6, 0x1e, 0x94, 0xf2, - 0x61, 0x00, 0x37, 0x6c, 0xb6, 0xa8, 0xf1, 0xba, 0x16, 0x8a, 0xe3, 0xbf, 0x4b, 0x47, 0x35, 0x44, - 0x25, 0x3d, 0xfd, 0x1a, 0xba, 0x0d, 0x1b, 0xfc, 0x52, 0xb2, 0xb4, 0x7c, 0xa0, 0x2c, 0x4d, 0x89, - 0x95, 0xbe, 0xfd, 0xc5, 0x8a, 0xfd, 0x97, 0x16, 0xa4, 0xcc, 0x2c, 0xd4, 0x82, 0x0a, 0xed, 0xee, - 0xae, 0x58, 0xa1, 0xcb, 0xc5, 0xd9, 0x74, 0x54, 0x34, 0x8a, 0x69, 0xcf, 0x7e, 0x62, 0xce, 0x08, - 0xf9, 0x22, 0x00, 0x87, 0x8f, 0xea, 0xd5, 0xe2, 0x18, 0x5e, 0x0a, 0xc3, 0x2d, 0x7e, 0x86, 0xad, - 0x83, 0x79, 0xec, 0xe7, 0x61, 0xac, 0xa3, 0x53, 0xec, 0x8e, 0xbf, 0x90, 0x6a, 0x9f, 0xcc, 0x74, - 0x65, 0xf9, 0xc8, 0x98, 0xc3, 0xec, 0xaf, 0x5b, 0x70, 0x22, 0x4b, 0x1e, 0xbd, 0x61, 0xc1, 0x58, - 0x9c, 0xa5, 0x77, 0x5c, 0x63, 0xa7, 0x82, 0x68, 0x3b, 0x40, 0xb8, 0xb3, 0x13, 0xf6, 0x5f, 0x8b, - 0xc9, 0x7f, 0xc3, 0x0b, 0xea, 0xe1, 0x2d, 0x65, 0x98, 0x58, 0x5d, 0x0d, 0x13, 0xba, 0x1e, 0xdd, - 0x4d, 0x52, 0x6f, 0xfb, 0x1d, 0xd9, 0xcd, 0xab, 0xa2, 0x1d, 0x2b, 0x0c, 0x96, 0xcc, 0xd9, 0x16, - 0xd7, 0x48, 0x64, 0x26, 0xe5, 0x9c, 0x68, 0xc7, 0x0a, 0x03, 0x3d, 0x0b, 0x43, 0xc6, 0x4b, 0xca, - 0x79, 0xc9, 0xac, 0x7c, 0x43, 0x65, 0xc6, 0x38, 0x85, 0x85, 0x26, 0x01, 0x94, 0x91, 0x23, 0x55, - 0x24, 0xf3, 0x76, 0x29, 0x49, 0x14, 0x63, 0x03, 0x83, 0xa5, 0x4e, 0xfb, 0xed, 0x98, 0x1d, 0xe7, - 0xf4, 0xeb, 0xd2, 0xc6, 0xb3, 0xa2, 0x0d, 0x2b, 0x28, 0x95, 0x26, 0x4d, 0x27, 0x68, 0x3b, 0x3e, - 0x1d, 0x21, 0xb1, 0x7f, 0x55, 0xcb, 0x70, 0x49, 0x41, 0xb0, 0x81, 0x45, 0xdf, 0x38, 0xf1, 0x9a, - 0xe4, 0xa5, 0x30, 0x90, 0xc1, 0x8f, 0xfa, 0x84, 0x4f, 0xb4, 0x63, 0x85, 0x61, 0xff, 0x85, 0x05, - 0xa3, 0xba, 0x66, 0x03, 0xbf, 0xcd, 0xdf, 0xdc, 0x6e, 0x5b, 0x07, 0x6e, 0xb7, 0xd3, 0x19, 0xea, - 0xa5, 0x9e, 0x32, 0xd4, 0xcd, 0xe4, 0xf1, 0xf2, 0xbe, 0xc9, 0xe3, 0x3f, 0xaa, 0x6f, 0x8a, 0xe6, - 0x59, 0xe6, 0x83, 0x79, 0xb7, 0x44, 0x23, 0x1b, 0xfa, 0x5d, 0x47, 0xd5, 0x36, 0x1a, 0xe2, 0x1b, - 0x92, 0xd9, 0x69, 0x86, 0x24, 0x20, 0xf6, 0x32, 0xd4, 0xd4, 0x41, 0x97, 0xdc, 0xfd, 0x5a, 0xf9, - 0xbb, 0xdf, 0x9e, 0x92, 0x58, 0x67, 0xd6, 0xbf, 0xf9, 0xfd, 0xc7, 0xde, 0xf2, 0x47, 0xdf, 0x7f, - 0xec, 0x2d, 0xdf, 0xfd, 0xfe, 0x63, 0x6f, 0xf9, 0xd8, 0xed, 0xc7, 0xac, 0x6f, 0xde, 0x7e, 0xcc, - 0xfa, 0xa3, 0xdb, 0x8f, 0x59, 0xdf, 0xbd, 0xfd, 0x98, 0xf5, 0xbd, 0xdb, 0x8f, 0x59, 0x5f, 0xf8, - 0xaf, 0x8f, 0xbd, 0xe5, 0xa5, 0xdc, 0xe8, 0x57, 0xfa, 0xe3, 0x69, 0xb7, 0x3e, 0xb5, 0x7d, 0x9e, - 0x05, 0x60, 0xd2, 0xe5, 0x35, 0x65, 0xcc, 0xa9, 0x29, 0xb9, 0xbc, 0xfe, 0x6f, 0x00, 0x00, 0x00, - 0xff, 0xff, 0x54, 0x39, 0x21, 0x09, 0x7d, 0xec, 0x00, 0x00, + // 11861 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7d, 0x70, 0x1c, 0xc9, + 0x75, 0x18, 0xae, 0xd9, 0xc5, 0x02, 0xbb, 0x0f, 0x5f, 0x64, 0x93, 0xbc, 0xc3, 0xf1, 0x3e, 0x40, + 0xcf, 0xc9, 0xa7, 0xf3, 0x4f, 0x77, 0x80, 0x8f, 0xbe, 0x93, 0xef, 0xe7, 0xb3, 0x24, 0xe3, 0x83, + 0x04, 0x41, 0x02, 0x04, 0xae, 0x17, 0x24, 0xa5, 0x93, 0x4f, 0xa7, 0xc1, 0x6e, 0x63, 0x31, 0xc4, + 0xec, 0xcc, 0xde, 0xcc, 0x2c, 0x88, 0x3d, 0x4b, 0xb2, 0x64, 0x49, 0xb6, 0x6c, 0x7d, 0x46, 0x4a, + 0xc5, 0xe7, 0xc4, 0x52, 0x64, 0x4b, 0x49, 0x25, 0x95, 0x52, 0x59, 0x89, 0xff, 0x88, 0x53, 0xb6, + 0xcb, 0x15, 0x3b, 0xe5, 0x52, 0xe2, 0xa4, 0xec, 0xa8, 0x54, 0x96, 0x12, 0xdb, 0x88, 0xc4, 0x38, + 0x65, 0x57, 0xfe, 0x70, 0x55, 0x9c, 0xfc, 0x91, 0x62, 0x5c, 0xa9, 0x54, 0x7f, 0xf7, 0xcc, 0xce, + 0x02, 0x0b, 0x62, 0x00, 0x52, 0xf2, 0xfd, 0xb7, 0xdb, 0xef, 0xcd, 0x7b, 0x3d, 0x3d, 0xdd, 0xef, + 0xbd, 0x7e, 0xfd, 0xde, 0x6b, 0x58, 0x6a, 0xb8, 0xf1, 0x66, 0x7b, 0x7d, 0xaa, 0x16, 0x34, 0xa7, + 0x9d, 0xb0, 0x11, 0xb4, 0xc2, 0xe0, 0x26, 0xfb, 0xf1, 0x74, 0xad, 0x3e, 0xbd, 0x7d, 0x7e, 0xba, + 0xb5, 0xd5, 0x98, 0x76, 0x5a, 0x6e, 0x34, 0xed, 0xb4, 0x5a, 0x9e, 0x5b, 0x73, 0x62, 0x37, 0xf0, + 0xa7, 0xb7, 0x9f, 0x71, 0xbc, 0xd6, 0xa6, 0xf3, 0xcc, 0x74, 0x83, 0xf8, 0x24, 0x74, 0x62, 0x52, + 0x9f, 0x6a, 0x85, 0x41, 0x1c, 0xa0, 0x1f, 0xd7, 0xd4, 0xa6, 0x24, 0x35, 0xf6, 0xe3, 0x95, 0x5a, + 0x7d, 0x6a, 0xfb, 0xfc, 0x54, 0x6b, 0xab, 0x31, 0x45, 0xa9, 0x4d, 0x19, 0xd4, 0xa6, 0x24, 0xb5, + 0xb3, 0x4f, 0x1b, 0x7d, 0x69, 0x04, 0x8d, 0x60, 0x9a, 0x11, 0x5d, 0x6f, 0x6f, 0xb0, 0x7f, 0xec, + 0x0f, 0xfb, 0xc5, 0x99, 0x9d, 0xb5, 0xb7, 0x9e, 0x8f, 0xa6, 0xdc, 0x80, 0x76, 0x6f, 0xba, 0x16, + 0x84, 0x64, 0x7a, 0xbb, 0xab, 0x43, 0x67, 0x2f, 0x69, 0x1c, 0xb2, 0x13, 0x13, 0x3f, 0x72, 0x03, + 0x3f, 0x7a, 0x9a, 0x76, 0x81, 0x84, 0xdb, 0x24, 0x34, 0x5f, 0xcf, 0x40, 0xc8, 0xa2, 0xf4, 0xac, + 0xa6, 0xd4, 0x74, 0x6a, 0x9b, 0xae, 0x4f, 0xc2, 0x8e, 0x7e, 0xbc, 0x49, 0x62, 0x27, 0xeb, 0xa9, + 0xe9, 0x5e, 0x4f, 0x85, 0x6d, 0x3f, 0x76, 0x9b, 0xa4, 0xeb, 0x81, 0xb7, 0xed, 0xf7, 0x40, 0x54, + 0xdb, 0x24, 0x4d, 0xa7, 0xeb, 0xb9, 0x1f, 0xe9, 0xf5, 0x5c, 0x3b, 0x76, 0xbd, 0x69, 0xd7, 0x8f, + 0xa3, 0x38, 0x4c, 0x3f, 0x64, 0xff, 0xb2, 0x05, 0xa3, 0x33, 0x37, 0xaa, 0x33, 0xed, 0x78, 0x73, + 0x2e, 0xf0, 0x37, 0xdc, 0x06, 0x7a, 0x0e, 0x86, 0x6b, 0x5e, 0x3b, 0x8a, 0x49, 0x78, 0xd5, 0x69, + 0x92, 0x09, 0xeb, 0x9c, 0xf5, 0x64, 0x65, 0xf6, 0xd4, 0xd7, 0x77, 0x27, 0xdf, 0x74, 0x7b, 0x77, + 0x72, 0x78, 0x4e, 0x83, 0xb0, 0x89, 0x87, 0x7e, 0x08, 0x86, 0xc2, 0xc0, 0x23, 0x33, 0xf8, 0xea, + 0x44, 0x81, 0x3d, 0x32, 0x2e, 0x1e, 0x19, 0xc2, 0xbc, 0x19, 0x4b, 0x38, 0x45, 0x6d, 0x85, 0xc1, + 0x86, 0xeb, 0x91, 0x89, 0x62, 0x12, 0x75, 0x95, 0x37, 0x63, 0x09, 0xb7, 0xff, 0xb8, 0x00, 0x30, + 0xd3, 0x6a, 0xad, 0x86, 0xc1, 0x4d, 0x52, 0x8b, 0xd1, 0xfb, 0xa0, 0x4c, 0x87, 0xb9, 0xee, 0xc4, + 0x0e, 0xeb, 0xd8, 0xf0, 0xf9, 0x1f, 0x9e, 0xe2, 0x6f, 0x3d, 0x65, 0xbe, 0xb5, 0x9e, 0x64, 0x14, + 0x7b, 0x6a, 0xfb, 0x99, 0xa9, 0x95, 0x75, 0xfa, 0xfc, 0x32, 0x89, 0x9d, 0x59, 0x24, 0x98, 0x81, + 0x6e, 0xc3, 0x8a, 0x2a, 0xf2, 0x61, 0x20, 0x6a, 0x91, 0x1a, 0x7b, 0x87, 0xe1, 0xf3, 0x4b, 0x53, + 0x87, 0x99, 0xcd, 0x53, 0xba, 0xe7, 0xd5, 0x16, 0xa9, 0xcd, 0x8e, 0x08, 0xce, 0x03, 0xf4, 0x1f, + 0x66, 0x7c, 0xd0, 0x36, 0x0c, 0x46, 0xb1, 0x13, 0xb7, 0x23, 0x36, 0x14, 0xc3, 0xe7, 0xaf, 0xe6, + 0xc6, 0x91, 0x51, 0x9d, 0x1d, 0x13, 0x3c, 0x07, 0xf9, 0x7f, 0x2c, 0xb8, 0xd9, 0x7f, 0x66, 0xc1, + 0x98, 0x46, 0x5e, 0x72, 0xa3, 0x18, 0xfd, 0x64, 0xd7, 0xe0, 0x4e, 0xf5, 0x37, 0xb8, 0xf4, 0x69, + 0x36, 0xb4, 0x27, 0x04, 0xb3, 0xb2, 0x6c, 0x31, 0x06, 0xb6, 0x09, 0x25, 0x37, 0x26, 0xcd, 0x68, + 0xa2, 0x70, 0xae, 0xf8, 0xe4, 0xf0, 0xf9, 0x4b, 0x79, 0xbd, 0xe7, 0xec, 0xa8, 0x60, 0x5a, 0x5a, + 0xa4, 0xe4, 0x31, 0xe7, 0x62, 0xff, 0xf5, 0xa8, 0xf9, 0x7e, 0x74, 0xc0, 0xd1, 0x33, 0x30, 0x1c, + 0x05, 0xed, 0xb0, 0x46, 0x30, 0x69, 0x05, 0xd1, 0x84, 0x75, 0xae, 0x48, 0xa7, 0x1e, 0x9d, 0xd4, + 0x55, 0xdd, 0x8c, 0x4d, 0x1c, 0xf4, 0x69, 0x0b, 0x46, 0xea, 0x24, 0x8a, 0x5d, 0x9f, 0xf1, 0x97, + 0x9d, 0x5f, 0x3b, 0x74, 0xe7, 0x65, 0xe3, 0xbc, 0x26, 0x3e, 0x7b, 0x5a, 0xbc, 0xc8, 0x88, 0xd1, + 0x18, 0xe1, 0x04, 0x7f, 0xba, 0x38, 0xeb, 0x24, 0xaa, 0x85, 0x6e, 0x8b, 0xfe, 0x17, 0xcb, 0x47, + 0x2d, 0xce, 0x79, 0x0d, 0xc2, 0x26, 0x1e, 0xf2, 0xa1, 0x44, 0x17, 0x5f, 0x34, 0x31, 0xc0, 0xfa, + 0xbf, 0x78, 0xb8, 0xfe, 0x8b, 0x41, 0xa5, 0xeb, 0x5a, 0x8f, 0x3e, 0xfd, 0x17, 0x61, 0xce, 0x06, + 0x7d, 0xca, 0x82, 0x09, 0x21, 0x1c, 0x30, 0xe1, 0x03, 0x7a, 0x63, 0xd3, 0x8d, 0x89, 0xe7, 0x46, + 0xf1, 0x44, 0x89, 0xf5, 0x61, 0xba, 0xbf, 0xb9, 0xb5, 0x10, 0x06, 0xed, 0xd6, 0x15, 0xd7, 0xaf, + 0xcf, 0x9e, 0x13, 0x9c, 0x26, 0xe6, 0x7a, 0x10, 0xc6, 0x3d, 0x59, 0xa2, 0xcf, 0x5b, 0x70, 0xd6, + 0x77, 0x9a, 0x24, 0x6a, 0x39, 0xf4, 0xd3, 0x72, 0xf0, 0xac, 0xe7, 0xd4, 0xb6, 0x58, 0x8f, 0x06, + 0xef, 0xae, 0x47, 0xb6, 0xe8, 0xd1, 0xd9, 0xab, 0x3d, 0x49, 0xe3, 0x3d, 0xd8, 0xa2, 0x2f, 0x5b, + 0x70, 0x32, 0x08, 0x5b, 0x9b, 0x8e, 0x4f, 0xea, 0x12, 0x1a, 0x4d, 0x0c, 0xb1, 0xa5, 0xf7, 0xde, + 0xc3, 0x7d, 0xa2, 0x95, 0x34, 0xd9, 0xe5, 0xc0, 0x77, 0xe3, 0x20, 0xac, 0x92, 0x38, 0x76, 0xfd, + 0x46, 0x34, 0x7b, 0xe6, 0xf6, 0xee, 0xe4, 0xc9, 0x2e, 0x2c, 0xdc, 0xdd, 0x1f, 0xf4, 0x53, 0x30, + 0x1c, 0x75, 0xfc, 0xda, 0x0d, 0xd7, 0xaf, 0x07, 0xb7, 0xa2, 0x89, 0x72, 0x1e, 0xcb, 0xb7, 0xaa, + 0x08, 0x8a, 0x05, 0xa8, 0x19, 0x60, 0x93, 0x5b, 0xf6, 0x87, 0xd3, 0x53, 0xa9, 0x92, 0xf7, 0x87, + 0xd3, 0x93, 0x69, 0x0f, 0xb6, 0xe8, 0xe7, 0x2c, 0x18, 0x8d, 0xdc, 0x86, 0xef, 0xc4, 0xed, 0x90, + 0x5c, 0x21, 0x9d, 0x68, 0x02, 0x58, 0x47, 0x2e, 0x1f, 0x72, 0x54, 0x0c, 0x92, 0xb3, 0x67, 0x44, + 0x1f, 0x47, 0xcd, 0xd6, 0x08, 0x27, 0xf9, 0x66, 0x2d, 0x34, 0x3d, 0xad, 0x87, 0xf3, 0x5d, 0x68, + 0x7a, 0x52, 0xf7, 0x64, 0x89, 0x7e, 0x02, 0x4e, 0xf0, 0x26, 0x35, 0xb2, 0xd1, 0xc4, 0x08, 0x13, + 0xb4, 0xa7, 0x6f, 0xef, 0x4e, 0x9e, 0xa8, 0xa6, 0x60, 0xb8, 0x0b, 0x1b, 0xbd, 0x0a, 0x93, 0x2d, + 0x12, 0x36, 0xdd, 0x78, 0xc5, 0xf7, 0x3a, 0x52, 0x7c, 0xd7, 0x82, 0x16, 0xa9, 0x8b, 0xee, 0x44, + 0x13, 0xa3, 0xe7, 0xac, 0x27, 0xcb, 0xb3, 0x6f, 0x11, 0xdd, 0x9c, 0x5c, 0xdd, 0x1b, 0x1d, 0xef, + 0x47, 0x0f, 0xfd, 0xbe, 0x05, 0x67, 0x0d, 0x29, 0x5b, 0x25, 0xe1, 0xb6, 0x5b, 0x23, 0x33, 0xb5, + 0x5a, 0xd0, 0xf6, 0xe3, 0x68, 0x62, 0x8c, 0x0d, 0xe3, 0xfa, 0x51, 0xc8, 0xfc, 0x24, 0x2b, 0x3d, + 0x2f, 0x7b, 0xa2, 0x44, 0x78, 0x8f, 0x9e, 0xda, 0xff, 0xb6, 0x00, 0x27, 0xd2, 0x16, 0x00, 0xfa, + 0xc7, 0x16, 0x8c, 0xdf, 0xbc, 0x15, 0xaf, 0x05, 0x5b, 0xc4, 0x8f, 0x66, 0x3b, 0x54, 0x4e, 0x33, + 0xdd, 0x37, 0x7c, 0xbe, 0x96, 0xaf, 0xad, 0x31, 0x75, 0x39, 0xc9, 0xe5, 0x82, 0x1f, 0x87, 0x9d, + 0xd9, 0x07, 0xc5, 0x3b, 0x8d, 0x5f, 0xbe, 0xb1, 0x66, 0x42, 0x71, 0xba, 0x53, 0x67, 0x3f, 0x61, + 0xc1, 0xe9, 0x2c, 0x12, 0xe8, 0x04, 0x14, 0xb7, 0x48, 0x87, 0x5b, 0xa2, 0x98, 0xfe, 0x44, 0x2f, + 0x43, 0x69, 0xdb, 0xf1, 0xda, 0x44, 0x98, 0x69, 0x0b, 0x87, 0x7b, 0x11, 0xd5, 0x33, 0xcc, 0xa9, + 0xfe, 0x58, 0xe1, 0x79, 0xcb, 0xfe, 0xc3, 0x22, 0x0c, 0x1b, 0x1f, 0xed, 0x18, 0x4c, 0xcf, 0x20, + 0x61, 0x7a, 0x2e, 0xe7, 0x36, 0xdf, 0x7a, 0xda, 0x9e, 0xb7, 0x52, 0xb6, 0xe7, 0x4a, 0x7e, 0x2c, + 0xf7, 0x34, 0x3e, 0x51, 0x0c, 0x95, 0xa0, 0x45, 0xb7, 0x21, 0xd4, 0x86, 0x19, 0xc8, 0xe3, 0x13, + 0xae, 0x48, 0x72, 0xb3, 0xa3, 0xb7, 0x77, 0x27, 0x2b, 0xea, 0x2f, 0xd6, 0x8c, 0xec, 0x6f, 0x59, + 0x70, 0xda, 0xe8, 0xe3, 0x5c, 0xe0, 0xd7, 0x5d, 0xf6, 0x69, 0xcf, 0xc1, 0x40, 0xdc, 0x69, 0xc9, + 0xad, 0x8e, 0x1a, 0xa9, 0xb5, 0x4e, 0x8b, 0x60, 0x06, 0xa1, 0x3b, 0x96, 0x26, 0x89, 0x22, 0xa7, + 0x41, 0xd2, 0x9b, 0x9b, 0x65, 0xde, 0x8c, 0x25, 0x1c, 0x85, 0x80, 0x3c, 0x27, 0x8a, 0xd7, 0x42, + 0xc7, 0x8f, 0x18, 0xf9, 0x35, 0xb7, 0x49, 0xc4, 0x00, 0xff, 0x7f, 0xfd, 0xcd, 0x18, 0xfa, 0xc4, + 0xec, 0x03, 0xb7, 0x77, 0x27, 0xd1, 0x52, 0x17, 0x25, 0x9c, 0x41, 0xdd, 0xfe, 0xbc, 0x05, 0x0f, + 0x64, 0x0b, 0x18, 0xf4, 0x04, 0x0c, 0xf2, 0x7d, 0xae, 0x78, 0x3b, 0xfd, 0x49, 0x58, 0x2b, 0x16, + 0x50, 0x34, 0x0d, 0x15, 0xa5, 0xf0, 0xc4, 0x3b, 0x9e, 0x14, 0xa8, 0x15, 0xad, 0x25, 0x35, 0x0e, + 0x1d, 0x34, 0xfa, 0x47, 0x98, 0xa0, 0x6a, 0xd0, 0xd8, 0xc6, 0x90, 0x41, 0xec, 0x6f, 0x5a, 0xf0, + 0xe6, 0x7e, 0xc4, 0xde, 0xd1, 0xf5, 0xb1, 0x0a, 0x67, 0xea, 0x64, 0xc3, 0x69, 0x7b, 0x71, 0x92, + 0xa3, 0xe8, 0xf4, 0xa3, 0xe2, 0xe1, 0x33, 0xf3, 0x59, 0x48, 0x38, 0xfb, 0x59, 0xfb, 0xbf, 0x58, + 0x30, 0x6e, 0xbc, 0xd6, 0x31, 0x6c, 0x9d, 0xfc, 0xe4, 0xd6, 0x69, 0x31, 0xb7, 0x65, 0xda, 0x63, + 0xef, 0xf4, 0x29, 0x0b, 0xce, 0x1a, 0x58, 0xcb, 0x4e, 0x5c, 0xdb, 0xbc, 0xb0, 0xd3, 0x0a, 0x49, + 0x14, 0xd1, 0x29, 0xf5, 0xa8, 0x21, 0x8e, 0x67, 0x87, 0x05, 0x85, 0xe2, 0x15, 0xd2, 0xe1, 0xb2, + 0xf9, 0x29, 0x28, 0xf3, 0x35, 0x17, 0x84, 0xe2, 0x23, 0xa9, 0x77, 0x5b, 0x11, 0xed, 0x58, 0x61, + 0x20, 0x1b, 0x06, 0x99, 0xcc, 0xa5, 0x32, 0x88, 0x9a, 0x09, 0x40, 0xbf, 0xfb, 0x75, 0xd6, 0x82, + 0x05, 0xc4, 0x8e, 0x12, 0xdd, 0x59, 0x0d, 0x09, 0x9b, 0x0f, 0xf5, 0x8b, 0x2e, 0xf1, 0xea, 0x11, + 0xdd, 0xd6, 0x39, 0xbe, 0x1f, 0xc4, 0x62, 0x87, 0x66, 0x6c, 0xeb, 0x66, 0x74, 0x33, 0x36, 0x71, + 0x28, 0x53, 0xcf, 0x59, 0x27, 0x1e, 0x1f, 0x51, 0xc1, 0x74, 0x89, 0xb5, 0x60, 0x01, 0xb1, 0x6f, + 0x17, 0xd8, 0x06, 0x52, 0x49, 0x34, 0x72, 0x1c, 0xde, 0x87, 0x30, 0xa1, 0x02, 0x56, 0xf3, 0x93, + 0xc7, 0xa4, 0xb7, 0x07, 0xe2, 0xb5, 0x94, 0x16, 0xc0, 0xb9, 0x72, 0xdd, 0xdb, 0x0b, 0xf1, 0xa1, + 0x22, 0x4c, 0x26, 0x1f, 0xe8, 0x52, 0x22, 0x74, 0xcb, 0x6b, 0x30, 0x4a, 0xfb, 0xa3, 0x0c, 0x7c, + 0x6c, 0xe2, 0xf5, 0x90, 0xc3, 0x85, 0xa3, 0x94, 0xc3, 0xa6, 0x9a, 0x28, 0xee, 0xa3, 0x26, 0x9e, + 0x50, 0xa3, 0x3e, 0x90, 0x92, 0x79, 0x49, 0x55, 0x79, 0x0e, 0x06, 0xa2, 0x98, 0xb4, 0x26, 0x4a, + 0x49, 0x31, 0x5b, 0x8d, 0x49, 0x0b, 0x33, 0x08, 0x7a, 0x3b, 0x8c, 0xc7, 0x4e, 0xd8, 0x20, 0x71, + 0x48, 0xb6, 0x5d, 0xe6, 0xbb, 0x64, 0xfb, 0xd9, 0xca, 0xec, 0x29, 0x6a, 0x75, 0xad, 0x31, 0x10, + 0x96, 0x20, 0x9c, 0xc6, 0xb5, 0xff, 0x7b, 0x01, 0x1e, 0x4c, 0x7e, 0x02, 0xad, 0x18, 0xdf, 0x99, + 0x50, 0x8c, 0x6f, 0x35, 0x15, 0xe3, 0x9d, 0xdd, 0xc9, 0x87, 0x7b, 0x3c, 0xf6, 0x3d, 0xa3, 0x37, + 0xd1, 0x42, 0xea, 0x23, 0x4c, 0x27, 0x3f, 0xc2, 0x9d, 0xdd, 0xc9, 0x47, 0x7b, 0xbc, 0x63, 0xea, + 0x2b, 0x3d, 0x01, 0x83, 0x21, 0x71, 0xa2, 0xc0, 0x17, 0xdf, 0x49, 0x7d, 0x4d, 0xcc, 0x5a, 0xb1, + 0x80, 0xda, 0xdf, 0xa8, 0xa4, 0x07, 0x7b, 0x81, 0xfb, 0x63, 0x83, 0x10, 0xb9, 0x30, 0xc0, 0x76, + 0x6d, 0x5c, 0xb2, 0x5c, 0x39, 0xdc, 0x2a, 0xa4, 0x5a, 0x44, 0x91, 0x9e, 0x2d, 0xd3, 0xaf, 0x46, + 0x9b, 0x30, 0x63, 0x81, 0x76, 0xa0, 0x5c, 0x93, 0x9b, 0xa9, 0x42, 0x1e, 0x6e, 0x47, 0xb1, 0x95, + 0xd2, 0x1c, 0x47, 0xa8, 0xb8, 0x57, 0x3b, 0x30, 0xc5, 0x0d, 0x11, 0x28, 0x36, 0xdc, 0x58, 0x7c, + 0xd6, 0x43, 0x6e, 0x97, 0x17, 0x5c, 0xe3, 0x15, 0x87, 0xa8, 0x0e, 0x5a, 0x70, 0x63, 0x4c, 0xe9, + 0xa3, 0x8f, 0x59, 0x30, 0x1c, 0xd5, 0x9a, 0xab, 0x61, 0xb0, 0xed, 0xd6, 0x49, 0x28, 0x6c, 0xcc, + 0x43, 0x4a, 0xb6, 0xea, 0xdc, 0xb2, 0x24, 0xa8, 0xf9, 0x72, 0xf7, 0x85, 0x86, 0x60, 0x93, 0x2f, + 0xdd, 0x7b, 0x3d, 0x28, 0xde, 0x7d, 0x9e, 0xd4, 0xd8, 0x8a, 0x93, 0x7b, 0x66, 0x36, 0x53, 0x0e, + 0x6d, 0x73, 0xcf, 0xb7, 0x6b, 0x5b, 0x74, 0xbd, 0xe9, 0x0e, 0x3d, 0x7c, 0x7b, 0x77, 0xf2, 0xc1, + 0xb9, 0x6c, 0x9e, 0xb8, 0x57, 0x67, 0xd8, 0x80, 0xb5, 0xda, 0x9e, 0x87, 0xc9, 0xab, 0x6d, 0xc2, + 0x3c, 0x62, 0x39, 0x0c, 0xd8, 0xaa, 0x26, 0x98, 0x1a, 0x30, 0x03, 0x82, 0x4d, 0xbe, 0xe8, 0x55, + 0x18, 0x6c, 0x3a, 0x71, 0xe8, 0xee, 0x08, 0x37, 0xd8, 0x21, 0x77, 0x41, 0xcb, 0x8c, 0x96, 0x66, + 0xce, 0x14, 0x3d, 0x6f, 0xc4, 0x82, 0x11, 0x6a, 0x42, 0xa9, 0x49, 0xc2, 0x06, 0x99, 0x28, 0xe7, + 0xe1, 0xf2, 0x5f, 0xa6, 0xa4, 0x34, 0xc3, 0x0a, 0x35, 0xae, 0x58, 0x1b, 0xe6, 0x5c, 0xd0, 0xcb, + 0x50, 0x8e, 0x88, 0x47, 0x6a, 0xd4, 0x3c, 0xaa, 0x30, 0x8e, 0x3f, 0xd2, 0xa7, 0xa9, 0x48, 0xed, + 0x92, 0xaa, 0x78, 0x94, 0x2f, 0x30, 0xf9, 0x0f, 0x2b, 0x92, 0x74, 0x00, 0x5b, 0x5e, 0xbb, 0xe1, + 0xfa, 0x13, 0x90, 0xc7, 0x00, 0xae, 0x32, 0x5a, 0xa9, 0x01, 0xe4, 0x8d, 0x58, 0x30, 0xb2, 0xff, + 0x9b, 0x05, 0x28, 0x29, 0xd4, 0x8e, 0xc1, 0x26, 0x7e, 0x35, 0x69, 0x13, 0x2f, 0xe5, 0x69, 0xb4, + 0xf4, 0x30, 0x8b, 0x7f, 0xb3, 0x02, 0x29, 0x75, 0x70, 0x95, 0x44, 0x31, 0xa9, 0xbf, 0x21, 0xc2, + 0xdf, 0x10, 0xe1, 0x6f, 0x88, 0x70, 0x25, 0xc2, 0xd7, 0x53, 0x22, 0xfc, 0x1d, 0xc6, 0xaa, 0xd7, + 0xe7, 0xeb, 0xaf, 0xa8, 0x03, 0x78, 0xb3, 0x07, 0x06, 0x02, 0x95, 0x04, 0x97, 0xab, 0x2b, 0x57, + 0x33, 0x65, 0xf6, 0x2b, 0x49, 0x99, 0x7d, 0x58, 0x16, 0x7f, 0x1b, 0xa4, 0xf4, 0xef, 0x5b, 0xf0, + 0x96, 0xa4, 0xf4, 0x92, 0x33, 0x67, 0xb1, 0xe1, 0x07, 0x21, 0x99, 0x77, 0x37, 0x36, 0x48, 0x48, + 0xfc, 0x1a, 0x89, 0x94, 0x6f, 0xc7, 0xea, 0xe5, 0xdb, 0x41, 0xcf, 0xc2, 0xc8, 0xcd, 0x28, 0xf0, + 0x57, 0x03, 0xd7, 0x17, 0x22, 0x88, 0xee, 0x38, 0x4e, 0xdc, 0xde, 0x9d, 0x1c, 0xa1, 0x23, 0x2a, + 0xdb, 0x71, 0x02, 0x0b, 0xcd, 0xc1, 0xc9, 0x9b, 0xaf, 0xae, 0x3a, 0xb1, 0xe1, 0x4d, 0x90, 0xfb, + 0x7e, 0x76, 0x1e, 0x75, 0xf9, 0xc5, 0x14, 0x10, 0x77, 0xe3, 0xdb, 0xff, 0xa0, 0x00, 0x0f, 0xa5, + 0x5e, 0x24, 0xf0, 0xbc, 0xa0, 0x1d, 0xd3, 0x3d, 0x11, 0xfa, 0xa2, 0x05, 0x27, 0x9a, 0x49, 0x87, + 0x45, 0x24, 0xdc, 0xdd, 0xef, 0xca, 0x4d, 0x47, 0xa4, 0x3c, 0x22, 0xb3, 0x13, 0x62, 0x84, 0x4e, + 0xa4, 0x00, 0x11, 0xee, 0xea, 0x0b, 0x7a, 0x19, 0x2a, 0x4d, 0x67, 0xe7, 0x5a, 0xab, 0xee, 0xc4, + 0x72, 0x3b, 0xda, 0xdb, 0x8b, 0xd0, 0x8e, 0x5d, 0x6f, 0x8a, 0x47, 0x6e, 0x4c, 0x2d, 0xfa, 0xf1, + 0x4a, 0x58, 0x8d, 0x43, 0xd7, 0x6f, 0x70, 0x27, 0xe7, 0xb2, 0x24, 0x83, 0x35, 0x45, 0xfb, 0x0b, + 0x56, 0x5a, 0x49, 0xa9, 0xd1, 0x09, 0x9d, 0x98, 0x34, 0x3a, 0xe8, 0xfd, 0x50, 0xa2, 0xfb, 0x46, + 0x39, 0x2a, 0x37, 0xf2, 0xd4, 0x9c, 0xc6, 0x97, 0xd0, 0x4a, 0x94, 0xfe, 0x8b, 0x30, 0x67, 0x6a, + 0x7f, 0xb1, 0x92, 0x36, 0x16, 0xd8, 0xd9, 0xfc, 0x79, 0x80, 0x46, 0xb0, 0x46, 0x9a, 0x2d, 0x8f, + 0x0e, 0x8b, 0xc5, 0x0e, 0x78, 0x94, 0xab, 0x64, 0x41, 0x41, 0xb0, 0x81, 0x85, 0x7e, 0xde, 0x02, + 0x68, 0xc8, 0x39, 0x2f, 0x0d, 0x81, 0x6b, 0x79, 0xbe, 0x8e, 0x5e, 0x51, 0xba, 0x2f, 0x8a, 0x21, + 0x36, 0x98, 0xa3, 0x9f, 0xb1, 0xa0, 0x1c, 0xcb, 0xee, 0x73, 0xd5, 0xb8, 0x96, 0x67, 0x4f, 0xe4, + 0x4b, 0x6b, 0x9b, 0x48, 0x0d, 0x89, 0xe2, 0x8b, 0x7e, 0xd6, 0x02, 0x88, 0x3a, 0x7e, 0x6d, 0x35, + 0xf0, 0xdc, 0x5a, 0x47, 0x68, 0xcc, 0xeb, 0xb9, 0xba, 0x73, 0x14, 0xf5, 0xd9, 0x31, 0x3a, 0x1a, + 0xfa, 0x3f, 0x36, 0x38, 0xa3, 0x0f, 0x42, 0x39, 0x12, 0xd3, 0x4d, 0xe8, 0xc8, 0xb5, 0x7c, 0x9d, + 0x4a, 0x9c, 0xb6, 0x10, 0xaf, 0xe2, 0x1f, 0x56, 0x3c, 0xd1, 0x2f, 0x5a, 0x30, 0xde, 0x4a, 0xba, + 0x09, 0x85, 0x3a, 0xcc, 0x4f, 0x06, 0xa4, 0xdc, 0x90, 0xdc, 0xdb, 0x92, 0x6a, 0xc4, 0xe9, 0x5e, + 0x50, 0x09, 0xa8, 0x67, 0xf0, 0x4a, 0x8b, 0xbb, 0x2c, 0x87, 0xb4, 0x04, 0x5c, 0x48, 0x03, 0x71, + 0x37, 0x3e, 0x5a, 0x85, 0xd3, 0xb4, 0x77, 0x1d, 0x6e, 0x7e, 0x4a, 0xf5, 0x12, 0x31, 0x65, 0x58, + 0x9e, 0x7d, 0x44, 0xcc, 0x10, 0x76, 0xd6, 0x91, 0xc6, 0xc1, 0x99, 0x4f, 0xa2, 0x3f, 0xb4, 0xe0, + 0x11, 0x97, 0xa9, 0x01, 0xd3, 0x61, 0xaf, 0x35, 0x82, 0x38, 0x68, 0x27, 0xb9, 0xca, 0x8a, 0x5e, + 0xea, 0x67, 0xf6, 0xcd, 0xe2, 0x0d, 0x1e, 0x59, 0xdc, 0xa3, 0x4b, 0x78, 0xcf, 0x0e, 0xa3, 0x1f, + 0x85, 0x51, 0xb9, 0x2e, 0x56, 0xa9, 0x08, 0x66, 0x8a, 0xb6, 0x32, 0x7b, 0xf2, 0xf6, 0xee, 0xe4, + 0xe8, 0x9a, 0x09, 0xc0, 0x49, 0x3c, 0xfb, 0xdf, 0x15, 0x13, 0xa7, 0x44, 0xca, 0x87, 0xc9, 0xc4, + 0x4d, 0x4d, 0xfa, 0x7f, 0xa4, 0xf4, 0xcc, 0x55, 0xdc, 0x28, 0xef, 0x92, 0x16, 0x37, 0xaa, 0x29, + 0xc2, 0x06, 0x73, 0x6a, 0x94, 0x9e, 0x74, 0xd2, 0x9e, 0x52, 0x21, 0x01, 0x5f, 0xce, 0xb3, 0x4b, + 0xdd, 0x67, 0x7a, 0x0f, 0x89, 0xae, 0x9d, 0xec, 0x02, 0xe1, 0xee, 0x2e, 0xa1, 0x0f, 0x40, 0x25, + 0x54, 0x91, 0x2d, 0xc5, 0x3c, 0xb6, 0x6a, 0x72, 0xda, 0x88, 0xee, 0xa8, 0x03, 0x20, 0x1d, 0xc3, + 0xa2, 0x39, 0xda, 0x7f, 0x90, 0x3c, 0x18, 0x33, 0x64, 0x47, 0x1f, 0x87, 0x7e, 0x9f, 0xb6, 0x60, + 0x38, 0x0c, 0x3c, 0xcf, 0xf5, 0x1b, 0x54, 0xce, 0x09, 0x65, 0xfd, 0x9e, 0x23, 0xd1, 0x97, 0x42, + 0xa0, 0x31, 0xcb, 0x1a, 0x6b, 0x9e, 0xd8, 0xec, 0x80, 0xfd, 0x67, 0x16, 0x4c, 0xf4, 0x92, 0xc7, + 0x88, 0xc0, 0xc3, 0x52, 0xd8, 0xa8, 0xa1, 0x58, 0xf1, 0xe7, 0x89, 0x47, 0x94, 0xdb, 0xbc, 0x3c, + 0xfb, 0xb8, 0x78, 0xcd, 0x87, 0x57, 0x7b, 0xa3, 0xe2, 0xbd, 0xe8, 0xa0, 0x97, 0xe0, 0x84, 0xf1, + 0x5e, 0x91, 0x1a, 0x98, 0xca, 0xec, 0x14, 0x35, 0x80, 0x66, 0x52, 0xb0, 0x3b, 0xbb, 0x93, 0x0f, + 0xa4, 0xdb, 0x84, 0xc2, 0xe8, 0xa2, 0x63, 0x7f, 0xa5, 0x90, 0xfe, 0x5a, 0x4a, 0xd7, 0xbf, 0x6e, + 0x75, 0x79, 0x13, 0xde, 0x75, 0x14, 0xfa, 0x95, 0xf9, 0x1d, 0x54, 0x18, 0x46, 0x6f, 0x9c, 0x7b, + 0x78, 0x6c, 0x6f, 0xff, 0xfb, 0x01, 0xd8, 0xa3, 0x67, 0x7d, 0x18, 0xef, 0x07, 0x3e, 0x47, 0xfd, + 0xa4, 0xa5, 0x0e, 0xcc, 0xf8, 0x1a, 0xae, 0x1f, 0xd5, 0xd8, 0xf3, 0xfd, 0x53, 0xc4, 0x43, 0x47, + 0x94, 0x17, 0x3d, 0x79, 0x34, 0x87, 0xbe, 0x64, 0x25, 0x8f, 0xfc, 0x78, 0x50, 0xa3, 0x7b, 0x64, + 0x7d, 0x32, 0xce, 0x11, 0x79, 0xc7, 0xf4, 0xe9, 0x53, 0xaf, 0x13, 0xc6, 0x29, 0x80, 0x0d, 0xd7, + 0x77, 0x3c, 0xf7, 0x35, 0xba, 0x3b, 0x2a, 0x31, 0x05, 0xcf, 0x2c, 0xa6, 0x8b, 0xaa, 0x15, 0x1b, + 0x18, 0x67, 0xff, 0x7f, 0x18, 0x36, 0xde, 0x3c, 0x23, 0xe2, 0xe5, 0xb4, 0x19, 0xf1, 0x52, 0x31, + 0x02, 0x55, 0xce, 0xbe, 0x03, 0x4e, 0xa4, 0x3b, 0x78, 0x90, 0xe7, 0xed, 0xff, 0x3d, 0x94, 0x3e, + 0x83, 0x5b, 0x23, 0x61, 0x93, 0x76, 0xed, 0x0d, 0xc7, 0xd6, 0x1b, 0x8e, 0xad, 0x37, 0x1c, 0x5b, + 0xe6, 0xd9, 0x84, 0x70, 0xda, 0x0c, 0x1d, 0x93, 0xd3, 0x26, 0xe1, 0x86, 0x2a, 0xe7, 0xee, 0x86, + 0xb2, 0x3f, 0xd6, 0xe5, 0xb9, 0x5f, 0x0b, 0x09, 0x41, 0x01, 0x94, 0xfc, 0xa0, 0x4e, 0xa4, 0x8d, + 0x7b, 0x39, 0x1f, 0x83, 0xed, 0x6a, 0x50, 0x37, 0xc2, 0xc5, 0xe9, 0xbf, 0x08, 0x73, 0x3e, 0xf6, + 0x47, 0x07, 0x21, 0x61, 0x4e, 0xf2, 0xef, 0xfe, 0x43, 0x30, 0x14, 0x92, 0x56, 0x70, 0x0d, 0x2f, + 0x09, 0x5d, 0xa6, 0x33, 0x4a, 0x78, 0x33, 0x96, 0x70, 0xaa, 0xf3, 0x5a, 0x4e, 0xbc, 0x29, 0x94, + 0x99, 0xd2, 0x79, 0xab, 0x4e, 0xbc, 0x89, 0x19, 0x04, 0xbd, 0x03, 0xc6, 0xe2, 0xc4, 0x51, 0xb8, + 0x38, 0xf2, 0x7d, 0x40, 0xe0, 0x8e, 0x25, 0x0f, 0xca, 0x71, 0x0a, 0x1b, 0xbd, 0x0a, 0x03, 0x9b, + 0xc4, 0x6b, 0x8a, 0x4f, 0x5f, 0xcd, 0x4f, 0xd7, 0xb0, 0x77, 0xbd, 0x44, 0xbc, 0x26, 0x97, 0x84, + 0xf4, 0x17, 0x66, 0xac, 0xe8, 0xbc, 0xaf, 0x6c, 0xb5, 0xa3, 0x38, 0x68, 0xba, 0xaf, 0x49, 0x4f, + 0xe7, 0xbb, 0x72, 0x66, 0x7c, 0x45, 0xd2, 0xe7, 0x2e, 0x25, 0xf5, 0x17, 0x6b, 0xce, 0xac, 0x1f, + 0x75, 0x37, 0x64, 0x53, 0xa6, 0x23, 0x1c, 0x96, 0x79, 0xf7, 0x63, 0x5e, 0xd2, 0xe7, 0xfd, 0x50, + 0x7f, 0xb1, 0xe6, 0x8c, 0x3a, 0x6a, 0xfd, 0x0d, 0xb3, 0x3e, 0x5c, 0xcb, 0xb9, 0x0f, 0x7c, 0xed, + 0x65, 0xae, 0xc3, 0xc7, 0xa1, 0x54, 0xdb, 0x74, 0xc2, 0x78, 0x62, 0x84, 0x4d, 0x1a, 0x35, 0x8b, + 0xe7, 0x68, 0x23, 0xe6, 0x30, 0xf4, 0x28, 0x14, 0x43, 0xb2, 0xc1, 0xa2, 0x93, 0x8d, 0xb8, 0x28, + 0x4c, 0x36, 0x30, 0x6d, 0x57, 0x76, 0xd9, 0x58, 0xcf, 0x80, 0xb9, 0x5f, 0x29, 0x24, 0x0d, 0xbb, + 0xe4, 0xc8, 0xf0, 0xf5, 0x50, 0x6b, 0x87, 0x91, 0x74, 0x90, 0x19, 0xeb, 0x81, 0x35, 0x63, 0x09, + 0x47, 0x1f, 0xb6, 0x60, 0xe8, 0x66, 0x14, 0xf8, 0x3e, 0x89, 0x85, 0x12, 0xbd, 0x9e, 0xf3, 0x60, + 0x5d, 0xe6, 0xd4, 0x75, 0x1f, 0x44, 0x03, 0x96, 0x7c, 0x69, 0x77, 0xc9, 0x4e, 0xcd, 0x6b, 0xd7, + 0xbb, 0x82, 0x61, 0x2e, 0xf0, 0x66, 0x2c, 0xe1, 0x14, 0xd5, 0xf5, 0x39, 0xea, 0x40, 0x12, 0x75, + 0xd1, 0x17, 0xa8, 0x02, 0x6e, 0xff, 0x7a, 0x19, 0xce, 0x64, 0x2e, 0x1f, 0x6a, 0x72, 0x31, 0xa3, + 0xe6, 0xa2, 0xeb, 0x11, 0x19, 0x06, 0xc6, 0x4c, 0xae, 0xeb, 0xaa, 0x15, 0x1b, 0x18, 0xe8, 0xa7, + 0x01, 0x5a, 0x4e, 0xe8, 0x34, 0x89, 0x72, 0x60, 0x1f, 0xda, 0xb2, 0xa1, 0xfd, 0x58, 0x95, 0x34, + 0xf5, 0x26, 0x5e, 0x35, 0x45, 0xd8, 0x60, 0x89, 0x9e, 0x83, 0xe1, 0x90, 0x78, 0xc4, 0x89, 0x58, + 0xf8, 0x7b, 0x3a, 0x97, 0x07, 0x6b, 0x10, 0x36, 0xf1, 0xd0, 0x13, 0x2a, 0x62, 0x2e, 0x15, 0x39, + 0x94, 0x8c, 0x9a, 0x43, 0x9f, 0xb1, 0x60, 0x6c, 0xc3, 0xf5, 0x88, 0xe6, 0x2e, 0x32, 0x6f, 0x56, + 0x0e, 0xff, 0x92, 0x17, 0x4d, 0xba, 0x5a, 0x86, 0x26, 0x9a, 0x23, 0x9c, 0x62, 0x4f, 0x3f, 0xf3, + 0x36, 0x09, 0x99, 0xf0, 0x1d, 0x4c, 0x7e, 0xe6, 0xeb, 0xbc, 0x19, 0x4b, 0x38, 0x9a, 0x81, 0xf1, + 0x96, 0x13, 0x45, 0x73, 0x21, 0xa9, 0x13, 0x3f, 0x76, 0x1d, 0x8f, 0xe7, 0xc5, 0x94, 0x75, 0x38, + 0xf9, 0x6a, 0x12, 0x8c, 0xd3, 0xf8, 0xe8, 0xdd, 0xf0, 0x20, 0xf7, 0x10, 0x2d, 0xbb, 0x51, 0xe4, + 0xfa, 0x0d, 0x3d, 0x0d, 0x84, 0xa3, 0x6c, 0x52, 0x90, 0x7a, 0x70, 0x31, 0x1b, 0x0d, 0xf7, 0x7a, + 0x1e, 0x3d, 0x05, 0xe5, 0x68, 0xcb, 0x6d, 0xcd, 0x85, 0xf5, 0x88, 0x9d, 0x0e, 0x95, 0xb5, 0x5b, + 0xb6, 0x2a, 0xda, 0xb1, 0xc2, 0x40, 0x35, 0x18, 0xe1, 0x9f, 0x84, 0x87, 0xfc, 0x09, 0x09, 0xfa, + 0x74, 0x4f, 0x45, 0x2e, 0xd2, 0x3c, 0xa7, 0xb0, 0x73, 0xeb, 0x82, 0x3c, 0xab, 0xe2, 0x47, 0x2b, + 0xd7, 0x0d, 0x32, 0x38, 0x41, 0x34, 0xb9, 0xa7, 0x1b, 0xee, 0x63, 0x4f, 0xf7, 0x1c, 0x0c, 0x6f, + 0xb5, 0xd7, 0x89, 0x18, 0x79, 0x21, 0xd8, 0xd4, 0xec, 0xbb, 0xa2, 0x41, 0xd8, 0xc4, 0x63, 0xd1, + 0x96, 0x2d, 0x57, 0xfc, 0x8b, 0x26, 0x46, 0x8d, 0x68, 0xcb, 0xd5, 0x45, 0xd9, 0x8c, 0x4d, 0x1c, + 0xda, 0x35, 0x3a, 0x16, 0x6b, 0x24, 0x62, 0xc9, 0x14, 0x74, 0xb8, 0x54, 0xd7, 0xaa, 0x12, 0x80, + 0x35, 0x0e, 0x5a, 0x85, 0xd3, 0xf4, 0x4f, 0x95, 0xa5, 0xb9, 0x5e, 0x77, 0x3c, 0xb7, 0xce, 0x43, + 0xff, 0xc6, 0x93, 0xfe, 0xcd, 0x6a, 0x06, 0x0e, 0xce, 0x7c, 0xd2, 0xfe, 0xa5, 0x42, 0xd2, 0x73, + 0x62, 0x8a, 0x30, 0x14, 0x51, 0x41, 0x15, 0x5f, 0x77, 0x42, 0x69, 0xf0, 0x1c, 0x32, 0xb9, 0x49, + 0xd0, 0xbd, 0xee, 0x84, 0xa6, 0xc8, 0x63, 0x0c, 0xb0, 0xe4, 0x84, 0x6e, 0xc2, 0x40, 0xec, 0x39, + 0x39, 0x65, 0x43, 0x1a, 0x1c, 0xb5, 0x23, 0x6b, 0x69, 0x26, 0xc2, 0x8c, 0x07, 0x7a, 0x84, 0xee, + 0xde, 0xd6, 0xe5, 0x49, 0x9b, 0xd8, 0x70, 0xad, 0x47, 0x98, 0xb5, 0xda, 0x7f, 0x3e, 0x9c, 0xa1, + 0x75, 0x94, 0x21, 0x80, 0xce, 0x03, 0xd0, 0x49, 0xb3, 0x1a, 0x92, 0x0d, 0x77, 0x47, 0x18, 0x62, + 0x4a, 0xb2, 0x5d, 0x55, 0x10, 0x6c, 0x60, 0xc9, 0x67, 0xaa, 0xed, 0x0d, 0xfa, 0x4c, 0xa1, 0xfb, + 0x19, 0x0e, 0xc1, 0x06, 0x16, 0x7a, 0x16, 0x06, 0xdd, 0xa6, 0xd3, 0x50, 0x81, 0xc0, 0x8f, 0x50, + 0x91, 0xb6, 0xc8, 0x5a, 0xee, 0xec, 0x4e, 0x8e, 0xa9, 0x0e, 0xb1, 0x26, 0x2c, 0x70, 0xd1, 0x57, + 0x2c, 0x18, 0xa9, 0x05, 0xcd, 0x66, 0xe0, 0xf3, 0xed, 0xb3, 0xf0, 0x05, 0xdc, 0x3c, 0x2a, 0x33, + 0x69, 0x6a, 0xce, 0x60, 0xc6, 0x9d, 0x01, 0x2a, 0x6d, 0xd3, 0x04, 0xe1, 0x44, 0xaf, 0x4c, 0xc9, + 0x57, 0xda, 0x47, 0xf2, 0xfd, 0x86, 0x05, 0x27, 0xf9, 0xb3, 0xc6, 0xae, 0x5e, 0x64, 0x28, 0x06, + 0x47, 0xfc, 0x5a, 0x5d, 0x8e, 0x0e, 0xe5, 0xec, 0xed, 0x82, 0xe3, 0xee, 0x4e, 0xa2, 0x05, 0x38, + 0xb9, 0x11, 0x84, 0x35, 0x62, 0x0e, 0x84, 0x10, 0xdb, 0x8a, 0xd0, 0xc5, 0x34, 0x02, 0xee, 0x7e, + 0x06, 0x5d, 0x87, 0x07, 0x8c, 0x46, 0x73, 0x1c, 0xb8, 0xe4, 0x7e, 0x4c, 0x50, 0x7b, 0xe0, 0x62, + 0x26, 0x16, 0xee, 0xf1, 0x74, 0x52, 0x48, 0x56, 0xfa, 0x10, 0x92, 0xaf, 0xc0, 0x43, 0xb5, 0xee, + 0x91, 0xd9, 0x8e, 0xda, 0xeb, 0x11, 0x97, 0xe3, 0xe5, 0xd9, 0x1f, 0x10, 0x04, 0x1e, 0x9a, 0xeb, + 0x85, 0x88, 0x7b, 0xd3, 0x40, 0xef, 0x87, 0x72, 0x48, 0xd8, 0x57, 0x89, 0x44, 0xba, 0xde, 0x21, + 0xbd, 0x1d, 0xda, 0x82, 0xe7, 0x64, 0xb5, 0x66, 0x12, 0x0d, 0x11, 0x56, 0x1c, 0xd1, 0x2d, 0x18, + 0x6a, 0x39, 0x71, 0x6d, 0x53, 0x24, 0xe9, 0x1d, 0xda, 0x37, 0xaf, 0x98, 0xb3, 0xa3, 0x14, 0x23, + 0xad, 0x9f, 0x33, 0xc1, 0x92, 0x1b, 0xb5, 0xd5, 0x6a, 0x41, 0xb3, 0x15, 0xf8, 0xc4, 0x8f, 0xa5, + 0x12, 0x19, 0xe3, 0xe7, 0x1d, 0xb2, 0x15, 0x1b, 0x18, 0x54, 0x23, 0x30, 0xdf, 0xdf, 0x0d, 0x37, + 0xde, 0x0c, 0xda, 0xb1, 0xdc, 0xca, 0x0a, 0x6d, 0xa2, 0x34, 0xc2, 0x52, 0x06, 0x0e, 0xce, 0x7c, + 0x32, 0xad, 0xfe, 0xc6, 0xef, 0x4e, 0xfd, 0x9d, 0xd8, 0x5f, 0xfd, 0x9d, 0x7d, 0x27, 0x9c, 0xec, + 0x12, 0x1a, 0x07, 0x72, 0xf0, 0xcd, 0xc3, 0x03, 0xd9, 0xcb, 0xf3, 0x40, 0x6e, 0xbe, 0x5f, 0x4f, + 0xc5, 0x79, 0x1b, 0x5b, 0x9e, 0x3e, 0x5c, 0xc6, 0x0e, 0x14, 0x89, 0xbf, 0x2d, 0xb4, 0xd5, 0xc5, + 0xc3, 0xcd, 0x92, 0x0b, 0xfe, 0x36, 0x97, 0x2e, 0xcc, 0x2f, 0x76, 0xc1, 0xdf, 0xc6, 0x94, 0x36, + 0xfa, 0x9c, 0x95, 0x30, 0xc8, 0xb9, 0xa3, 0xf9, 0xbd, 0x47, 0xb2, 0xc7, 0xeb, 0xdb, 0x46, 0xb7, + 0xff, 0x43, 0x01, 0xce, 0xed, 0x47, 0xa4, 0x8f, 0xe1, 0x7b, 0x1c, 0x06, 0x23, 0x16, 0xb9, 0x21, + 0xc4, 0xff, 0x30, 0x5d, 0x15, 0x3c, 0x96, 0xe3, 0x15, 0x2c, 0x40, 0xc8, 0x83, 0x62, 0xd3, 0x69, + 0x09, 0xff, 0xe3, 0xe2, 0x61, 0xf3, 0xe1, 0xe8, 0x7f, 0xc7, 0x5b, 0x76, 0x5a, 0x7c, 0x7a, 0x1a, + 0x0d, 0x98, 0xb2, 0x41, 0x31, 0x94, 0x9c, 0x30, 0x74, 0x64, 0x98, 0xc0, 0x95, 0x7c, 0xf8, 0xcd, + 0x50, 0x92, 0xfc, 0x94, 0x35, 0xd1, 0x84, 0x39, 0x33, 0xfb, 0x17, 0xcb, 0x89, 0xe4, 0x29, 0x16, + 0xfb, 0x11, 0xc1, 0xa0, 0x70, 0x3b, 0x5a, 0x79, 0xa7, 0x21, 0xf2, 0xec, 0x64, 0xb6, 0xa3, 0x17, + 0x35, 0x1e, 0x04, 0x2b, 0xf4, 0x09, 0x8b, 0x55, 0x52, 0x90, 0x19, 0x69, 0x62, 0x97, 0x7c, 0x34, + 0x85, 0x1d, 0xcc, 0xfa, 0x0c, 0xb2, 0x11, 0x9b, 0xdc, 0x45, 0x45, 0x14, 0xb6, 0x3b, 0xe8, 0xae, + 0x88, 0xc2, 0xac, 0x7d, 0x09, 0x47, 0x3b, 0x19, 0x31, 0x1e, 0x39, 0x64, 0xe3, 0xf7, 0x11, 0xd5, + 0xf1, 0x25, 0x0b, 0x4e, 0xba, 0xe9, 0xc3, 0x7a, 0xb1, 0xa7, 0xbc, 0x91, 0x8f, 0x8f, 0xb0, 0x3b, + 0x16, 0x40, 0x19, 0x0e, 0x5d, 0x20, 0xdc, 0xdd, 0x19, 0x54, 0x87, 0x01, 0xd7, 0xdf, 0x08, 0x84, + 0xb9, 0x34, 0x7b, 0xb8, 0x4e, 0x2d, 0xfa, 0x1b, 0x81, 0x5e, 0xcd, 0xf4, 0x1f, 0x66, 0xd4, 0xd1, + 0x12, 0x9c, 0x96, 0xf9, 0x33, 0x97, 0xdc, 0x28, 0x0e, 0xc2, 0xce, 0x92, 0xdb, 0x74, 0x63, 0x66, + 0xea, 0x14, 0x67, 0x27, 0xa8, 0x26, 0xc2, 0x19, 0x70, 0x9c, 0xf9, 0x14, 0x7a, 0x0d, 0x86, 0xe4, + 0x01, 0x79, 0x39, 0x8f, 0xfd, 0x79, 0xf7, 0xfc, 0x57, 0x93, 0xa9, 0x2a, 0x4e, 0xc8, 0x25, 0x43, + 0xf4, 0x71, 0x0b, 0xc6, 0xf8, 0xef, 0x4b, 0x9d, 0x3a, 0x4f, 0xd9, 0xab, 0xe4, 0x11, 0x05, 0x5f, + 0x4d, 0xd0, 0x9c, 0x45, 0xb7, 0x77, 0x27, 0xc7, 0x92, 0x6d, 0x38, 0xc5, 0xd7, 0xfe, 0xca, 0x08, + 0x74, 0x87, 0x14, 0x24, 0xe3, 0x07, 0xac, 0xe3, 0x8e, 0x1f, 0xa0, 0xbb, 0xb4, 0x48, 0x1f, 0xfd, + 0xe7, 0xb0, 0xcc, 0x04, 0x57, 0x7d, 0xac, 0xdb, 0xf1, 0x6b, 0x98, 0xf1, 0x40, 0x21, 0x0c, 0x6e, + 0x12, 0xc7, 0x8b, 0x37, 0xf3, 0x39, 0x81, 0xba, 0xc4, 0x68, 0xa5, 0xf3, 0xef, 0x78, 0x2b, 0x16, + 0x9c, 0xd0, 0x0e, 0x0c, 0x6d, 0xf2, 0xb9, 0x28, 0x36, 0x4e, 0xcb, 0x87, 0x1d, 0xdc, 0xc4, 0x04, + 0xd7, 0x33, 0x4f, 0x34, 0x60, 0xc9, 0x8e, 0xc5, 0xaa, 0x19, 0xd1, 0x34, 0x5c, 0x8a, 0xe4, 0x97, + 0x7a, 0xd8, 0x7f, 0x28, 0xcd, 0xfb, 0x60, 0x24, 0x24, 0xb5, 0xc0, 0xaf, 0xb9, 0x1e, 0xa9, 0xcf, + 0xc8, 0xd3, 0xa5, 0x83, 0x64, 0x9c, 0x31, 0xd7, 0x0c, 0x36, 0x68, 0xe0, 0x04, 0x45, 0xb6, 0xc8, + 0x54, 0x16, 0x3a, 0xfd, 0x20, 0x44, 0x9c, 0x22, 0x2c, 0xe5, 0x94, 0xf3, 0xce, 0x68, 0xf2, 0x45, + 0x96, 0x6c, 0xc3, 0x29, 0xbe, 0xe8, 0x25, 0x80, 0x60, 0x9d, 0x07, 0xa4, 0xcd, 0xc4, 0xe2, 0x48, + 0xe1, 0x20, 0xaf, 0x3a, 0xc6, 0x33, 0x57, 0x25, 0x05, 0x6c, 0x50, 0x43, 0x57, 0x00, 0xf8, 0xb2, + 0x59, 0xeb, 0xb4, 0xe4, 0xee, 0x4a, 0xa6, 0x0c, 0x42, 0x55, 0x41, 0xee, 0xec, 0x4e, 0x76, 0x3b, + 0x70, 0x59, 0xd4, 0x8d, 0xf1, 0x38, 0xfa, 0x29, 0x18, 0x8a, 0xda, 0xcd, 0xa6, 0xa3, 0x0e, 0x1c, + 0x72, 0xcc, 0x85, 0xe5, 0x74, 0x0d, 0xa9, 0xc8, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x52, 0xf9, 0x2e, + 0xc4, 0x13, 0x5f, 0x45, 0xdc, 0x3c, 0xe1, 0x6e, 0xb5, 0xb7, 0xc9, 0xdd, 0x06, 0xce, 0xc0, 0xb9, + 0xb3, 0x3b, 0xf9, 0x40, 0xb2, 0x7d, 0x29, 0x10, 0xd9, 0xa9, 0x99, 0x34, 0xd1, 0x65, 0x59, 0x94, + 0x8a, 0xbe, 0xb6, 0xac, 0x95, 0xf2, 0xa4, 0x2e, 0x4a, 0xc5, 0x9a, 0x7b, 0x8f, 0x99, 0xf9, 0x30, + 0x5a, 0x86, 0x53, 0xb5, 0xc0, 0x8f, 0xc3, 0xc0, 0xf3, 0x78, 0x51, 0x36, 0xbe, 0xd1, 0xe5, 0x07, + 0x12, 0x0f, 0x8b, 0x6e, 0x9f, 0x9a, 0xeb, 0x46, 0xc1, 0x59, 0xcf, 0x51, 0x83, 0x3c, 0xad, 0x1c, + 0xc6, 0x72, 0x39, 0xab, 0x4e, 0xd0, 0x14, 0x12, 0x4a, 0xf9, 0x90, 0xf7, 0x51, 0x13, 0x7e, 0xf2, + 0xc4, 0x52, 0x7c, 0xb1, 0x67, 0x61, 0x84, 0xec, 0xc4, 0x24, 0xf4, 0x1d, 0xef, 0x1a, 0x5e, 0x92, + 0xde, 0x7f, 0xb6, 0x30, 0x2f, 0x18, 0xed, 0x38, 0x81, 0x85, 0x6c, 0xe5, 0x72, 0x32, 0xd2, 0xc0, + 0xb9, 0xcb, 0x49, 0x3a, 0x98, 0xec, 0xaf, 0x15, 0x13, 0x06, 0xeb, 0x3d, 0x39, 0x1f, 0x65, 0xf5, + 0x86, 0x64, 0x61, 0x26, 0x06, 0x10, 0x1b, 0xb1, 0x3c, 0x39, 0xab, 0x7a, 0x43, 0x2b, 0x26, 0x23, + 0x9c, 0xe4, 0x8b, 0xb6, 0xa0, 0xb4, 0x19, 0x44, 0xb1, 0xdc, 0x9e, 0x1d, 0x72, 0x27, 0x78, 0x29, + 0x88, 0x62, 0x66, 0x65, 0xa9, 0xd7, 0xa6, 0x2d, 0x11, 0xe6, 0x3c, 0xe8, 0x1e, 0x3d, 0xda, 0x74, + 0xc2, 0x7a, 0x34, 0xc7, 0x8a, 0x36, 0x0c, 0x30, 0xf3, 0x4a, 0x19, 0xd3, 0x55, 0x0d, 0xc2, 0x26, + 0x9e, 0xfd, 0x17, 0x56, 0xe2, 0x88, 0xe8, 0x06, 0x8b, 0xc0, 0xdf, 0x26, 0x3e, 0x15, 0x51, 0x66, + 0xcc, 0xdf, 0x8f, 0xa6, 0xf2, 0x99, 0xdf, 0xd2, 0xab, 0x7e, 0xe2, 0x2d, 0x4a, 0x61, 0x8a, 0x91, + 0x30, 0xc2, 0x03, 0x3f, 0x64, 0x25, 0x13, 0xd3, 0x0b, 0x79, 0xec, 0xdb, 0xcc, 0xe2, 0x0c, 0xfb, + 0xe6, 0xb8, 0xdb, 0x9f, 0xb3, 0x60, 0x68, 0xd6, 0xa9, 0x6d, 0x05, 0x1b, 0x1b, 0xe8, 0x29, 0x28, + 0xd7, 0xdb, 0xa1, 0x99, 0x23, 0xaf, 0x3c, 0x3f, 0xf3, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0xf5, 0x37, + 0x9c, 0x9a, 0x2c, 0xd1, 0x50, 0xe4, 0x53, 0xff, 0x22, 0x6b, 0xc1, 0x02, 0x42, 0x87, 0xbf, 0xe9, + 0xec, 0xc8, 0x87, 0xd3, 0xe7, 0x53, 0xcb, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xdf, 0x58, 0x30, 0x31, + 0xeb, 0x44, 0x6e, 0x6d, 0xa6, 0x1d, 0x6f, 0xce, 0xba, 0xf1, 0x7a, 0xbb, 0xb6, 0x45, 0x62, 0x5e, + 0xca, 0x83, 0xf6, 0xb2, 0x1d, 0xd1, 0x15, 0xa8, 0xb6, 0xcb, 0xaa, 0x97, 0xd7, 0x44, 0x3b, 0x56, + 0x18, 0xe8, 0x35, 0x18, 0x6e, 0x39, 0x51, 0x74, 0x2b, 0x08, 0xeb, 0x98, 0x6c, 0xe4, 0x53, 0xec, + 0xa7, 0x4a, 0x6a, 0x21, 0x89, 0x31, 0xd9, 0x10, 0xd1, 0x1e, 0x9a, 0x3e, 0x36, 0x99, 0xd9, 0x3f, + 0x6f, 0xc1, 0xe9, 0x59, 0xe2, 0x84, 0x24, 0x64, 0xb5, 0x81, 0xd4, 0x8b, 0xa0, 0x57, 0xa1, 0x1c, + 0xd3, 0x16, 0xda, 0x23, 0x2b, 0xdf, 0x1e, 0xb1, 0x38, 0x8d, 0x35, 0x41, 0x1c, 0x2b, 0x36, 0xf6, + 0xa7, 0x2d, 0x78, 0x28, 0xab, 0x2f, 0x73, 0x5e, 0xd0, 0xae, 0xdf, 0x8b, 0x0e, 0xfd, 0x7d, 0x0b, + 0x46, 0xd8, 0xd9, 0xf7, 0x3c, 0x89, 0x1d, 0xd7, 0xeb, 0xaa, 0x4b, 0x68, 0xf5, 0x59, 0x97, 0xf0, + 0x1c, 0x0c, 0x6c, 0x06, 0x4d, 0x92, 0x8e, 0xdb, 0xb8, 0x14, 0x34, 0x09, 0x66, 0x10, 0xf4, 0x0c, + 0x9d, 0x84, 0xae, 0x1f, 0x3b, 0x74, 0x39, 0xca, 0xb3, 0x81, 0x71, 0x3e, 0x01, 0x55, 0x33, 0x36, + 0x71, 0xec, 0x7f, 0x5d, 0x81, 0x21, 0x11, 0x64, 0xd4, 0x77, 0x69, 0x19, 0xe9, 0xc2, 0x29, 0xf4, + 0x74, 0xe1, 0x44, 0x30, 0x58, 0x63, 0x05, 0x52, 0x85, 0x79, 0x7e, 0x25, 0x97, 0xa8, 0x34, 0x5e, + 0x73, 0x55, 0x77, 0x8b, 0xff, 0xc7, 0x82, 0x15, 0xfa, 0xac, 0x05, 0xe3, 0xb5, 0xc0, 0xf7, 0x49, + 0x4d, 0xdb, 0x8e, 0x03, 0x79, 0x04, 0x1f, 0xcd, 0x25, 0x89, 0xea, 0x63, 0xd5, 0x14, 0x00, 0xa7, + 0xd9, 0xa3, 0x17, 0x60, 0x94, 0x8f, 0xd9, 0xf5, 0xc4, 0x81, 0x86, 0x2e, 0x57, 0x67, 0x02, 0x71, + 0x12, 0x17, 0x4d, 0xf1, 0x83, 0x21, 0x51, 0x18, 0x6e, 0x50, 0xfb, 0x7d, 0x8d, 0x92, 0x70, 0x06, + 0x06, 0x0a, 0x01, 0x85, 0x64, 0x23, 0x24, 0xd1, 0xa6, 0x08, 0xc2, 0x62, 0x76, 0xeb, 0xd0, 0xdd, + 0x15, 0x85, 0xc0, 0x5d, 0x94, 0x70, 0x06, 0x75, 0xb4, 0x25, 0x7c, 0x08, 0xe5, 0x3c, 0xe4, 0xb9, + 0xf8, 0xcc, 0x3d, 0x5d, 0x09, 0x93, 0x50, 0x62, 0xaa, 0x8b, 0xd9, 0xcb, 0x45, 0x9e, 0x88, 0xc8, + 0x14, 0x1b, 0xe6, 0xed, 0x68, 0x1e, 0x4e, 0xa4, 0x8a, 0xed, 0x45, 0xe2, 0xe0, 0x41, 0x25, 0x9d, + 0xa5, 0xca, 0xf4, 0x45, 0xb8, 0xeb, 0x09, 0xd3, 0xbf, 0x34, 0xbc, 0x8f, 0x7f, 0xa9, 0xa3, 0x42, + 0x7d, 0xf9, 0x91, 0xc0, 0x8b, 0xb9, 0x0c, 0x40, 0x5f, 0x71, 0xbd, 0x9f, 0x4a, 0xc5, 0xf5, 0x8e, + 0xb2, 0x0e, 0x5c, 0xcf, 0xa7, 0x03, 0x07, 0x0f, 0xe2, 0xbd, 0x97, 0x41, 0xb9, 0xff, 0xcb, 0x02, + 0xf9, 0x5d, 0xe7, 0x9c, 0xda, 0x26, 0xa1, 0x53, 0x06, 0xbd, 0x03, 0xc6, 0x94, 0x6b, 0x82, 0x9b, + 0x44, 0x16, 0x9b, 0x35, 0xca, 0x76, 0xc6, 0x09, 0x28, 0x4e, 0x61, 0xa3, 0x69, 0xa8, 0xd0, 0x71, + 0xe2, 0x8f, 0x72, 0xbd, 0xaf, 0xdc, 0x1f, 0x33, 0xab, 0x8b, 0xe2, 0x29, 0x8d, 0x83, 0x02, 0x38, + 0xe9, 0x39, 0x51, 0xcc, 0x7a, 0x50, 0xed, 0xf8, 0xb5, 0xbb, 0x2c, 0xc9, 0xc2, 0x32, 0x9b, 0x96, + 0xd2, 0x84, 0x70, 0x37, 0x6d, 0xfb, 0x3f, 0x96, 0x60, 0x34, 0x21, 0x19, 0x0f, 0x68, 0x30, 0x3c, + 0x05, 0x65, 0xa9, 0xc3, 0xd3, 0xb5, 0xa7, 0x94, 0xa2, 0x57, 0x18, 0x54, 0x69, 0xad, 0x6b, 0xad, + 0x9a, 0x36, 0x70, 0x0c, 0x85, 0x8b, 0x4d, 0x3c, 0x26, 0x94, 0x63, 0x2f, 0x9a, 0xf3, 0x5c, 0xe2, + 0xc7, 0xbc, 0x9b, 0xf9, 0x08, 0xe5, 0xb5, 0xa5, 0xaa, 0x49, 0x54, 0x0b, 0xe5, 0x14, 0x00, 0xa7, + 0xd9, 0xa3, 0x8f, 0x5a, 0x30, 0xea, 0xdc, 0x8a, 0x74, 0x15, 0x6f, 0x11, 0xc1, 0x7b, 0x48, 0x25, + 0x95, 0x28, 0x0c, 0xce, 0xbd, 0xfa, 0x89, 0x26, 0x9c, 0x64, 0x8a, 0x5e, 0xb7, 0x00, 0x91, 0x1d, + 0x52, 0x93, 0x31, 0xc6, 0xa2, 0x2f, 0x83, 0x79, 0xec, 0xe0, 0x2f, 0x74, 0xd1, 0xe5, 0x52, 0xbd, + 0xbb, 0x1d, 0x67, 0xf4, 0x01, 0x5d, 0x06, 0x54, 0x77, 0x23, 0x67, 0xdd, 0x23, 0x73, 0x41, 0x53, + 0x66, 0xe3, 0x8a, 0xc3, 0xe9, 0xb3, 0x62, 0x9c, 0xd1, 0x7c, 0x17, 0x06, 0xce, 0x78, 0x8a, 0xcd, + 0xb2, 0x30, 0xd8, 0xe9, 0x5c, 0x0b, 0x3d, 0xa6, 0x25, 0xcc, 0x59, 0x26, 0xda, 0xb1, 0xc2, 0xb0, + 0xff, 0xb2, 0xa8, 0x96, 0xb2, 0x0e, 0xa8, 0x77, 0x8c, 0xc0, 0x5e, 0xeb, 0xee, 0x03, 0x7b, 0x75, + 0xd8, 0x51, 0x77, 0x8e, 0x79, 0x22, 0x25, 0xb5, 0x70, 0x8f, 0x52, 0x52, 0x7f, 0xc6, 0x4a, 0xd4, + 0x77, 0x1b, 0x3e, 0xff, 0x52, 0xbe, 0xc1, 0xfc, 0x53, 0x3c, 0x24, 0x2a, 0xa5, 0x57, 0x52, 0x91, + 0x70, 0x4f, 0x41, 0x79, 0xc3, 0x73, 0x58, 0x55, 0x12, 0xb6, 0x50, 0x8d, 0x70, 0xad, 0x8b, 0xa2, + 0x1d, 0x2b, 0x0c, 0x2a, 0xf5, 0x0d, 0xa2, 0x07, 0x92, 0xda, 0xff, 0xb9, 0x08, 0xc3, 0x86, 0xc6, + 0xcf, 0x34, 0xdf, 0xac, 0xfb, 0xcc, 0x7c, 0x2b, 0x1c, 0xc0, 0x7c, 0xfb, 0x69, 0xa8, 0xd4, 0xa4, + 0x36, 0xca, 0xa7, 0x5e, 0x7d, 0x5a, 0xc7, 0x69, 0x85, 0xa4, 0x9a, 0xb0, 0xe6, 0x89, 0x16, 0x12, + 0x69, 0x8f, 0x09, 0xbf, 0x40, 0x56, 0x5e, 0xa2, 0xd0, 0x68, 0xdd, 0xcf, 0xa4, 0xcf, 0xf1, 0x4b, + 0xfb, 0x9f, 0xe3, 0xdb, 0xdf, 0xb2, 0xd4, 0xc7, 0x3d, 0x86, 0xfa, 0x36, 0x37, 0x93, 0xf5, 0x6d, + 0x2e, 0xe4, 0x32, 0xcc, 0x3d, 0x0a, 0xdb, 0x5c, 0x85, 0xa1, 0xb9, 0xa0, 0xd9, 0x74, 0xfc, 0x3a, + 0xfa, 0x41, 0x18, 0xaa, 0xf1, 0x9f, 0xc2, 0x87, 0xc6, 0x4e, 0xaa, 0x05, 0x14, 0x4b, 0x18, 0x7a, + 0x04, 0x06, 0x9c, 0xb0, 0x21, 0xfd, 0x66, 0x2c, 0xa2, 0x6c, 0x26, 0x6c, 0x44, 0x98, 0xb5, 0xda, + 0xff, 0x62, 0x00, 0x58, 0x20, 0x87, 0x13, 0x92, 0xfa, 0x5a, 0xc0, 0xca, 0xcc, 0x1e, 0xe9, 0xf9, + 0xae, 0xde, 0xd4, 0xdd, 0xcf, 0x67, 0xbc, 0xc6, 0x39, 0x5f, 0xf1, 0xb8, 0xcf, 0xf9, 0xb2, 0x8f, + 0x6e, 0x07, 0xee, 0xa3, 0xa3, 0x5b, 0xfb, 0x93, 0x16, 0x20, 0x15, 0xfd, 0xa3, 0x63, 0x2b, 0xa6, + 0xa1, 0xa2, 0xe2, 0x80, 0x84, 0x01, 0xa8, 0x45, 0x84, 0x04, 0x60, 0x8d, 0xd3, 0xc7, 0x4e, 0xfe, + 0x71, 0x29, 0xbf, 0x8b, 0xc9, 0x60, 0x7e, 0x26, 0xf5, 0x85, 0x38, 0xb7, 0x7f, 0xb7, 0x00, 0x0f, + 0x70, 0xd3, 0x61, 0xd9, 0xf1, 0x9d, 0x06, 0x69, 0xd2, 0x5e, 0xf5, 0x1b, 0x2d, 0x53, 0xa3, 0x5b, + 0x48, 0x57, 0x86, 0xde, 0x1f, 0x76, 0xed, 0xf2, 0x35, 0xc7, 0x57, 0xd9, 0xa2, 0xef, 0xc6, 0x98, + 0x11, 0x47, 0x11, 0x94, 0xe5, 0x65, 0x2e, 0x42, 0x16, 0xe7, 0xc4, 0x48, 0x89, 0x25, 0xa1, 0x65, + 0x09, 0x56, 0x8c, 0xa8, 0x2a, 0xf5, 0x82, 0xda, 0x16, 0x26, 0xad, 0x20, 0xad, 0x4a, 0x97, 0x44, + 0x3b, 0x56, 0x18, 0x76, 0x13, 0xc6, 0xe5, 0x18, 0xb6, 0xae, 0x90, 0x0e, 0x26, 0x1b, 0x54, 0xff, + 0xd4, 0x64, 0x93, 0x71, 0xbf, 0x8c, 0xd2, 0x3f, 0x73, 0x26, 0x10, 0x27, 0x71, 0x65, 0xe5, 0xd9, + 0x42, 0x76, 0xe5, 0x59, 0xfb, 0x77, 0x2d, 0x48, 0x2b, 0x40, 0xa3, 0xce, 0xa6, 0xb5, 0x67, 0x9d, + 0xcd, 0x03, 0x54, 0xaa, 0xfc, 0x49, 0x18, 0x76, 0x62, 0x6a, 0xe1, 0x70, 0x6f, 0x44, 0xf1, 0xee, + 0x4e, 0xd1, 0x96, 0x83, 0xba, 0xbb, 0xe1, 0x32, 0x2f, 0x84, 0x49, 0xce, 0x7e, 0xdd, 0x82, 0xca, + 0x7c, 0xd8, 0x39, 0x78, 0x0e, 0x54, 0x77, 0x86, 0x53, 0xe1, 0x40, 0x19, 0x4e, 0x32, 0x87, 0xaa, + 0xd8, 0x2b, 0x87, 0xca, 0xfe, 0xeb, 0x01, 0x38, 0xd9, 0x95, 0xd4, 0x87, 0x9e, 0x87, 0x11, 0xf5, + 0x95, 0xa4, 0x0b, 0xb2, 0x62, 0x46, 0xc5, 0x6a, 0x18, 0x4e, 0x60, 0xf6, 0xb1, 0x54, 0x17, 0xe1, + 0x54, 0x48, 0x5e, 0x6d, 0x93, 0x36, 0x99, 0xd9, 0x88, 0x49, 0x58, 0x25, 0xb5, 0xc0, 0xaf, 0xf3, + 0x42, 0xb5, 0xc5, 0xd9, 0x07, 0x6f, 0xef, 0x4e, 0x9e, 0xc2, 0xdd, 0x60, 0x9c, 0xf5, 0x0c, 0x6a, + 0xc1, 0xa8, 0x67, 0xda, 0xce, 0x62, 0xcb, 0x76, 0x57, 0x66, 0xb7, 0x9a, 0xad, 0x89, 0x66, 0x9c, + 0x64, 0x90, 0x34, 0xc0, 0x4b, 0xf7, 0xc8, 0x00, 0xff, 0x88, 0x36, 0xc0, 0x79, 0x50, 0xcc, 0x7b, + 0x72, 0x4e, 0xea, 0xec, 0xc7, 0x02, 0x3f, 0x8c, 0x4d, 0xfd, 0x22, 0x94, 0x65, 0xc0, 0x60, 0x5f, + 0x81, 0x76, 0x26, 0x9d, 0x1e, 0xb2, 0xfd, 0x09, 0x78, 0xf3, 0x85, 0x30, 0x34, 0x06, 0xf3, 0x6a, + 0x10, 0xcf, 0x78, 0x5e, 0x70, 0x8b, 0x9a, 0x2b, 0xd7, 0x22, 0x22, 0x7c, 0x62, 0xf6, 0x9d, 0x02, + 0x64, 0x6c, 0x2f, 0xe9, 0x9a, 0xd4, 0x36, 0x52, 0x62, 0x4d, 0x1e, 0xcc, 0x4e, 0x42, 0x3b, 0x3c, + 0xa8, 0x92, 0x5b, 0x03, 0xef, 0xce, 0x7b, 0x7b, 0xac, 0xe3, 0x2c, 0x95, 0xa4, 0x54, 0xb1, 0x96, + 0xe7, 0x01, 0xb4, 0x69, 0x2b, 0xf2, 0x88, 0x54, 0xa0, 0x84, 0xb6, 0x80, 0xb1, 0x81, 0x85, 0x9e, + 0x83, 0x61, 0xd7, 0x8f, 0x62, 0xc7, 0xf3, 0x2e, 0xb9, 0x7e, 0x2c, 0xdc, 0xbe, 0xca, 0xec, 0x59, + 0xd4, 0x20, 0x6c, 0xe2, 0x9d, 0x7d, 0x9b, 0xf1, 0xfd, 0x0e, 0xf2, 0xdd, 0x37, 0xe1, 0xa1, 0x05, + 0x37, 0x56, 0xd9, 0x6f, 0x6a, 0xbe, 0x51, 0xcb, 0x55, 0xc9, 0x2a, 0xab, 0x67, 0xbe, 0xa7, 0x91, + 0x7d, 0x56, 0x48, 0x26, 0xcb, 0xa5, 0xb3, 0xcf, 0xec, 0xe7, 0xe1, 0xf4, 0x82, 0x1b, 0x5f, 0x74, + 0x3d, 0x72, 0x40, 0x26, 0xf6, 0xef, 0x0c, 0xc2, 0x88, 0x99, 0xe9, 0x7d, 0x10, 0x71, 0xfd, 0x69, + 0x6a, 0x9c, 0x8a, 0xb7, 0x73, 0xd5, 0x89, 0xee, 0x8d, 0x43, 0xa7, 0x9d, 0x67, 0x8f, 0x98, 0x61, + 0x9f, 0x6a, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x05, 0xa5, 0x0d, 0x96, 0x1d, 0x55, 0xcc, 0x23, 0x16, + 0x27, 0x6b, 0x44, 0xf5, 0x72, 0xe4, 0xf9, 0x55, 0x9c, 0x1f, 0xb5, 0x29, 0xc2, 0x64, 0x52, 0xae, + 0x11, 0xb3, 0x2e, 0x94, 0x95, 0xc2, 0xe8, 0xa5, 0x12, 0x4a, 0x77, 0xa1, 0x12, 0x12, 0x02, 0x7a, + 0xf0, 0x1e, 0x09, 0x68, 0x96, 0xe9, 0x16, 0x6f, 0x32, 0x8b, 0x57, 0x24, 0xd9, 0x0c, 0xb1, 0x41, + 0x30, 0x32, 0xdd, 0x12, 0x60, 0x9c, 0xc6, 0x47, 0x1f, 0x54, 0x22, 0xbe, 0x9c, 0x87, 0xc7, 0xdc, + 0x9c, 0xd1, 0x47, 0x2d, 0xdd, 0x3f, 0x59, 0x80, 0xb1, 0x05, 0xbf, 0xbd, 0xba, 0xb0, 0xda, 0x5e, + 0xf7, 0xdc, 0xda, 0x15, 0xd2, 0xa1, 0x22, 0x7c, 0x8b, 0x74, 0x16, 0xe7, 0xc5, 0x0a, 0x52, 0x73, + 0xe6, 0x0a, 0x6d, 0xc4, 0x1c, 0x46, 0x85, 0xd1, 0x86, 0xeb, 0x37, 0x48, 0xd8, 0x0a, 0x5d, 0xe1, + 0xcc, 0x36, 0x84, 0xd1, 0x45, 0x0d, 0xc2, 0x26, 0x1e, 0xa5, 0x1d, 0xdc, 0xf2, 0x49, 0x98, 0x36, + 0xfd, 0x57, 0x68, 0x23, 0xe6, 0x30, 0x8a, 0x14, 0x87, 0x6d, 0xe1, 0x2b, 0x32, 0x90, 0xd6, 0x68, + 0x23, 0xe6, 0x30, 0xba, 0xd2, 0xa3, 0xf6, 0x3a, 0x0b, 0x75, 0x4a, 0x65, 0xf4, 0x54, 0x79, 0x33, + 0x96, 0x70, 0x8a, 0xba, 0x45, 0x3a, 0xf3, 0x4e, 0xec, 0xa4, 0xd3, 0x1e, 0xaf, 0xf0, 0x66, 0x2c, + 0xe1, 0xac, 0x94, 0x6e, 0x72, 0x38, 0xbe, 0xe7, 0x4a, 0xe9, 0x26, 0xbb, 0xdf, 0xc3, 0xe3, 0xf0, + 0xf7, 0x0a, 0x30, 0x62, 0x06, 0x28, 0xa2, 0x46, 0xca, 0x4c, 0x5f, 0xe9, 0xaa, 0xc4, 0xfe, 0xf6, + 0xac, 0x5b, 0x4a, 0x1b, 0x6e, 0x1c, 0xb4, 0xa2, 0xa7, 0x89, 0xdf, 0x70, 0x7d, 0xc2, 0x62, 0x35, + 0x78, 0x60, 0x63, 0x22, 0xfa, 0x71, 0x2e, 0xa8, 0x93, 0xbb, 0xb1, 0xf3, 0xef, 0xc5, 0x4d, 0x2e, + 0x37, 0xe0, 0x64, 0x57, 0x7e, 0x6d, 0x1f, 0x66, 0xcf, 0xbe, 0xf5, 0x0f, 0x6c, 0x0c, 0xc3, 0x94, + 0xb0, 0x2c, 0x21, 0x37, 0x07, 0x27, 0xf9, 0xe2, 0xa5, 0x9c, 0x58, 0xba, 0xa4, 0xca, 0x99, 0x66, + 0xa7, 0x35, 0xd7, 0xd3, 0x40, 0xdc, 0x8d, 0x6f, 0x7f, 0xca, 0x82, 0xd1, 0x44, 0xca, 0x73, 0x4e, + 0x06, 0x1a, 0x5b, 0xdd, 0x01, 0x8b, 0xd1, 0x65, 0x39, 0x13, 0x45, 0xa6, 0xc0, 0xf5, 0xea, 0xd6, + 0x20, 0x6c, 0xe2, 0xd9, 0x9f, 0x2b, 0x40, 0x59, 0x86, 0x14, 0xf5, 0xd1, 0x95, 0x4f, 0x58, 0x30, + 0xaa, 0x4e, 0xc8, 0x98, 0x4b, 0xb3, 0x90, 0x47, 0x06, 0x16, 0xed, 0x81, 0x72, 0x8a, 0xf8, 0x1b, + 0x81, 0xde, 0x2d, 0x60, 0x93, 0x19, 0x4e, 0xf2, 0x46, 0xd7, 0x01, 0xa2, 0x4e, 0x14, 0x93, 0xa6, + 0xe1, 0x5c, 0xb5, 0x8d, 0x59, 0x36, 0x55, 0x0b, 0x42, 0x42, 0xe7, 0xd4, 0xd5, 0xa0, 0x4e, 0xaa, + 0x0a, 0x53, 0x9b, 0x6d, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0x5f, 0x2b, 0xc0, 0x89, 0x74, 0x97, 0xd0, + 0x7b, 0x60, 0x44, 0x72, 0x37, 0x36, 0xe1, 0x32, 0x20, 0x6a, 0x04, 0x1b, 0xb0, 0x3b, 0xbb, 0x93, + 0x93, 0xdd, 0xb7, 0xec, 0x4e, 0x99, 0x28, 0x38, 0x41, 0x8c, 0x1f, 0x53, 0x8a, 0xf3, 0xf4, 0xd9, + 0xce, 0x4c, 0xab, 0x25, 0xce, 0x1a, 0x8d, 0x63, 0x4a, 0x13, 0x8a, 0x53, 0xd8, 0x68, 0x15, 0x4e, + 0x1b, 0x2d, 0x57, 0x89, 0xdb, 0xd8, 0x5c, 0x0f, 0x42, 0xb9, 0xeb, 0x7b, 0x44, 0x87, 0x5f, 0x76, + 0xe3, 0xe0, 0xcc, 0x27, 0xa9, 0x85, 0x51, 0x73, 0x5a, 0x4e, 0xcd, 0x8d, 0x3b, 0xc2, 0x5b, 0xac, + 0xe4, 0xe1, 0x9c, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xd5, 0x01, 0x38, 0xc1, 0xe3, 0x0d, 0x89, 0x0a, + 0xa7, 0x45, 0xef, 0x81, 0x4a, 0x14, 0x3b, 0x21, 0xdf, 0xf2, 0x5b, 0x07, 0x96, 0x01, 0x3a, 0xe1, + 0x59, 0x12, 0xc1, 0x9a, 0x1e, 0x7a, 0x89, 0x55, 0x8b, 0x72, 0xa3, 0x4d, 0x46, 0xbd, 0x70, 0x77, + 0x0e, 0x85, 0x8b, 0x8a, 0x02, 0x36, 0xa8, 0xa1, 0x1f, 0x87, 0x52, 0x6b, 0xd3, 0x89, 0xa4, 0xb7, + 0xeb, 0x09, 0xb9, 0xe0, 0x56, 0x69, 0xe3, 0x9d, 0xdd, 0xc9, 0x33, 0xe9, 0x57, 0x65, 0x00, 0xcc, + 0x1f, 0x32, 0xc5, 0xe5, 0xc0, 0xfe, 0x37, 0x9a, 0xd4, 0xc3, 0x4e, 0xf5, 0xd2, 0x4c, 0xfa, 0x0e, + 0x8c, 0x79, 0xd6, 0x8a, 0x05, 0x94, 0x2e, 0xee, 0x4d, 0xce, 0xb2, 0x4e, 0x91, 0x07, 0x93, 0xaa, + 0xfb, 0x92, 0x06, 0x61, 0x13, 0x0f, 0x7d, 0xb2, 0x3b, 0x1a, 0x75, 0xe8, 0x08, 0x52, 0x15, 0xfa, + 0x8d, 0x43, 0xbd, 0x00, 0x15, 0xd1, 0xd5, 0xb5, 0x00, 0x3d, 0x0f, 0x23, 0xdc, 0x99, 0x32, 0x1b, + 0x3a, 0x7e, 0x6d, 0x33, 0xed, 0x02, 0x59, 0x33, 0x60, 0x38, 0x81, 0x69, 0x2f, 0xc3, 0x40, 0x9f, + 0xd2, 0xaa, 0xaf, 0x9d, 0xed, 0x8b, 0x50, 0xa6, 0xe4, 0xe4, 0xf6, 0x25, 0x0f, 0x92, 0x01, 0x94, + 0xe5, 0xfd, 0x78, 0xc8, 0x86, 0xa2, 0xeb, 0xc8, 0xa8, 0x03, 0xb5, 0x84, 0x16, 0xa3, 0xa8, 0xcd, + 0xa6, 0x1d, 0x05, 0xa2, 0xc7, 0xa1, 0x48, 0x76, 0x5a, 0xe9, 0xf0, 0x82, 0x0b, 0x3b, 0x2d, 0x37, + 0x24, 0x11, 0x45, 0x22, 0x3b, 0x2d, 0x74, 0x16, 0x0a, 0x6e, 0x5d, 0xcc, 0x48, 0x10, 0x38, 0x85, + 0xc5, 0x79, 0x5c, 0x70, 0xeb, 0xf6, 0x0e, 0x54, 0xd4, 0x85, 0x7c, 0x68, 0x4b, 0xda, 0x26, 0x56, + 0x1e, 0xf1, 0xa6, 0x92, 0x6e, 0x0f, 0xab, 0xa4, 0x0d, 0xa0, 0x33, 0xe9, 0xf3, 0xd2, 0x65, 0xe7, + 0x60, 0xa0, 0x16, 0x88, 0x1a, 0x28, 0x65, 0x4d, 0x86, 0x19, 0x25, 0x0c, 0x62, 0xdf, 0x80, 0xb1, + 0x2b, 0x7e, 0x70, 0x8b, 0xdd, 0x9b, 0xc3, 0xca, 0xc4, 0x52, 0xc2, 0x1b, 0xf4, 0x47, 0xda, 0x04, + 0x66, 0x50, 0xcc, 0x61, 0xaa, 0x80, 0x65, 0xa1, 0x57, 0x01, 0x4b, 0xfb, 0x43, 0x16, 0x8c, 0xa8, + 0x94, 0xdc, 0x85, 0xed, 0x2d, 0x4a, 0xb7, 0x11, 0x06, 0xed, 0x56, 0x9a, 0x2e, 0xbb, 0xfb, 0x13, + 0x73, 0x98, 0x99, 0xab, 0x5e, 0xd8, 0x27, 0x57, 0xfd, 0x1c, 0x0c, 0x6c, 0xb9, 0x7e, 0x3d, 0xed, + 0x32, 0xbc, 0xe2, 0xfa, 0x75, 0xcc, 0x20, 0xb4, 0x0b, 0x27, 0x54, 0x17, 0xa4, 0xf1, 0xf1, 0x3c, + 0x8c, 0xac, 0xb7, 0x5d, 0xaf, 0x2e, 0xeb, 0xdf, 0xa6, 0x96, 0xcb, 0xac, 0x01, 0xc3, 0x09, 0x4c, + 0x74, 0x1e, 0x60, 0xdd, 0xf5, 0x9d, 0xb0, 0xb3, 0xaa, 0xad, 0x1d, 0xa5, 0x00, 0x67, 0x15, 0x04, + 0x1b, 0x58, 0xf6, 0x67, 0x8a, 0x30, 0x96, 0x4c, 0x4c, 0xee, 0xc3, 0x7d, 0xf0, 0x38, 0x94, 0x58, + 0xae, 0x72, 0xfa, 0xd3, 0xf2, 0x92, 0xb1, 0x1c, 0x86, 0x22, 0x18, 0xe4, 0x8b, 0x39, 0x9f, 0xfb, + 0x13, 0x55, 0x27, 0x95, 0x9f, 0x91, 0x45, 0xe5, 0x0a, 0xb7, 0xad, 0x60, 0x85, 0x3e, 0x6a, 0xc1, + 0x50, 0xd0, 0x32, 0x0b, 0x1f, 0xbe, 0x3b, 0xcf, 0xa4, 0x6d, 0x91, 0xc9, 0x29, 0x76, 0x7c, 0xea, + 0xd3, 0xcb, 0xcf, 0x21, 0x59, 0x9f, 0xfd, 0x31, 0x18, 0x31, 0x31, 0xf7, 0xdb, 0xf4, 0x95, 0xcd, + 0x4d, 0xdf, 0x27, 0xcc, 0x49, 0x21, 0xd2, 0xd2, 0xfb, 0x58, 0x6e, 0xd7, 0xa0, 0x54, 0x53, 0xa1, + 0x4b, 0x77, 0x55, 0x35, 0x5d, 0x95, 0x6d, 0x62, 0xc7, 0xc2, 0x9c, 0x9a, 0xfd, 0x2d, 0xcb, 0x98, + 0x1f, 0x98, 0x44, 0x8b, 0x75, 0x14, 0x42, 0xb1, 0xb1, 0xbd, 0x25, 0xd4, 0xfc, 0xe5, 0x9c, 0x86, + 0x77, 0x61, 0x7b, 0x4b, 0xcf, 0x71, 0xb3, 0x15, 0x53, 0x66, 0x7d, 0x38, 0xc3, 0x13, 0xd5, 0x0b, + 0x8a, 0xfb, 0x57, 0x2f, 0xb0, 0x5f, 0x2f, 0xc0, 0xc9, 0xae, 0x49, 0x85, 0x5e, 0x83, 0x52, 0x48, + 0xdf, 0x52, 0xbc, 0xde, 0x52, 0x6e, 0xf5, 0x06, 0xa2, 0xc5, 0xba, 0x56, 0x9f, 0xc9, 0x76, 0xcc, + 0x59, 0xa2, 0xcb, 0x80, 0x74, 0x80, 0x9d, 0xf2, 0xc4, 0xf3, 0x57, 0x56, 0x51, 0x38, 0x33, 0x5d, + 0x18, 0x38, 0xe3, 0x29, 0xf4, 0x42, 0xda, 0xa1, 0x5f, 0x4c, 0x9e, 0x24, 0xed, 0xe5, 0x9b, 0xb7, + 0x7f, 0xab, 0x00, 0xa3, 0x89, 0x3a, 0x94, 0xc8, 0x83, 0x32, 0xf1, 0xd8, 0x31, 0x9f, 0x54, 0x36, + 0x87, 0xbd, 0x55, 0x42, 0x29, 0xc8, 0x0b, 0x82, 0x2e, 0x56, 0x1c, 0xee, 0x8f, 0xe0, 0x9c, 0xe7, + 0x61, 0x44, 0x76, 0xe8, 0xdd, 0x4e, 0xd3, 0x13, 0x03, 0xa8, 0xe6, 0xe8, 0x05, 0x03, 0x86, 0x13, + 0x98, 0xf6, 0xef, 0x15, 0x61, 0x82, 0x9f, 0x8b, 0xd6, 0xd5, 0xcc, 0x5b, 0x96, 0xfe, 0x84, 0x5f, + 0xd0, 0xd5, 0x62, 0xad, 0x3c, 0xae, 0x4e, 0xee, 0xc5, 0xa8, 0xaf, 0x98, 0xd2, 0x2f, 0xa6, 0x62, + 0x4a, 0xf9, 0x16, 0xaf, 0x71, 0x44, 0x3d, 0xfa, 0xde, 0x0a, 0x32, 0xfd, 0x27, 0x05, 0x18, 0x4f, + 0xdd, 0x90, 0x85, 0x3e, 0x93, 0xbc, 0x54, 0xc1, 0xca, 0xe3, 0xcc, 0x68, 0xcf, 0x4b, 0x93, 0x0e, + 0x76, 0xb5, 0xc2, 0x3d, 0x5a, 0x2a, 0xf6, 0x37, 0x0b, 0x30, 0x96, 0xbc, 0xda, 0xeb, 0x3e, 0x1c, + 0xa9, 0xb7, 0x42, 0x85, 0xdd, 0x5e, 0xc3, 0x6e, 0xa4, 0xe7, 0x47, 0x4e, 0xfc, 0xa2, 0x10, 0xd9, + 0x88, 0x35, 0xfc, 0xbe, 0xb8, 0xb1, 0xc2, 0xfe, 0x67, 0x16, 0x9c, 0xe1, 0x6f, 0x99, 0x9e, 0x87, + 0x7f, 0x27, 0x6b, 0x74, 0x5f, 0xce, 0xb7, 0x83, 0xa9, 0x2a, 0xc7, 0xfb, 0x8d, 0x2f, 0xbb, 0x40, + 0x5a, 0xf4, 0x36, 0x39, 0x15, 0xee, 0xc3, 0xce, 0x1e, 0x68, 0x32, 0xd8, 0xdf, 0x2c, 0x82, 0xbe, + 0x33, 0x1b, 0xb9, 0x22, 0xeb, 0x3d, 0x97, 0x6a, 0xcf, 0xd5, 0x8e, 0x5f, 0xd3, 0xb7, 0x73, 0x97, + 0x53, 0x49, 0xef, 0x3f, 0x67, 0xc1, 0xb0, 0xeb, 0xbb, 0xb1, 0xeb, 0x30, 0x97, 0x4d, 0x3e, 0x17, + 0xdf, 0x2a, 0x76, 0x8b, 0x9c, 0x72, 0x10, 0x9a, 0xe7, 0x94, 0x8a, 0x19, 0x36, 0x39, 0xa3, 0xf7, + 0x89, 0xb4, 0x8f, 0x62, 0x6e, 0xa5, 0x23, 0xca, 0xa9, 0x5c, 0x8f, 0x16, 0x35, 0xbc, 0xe2, 0x30, + 0xa7, 0x8a, 0x2b, 0x98, 0x92, 0x52, 0x17, 0x07, 0x28, 0xd3, 0x96, 0x35, 0x63, 0xce, 0xc8, 0x8e, + 0x00, 0x75, 0x8f, 0xc5, 0x01, 0x43, 0xea, 0xa7, 0xa1, 0xe2, 0xb4, 0xe3, 0xa0, 0x49, 0x87, 0x49, + 0x1c, 0xa5, 0xea, 0xa4, 0x01, 0x09, 0xc0, 0x1a, 0xc7, 0xfe, 0x4c, 0x09, 0x52, 0x69, 0xe8, 0x68, + 0xc7, 0xbc, 0xef, 0xdd, 0xca, 0xf7, 0xbe, 0x77, 0xd5, 0x99, 0xac, 0x3b, 0xdf, 0x51, 0x43, 0x7a, + 0xbf, 0xb8, 0x8d, 0xf9, 0x62, 0xda, 0xfb, 0xf5, 0x13, 0xfd, 0x9d, 0x2a, 0xd0, 0xb9, 0x3a, 0xcd, + 0xab, 0x78, 0x4d, 0xed, 0xeb, 0x28, 0xdb, 0xef, 0xea, 0xdf, 0x0f, 0x8b, 0x6b, 0x7a, 0x30, 0x89, + 0xda, 0x5e, 0x2c, 0x66, 0xc3, 0x8b, 0x39, 0xae, 0x32, 0x4e, 0x58, 0xd7, 0x72, 0xe1, 0xff, 0xb1, + 0xc1, 0x34, 0xe9, 0xce, 0x1c, 0x3c, 0x52, 0x77, 0xe6, 0x50, 0xae, 0xee, 0xcc, 0xf3, 0x00, 0x6c, + 0x6e, 0xf3, 0xd0, 0xdf, 0x32, 0xf3, 0x32, 0x29, 0x51, 0x88, 0x15, 0x04, 0x1b, 0x58, 0xf6, 0x0f, + 0x43, 0xb2, 0x18, 0x11, 0x9a, 0x94, 0xb5, 0x8f, 0xf8, 0x89, 0x07, 0xcb, 0xba, 0x4a, 0x94, 0x29, + 0xfa, 0x0d, 0x0b, 0xcc, 0x8a, 0x49, 0xe8, 0x55, 0x5e, 0x9a, 0xc9, 0xca, 0xe3, 0x64, 0xdc, 0xa0, + 0x3b, 0xb5, 0xec, 0xb4, 0x52, 0x21, 0x1a, 0xb2, 0x3e, 0xd3, 0xd9, 0xb7, 0x41, 0x59, 0x42, 0x0f, + 0x64, 0xd4, 0x7d, 0x10, 0x4e, 0xc9, 0x0c, 0x6e, 0xe9, 0xa3, 0x17, 0xa7, 0xaa, 0xfb, 0xbb, 0x7e, + 0xa4, 0x3f, 0xa7, 0xd0, 0xcb, 0x9f, 0xd3, 0xc7, 0xad, 0xff, 0xbf, 0x69, 0xc1, 0xb9, 0x74, 0x07, + 0xa2, 0xe5, 0xc0, 0x77, 0xe3, 0x20, 0xac, 0x92, 0x38, 0x76, 0xfd, 0x06, 0xab, 0x48, 0x79, 0xcb, + 0x09, 0xe5, 0xad, 0x24, 0x4c, 0x50, 0xde, 0x70, 0x42, 0x1f, 0xb3, 0x56, 0xd4, 0x81, 0x41, 0x1e, + 0x1f, 0x2a, 0xac, 0xf5, 0x43, 0xae, 0x8d, 0x8c, 0xe1, 0xd0, 0xdb, 0x05, 0x1e, 0x9b, 0x8a, 0x05, + 0x43, 0xfb, 0x3b, 0x16, 0xa0, 0x95, 0x6d, 0x12, 0x86, 0x6e, 0xdd, 0x88, 0x68, 0x65, 0xd7, 0xdd, + 0x19, 0xd7, 0xda, 0x99, 0xf5, 0x05, 0x52, 0xd7, 0xdd, 0x19, 0xff, 0xb2, 0xaf, 0xbb, 0x2b, 0x1c, + 0xec, 0xba, 0x3b, 0xb4, 0x02, 0x67, 0x9a, 0x7c, 0xbb, 0xc1, 0xaf, 0x90, 0xe2, 0x7b, 0x0f, 0x95, + 0x0a, 0xfb, 0xd0, 0xed, 0xdd, 0xc9, 0x33, 0xcb, 0x59, 0x08, 0x38, 0xfb, 0x39, 0xfb, 0x6d, 0x80, + 0x78, 0x20, 0xeb, 0x5c, 0x56, 0x2c, 0x5e, 0x4f, 0xf7, 0x8b, 0xfd, 0x85, 0x12, 0x8c, 0xa7, 0x6a, + 0xd6, 0xd3, 0xad, 0x5e, 0x77, 0xf0, 0xdf, 0xa1, 0xf5, 0x77, 0x77, 0xf7, 0xfa, 0x0a, 0x27, 0xf4, + 0xa1, 0xe4, 0xfa, 0xad, 0x76, 0x9c, 0x4f, 0x26, 0x3e, 0xef, 0xc4, 0x22, 0x25, 0x68, 0xb8, 0x8b, + 0xe9, 0x5f, 0xcc, 0xd9, 0xe4, 0x19, 0x9c, 0x98, 0x30, 0xc6, 0x07, 0xee, 0x91, 0x3b, 0xe0, 0xc3, + 0x3a, 0x54, 0xb0, 0x94, 0x87, 0x63, 0x31, 0x35, 0x59, 0x8e, 0x3a, 0x94, 0xe4, 0x6b, 0x05, 0x18, + 0x36, 0x3e, 0x1a, 0xfa, 0x95, 0x64, 0x3d, 0x41, 0x2b, 0xbf, 0x57, 0x62, 0xf4, 0xa7, 0x74, 0xc5, + 0x40, 0xfe, 0x4a, 0x4f, 0x74, 0x97, 0x12, 0xbc, 0xb3, 0x3b, 0x79, 0x22, 0x55, 0x2c, 0x30, 0x51, + 0x5e, 0xf0, 0xec, 0x07, 0x60, 0x3c, 0x45, 0x26, 0xe3, 0x95, 0xd7, 0xcc, 0x57, 0x3e, 0xb4, 0x5b, + 0xca, 0x1c, 0xb2, 0xaf, 0xd2, 0x21, 0x13, 0x09, 0xc0, 0x81, 0x47, 0xfa, 0xf0, 0xc1, 0xa6, 0xf2, + 0xfc, 0x0b, 0x7d, 0xe6, 0xf9, 0x3f, 0x09, 0xe5, 0x56, 0xe0, 0xb9, 0x35, 0x57, 0x95, 0xf7, 0x65, + 0x95, 0x05, 0x56, 0x45, 0x1b, 0x56, 0x50, 0x74, 0x0b, 0x2a, 0x37, 0x6f, 0xc5, 0xfc, 0xf4, 0x47, + 0xf8, 0xb7, 0xf3, 0x3a, 0xf4, 0x51, 0x46, 0x8b, 0x3a, 0x5e, 0xc2, 0x9a, 0x17, 0xb2, 0x61, 0x90, + 0x29, 0x41, 0x99, 0x0c, 0xc4, 0x7c, 0xef, 0x4c, 0x3b, 0x46, 0x58, 0x40, 0xec, 0x2f, 0x57, 0xe0, + 0x74, 0xd6, 0xc5, 0x21, 0xe8, 0xfd, 0x30, 0xc8, 0xfb, 0x98, 0xcf, 0xdd, 0x54, 0x59, 0x3c, 0x16, + 0x18, 0x41, 0xd1, 0x2d, 0xf6, 0x1b, 0x0b, 0x9e, 0x82, 0xbb, 0xe7, 0xac, 0x8b, 0x19, 0x72, 0x34, + 0xdc, 0x97, 0x1c, 0xcd, 0x7d, 0xc9, 0xe1, 0xdc, 0x3d, 0x67, 0x1d, 0xed, 0x40, 0xa9, 0xe1, 0xc6, + 0xc4, 0x11, 0x4e, 0x84, 0x1b, 0x47, 0xc2, 0x9c, 0x38, 0xdc, 0x4a, 0x63, 0x3f, 0x31, 0x67, 0x88, + 0xbe, 0x64, 0xc1, 0xf8, 0x7a, 0xb2, 0xc0, 0x88, 0x10, 0x9e, 0xce, 0x11, 0x5c, 0x0e, 0x93, 0x64, + 0xc4, 0xef, 0x7b, 0x4c, 0x35, 0xe2, 0x74, 0x77, 0xd0, 0x47, 0x2c, 0x18, 0xda, 0x70, 0x3d, 0xa3, + 0xfa, 0xfe, 0x11, 0x7c, 0x9c, 0x8b, 0x8c, 0x81, 0xde, 0x71, 0xf0, 0xff, 0x11, 0x96, 0x9c, 0x7b, + 0x69, 0xaa, 0xc1, 0xc3, 0x6a, 0xaa, 0xa1, 0x7b, 0xa4, 0xa9, 0x3e, 0x6e, 0x41, 0x45, 0x8d, 0xb4, + 0x28, 0xd4, 0xf0, 0x9e, 0x23, 0xfc, 0xe4, 0xdc, 0x73, 0xa2, 0xfe, 0x62, 0xcd, 0x1c, 0x7d, 0xd6, + 0x82, 0x61, 0xe7, 0xb5, 0x76, 0x48, 0xea, 0x64, 0x3b, 0x68, 0x45, 0xa2, 0x7c, 0xe2, 0xcb, 0xf9, + 0x77, 0x66, 0x86, 0x32, 0x99, 0x27, 0xdb, 0x2b, 0xad, 0x48, 0x24, 0x2a, 0xea, 0x06, 0x6c, 0x76, + 0xc1, 0xde, 0x2d, 0xc0, 0xe4, 0x3e, 0x14, 0xd0, 0xf3, 0x30, 0x12, 0x84, 0x0d, 0xc7, 0x77, 0x5f, + 0x33, 0x2b, 0x06, 0x29, 0x2b, 0x6b, 0xc5, 0x80, 0xe1, 0x04, 0xa6, 0x59, 0x4a, 0xa2, 0xb0, 0x4f, + 0x29, 0x89, 0x73, 0x30, 0x10, 0x92, 0x56, 0x90, 0xde, 0x2c, 0xb0, 0x24, 0x21, 0x06, 0x41, 0x8f, + 0x42, 0xd1, 0x69, 0xb9, 0x22, 0xb4, 0x44, 0xed, 0x81, 0x66, 0x56, 0x17, 0x31, 0x6d, 0x4f, 0x54, + 0xb6, 0x29, 0x1d, 0x4b, 0x65, 0x1b, 0xaa, 0x06, 0xc4, 0xd9, 0xc5, 0xa0, 0x56, 0x03, 0xc9, 0x33, + 0x05, 0xfb, 0xf5, 0x22, 0x3c, 0xba, 0xe7, 0x7c, 0xd1, 0x71, 0xa6, 0xd6, 0x1e, 0x71, 0xa6, 0x72, + 0x78, 0x0a, 0xfb, 0x0d, 0x4f, 0xb1, 0xc7, 0xf0, 0x7c, 0x84, 0x2e, 0x03, 0x59, 0x69, 0x29, 0x9f, + 0xeb, 0x7e, 0x7b, 0x15, 0x6e, 0x12, 0x2b, 0x40, 0x42, 0xb1, 0xe6, 0x4b, 0xf7, 0x00, 0x89, 0x32, + 0x0a, 0xa5, 0x3c, 0xd4, 0x40, 0xcf, 0x6a, 0x47, 0x7c, 0xee, 0xf7, 0xaa, 0xcd, 0x60, 0xff, 0xf6, + 0x00, 0x3c, 0xde, 0x87, 0xf4, 0x36, 0x67, 0xb1, 0xd5, 0xe7, 0x2c, 0xfe, 0x1e, 0xff, 0x4c, 0x1f, + 0xcb, 0xfc, 0x4c, 0x38, 0xff, 0xcf, 0xb4, 0xf7, 0x17, 0x42, 0x4f, 0x41, 0xd9, 0xf5, 0x23, 0x52, + 0x6b, 0x87, 0x3c, 0xe6, 0xde, 0xc8, 0x20, 0x5c, 0x14, 0xed, 0x58, 0x61, 0xd0, 0x3d, 0x5d, 0xcd, + 0xa1, 0xcb, 0x7f, 0x28, 0xa7, 0xb4, 0x79, 0x33, 0x19, 0x91, 0x9b, 0x14, 0x73, 0x33, 0x54, 0x02, + 0x70, 0x36, 0xf6, 0xdf, 0xb5, 0xe0, 0x6c, 0x6f, 0x15, 0x8b, 0x9e, 0x81, 0xe1, 0x75, 0x16, 0xb8, + 0xc5, 0x2e, 0x7a, 0x97, 0x53, 0x87, 0xbd, 0xaf, 0x6e, 0xc6, 0x26, 0x0e, 0x9a, 0x83, 0x93, 0x66, + 0xc4, 0xd7, 0xb2, 0x11, 0x55, 0xc2, 0x9c, 0x00, 0x6b, 0x69, 0x20, 0xee, 0xc6, 0xb7, 0xbf, 0x5b, + 0xcc, 0xee, 0x16, 0x37, 0xc5, 0x0e, 0x32, 0x9b, 0xc5, 0x5c, 0x2d, 0xf4, 0x21, 0x71, 0x8b, 0xc7, + 0x2d, 0x71, 0x07, 0x7a, 0x49, 0x5c, 0x34, 0x0f, 0x27, 0x8c, 0x9b, 0xf8, 0x78, 0x21, 0x05, 0x1e, + 0x65, 0xa8, 0xaa, 0x20, 0xad, 0xa6, 0xe0, 0xb8, 0xeb, 0x89, 0xfb, 0x7c, 0xea, 0xfd, 0x6a, 0x01, + 0x1e, 0xea, 0x69, 0xfd, 0x1e, 0x93, 0x46, 0x31, 0x3f, 0xff, 0xc0, 0xf1, 0x7c, 0x7e, 0xf3, 0xa3, + 0x94, 0xf6, 0xfb, 0x28, 0xf6, 0x1f, 0x17, 0x7a, 0x2e, 0x04, 0xba, 0x13, 0xfa, 0xbe, 0x1d, 0xa5, + 0x17, 0x60, 0xd4, 0x69, 0xb5, 0x38, 0x1e, 0x8b, 0xd8, 0x4e, 0x55, 0x5d, 0x9b, 0x31, 0x81, 0x38, + 0x89, 0xdb, 0x97, 0x4d, 0xf3, 0xa7, 0x16, 0x54, 0x30, 0xd9, 0xe0, 0xd2, 0x08, 0xdd, 0x14, 0x43, + 0x64, 0xe5, 0x51, 0xf7, 0x9a, 0x0e, 0x6c, 0xe4, 0xb2, 0x7a, 0xd0, 0x59, 0x83, 0x7d, 0xd8, 0xbc, + 0x65, 0x75, 0x37, 0x5f, 0xb1, 0xf7, 0xdd, 0x7c, 0xf6, 0xb7, 0x87, 0xe8, 0xeb, 0xb5, 0x82, 0xb9, + 0x90, 0xd4, 0x23, 0xfa, 0x7d, 0xdb, 0xa1, 0x27, 0x26, 0x89, 0xfa, 0xbe, 0xd7, 0xf0, 0x12, 0xa6, + 0xed, 0x89, 0x03, 0xb2, 0xc2, 0x81, 0x6a, 0x4e, 0x15, 0xf7, 0xad, 0x39, 0xf5, 0x02, 0x8c, 0x46, + 0xd1, 0xe6, 0x6a, 0xe8, 0x6e, 0x3b, 0x31, 0xb9, 0x42, 0x3a, 0xc2, 0xf6, 0xd5, 0xf5, 0x57, 0xaa, + 0x97, 0x34, 0x10, 0x27, 0x71, 0xd1, 0x02, 0x9c, 0xd4, 0x95, 0x9f, 0x48, 0x18, 0xb3, 0x9c, 0x22, + 0x3e, 0x13, 0x54, 0xb1, 0x05, 0x5d, 0x2b, 0x4a, 0x20, 0xe0, 0xee, 0x67, 0xa8, 0x3c, 0x4d, 0x34, + 0xd2, 0x8e, 0x0c, 0x26, 0xe5, 0x69, 0x82, 0x0e, 0xed, 0x4b, 0xd7, 0x13, 0x68, 0x19, 0x4e, 0xf1, + 0x89, 0x31, 0xd3, 0x6a, 0x19, 0x6f, 0x34, 0x94, 0xac, 0x37, 0xbc, 0xd0, 0x8d, 0x82, 0xb3, 0x9e, + 0x43, 0xcf, 0xc1, 0xb0, 0x6a, 0x5e, 0x9c, 0x17, 0x67, 0x3b, 0xca, 0xb7, 0xa4, 0xc8, 0x2c, 0xd6, + 0xb1, 0x89, 0x87, 0xde, 0x0d, 0x0f, 0xea, 0xbf, 0x3c, 0xf1, 0x94, 0x1f, 0x78, 0xce, 0x8b, 0xa2, + 0x7a, 0xea, 0x9e, 0xb7, 0x85, 0x4c, 0xb4, 0x3a, 0xee, 0xf5, 0x3c, 0x5a, 0x87, 0xb3, 0x0a, 0x74, + 0xc1, 0x8f, 0x59, 0x16, 0x59, 0x44, 0x66, 0x9d, 0x88, 0x5c, 0x0b, 0x3d, 0x56, 0x86, 0xaf, 0xa2, + 0x2f, 0x0b, 0x5f, 0x70, 0xe3, 0x4b, 0x59, 0x98, 0x78, 0x09, 0xef, 0x41, 0x05, 0x4d, 0x43, 0x85, + 0xf8, 0xce, 0xba, 0x47, 0x56, 0xe6, 0x16, 0x59, 0x71, 0x3e, 0xe3, 0x7c, 0xf5, 0x82, 0x04, 0x60, + 0x8d, 0xa3, 0xe2, 0x7e, 0x47, 0x7a, 0x5e, 0x5c, 0xbf, 0x0a, 0xa7, 0x1b, 0xb5, 0x16, 0xb5, 0x08, + 0xdd, 0x1a, 0x99, 0xa9, 0xb1, 0x30, 0x47, 0xfa, 0x61, 0x78, 0x21, 0x68, 0x95, 0x40, 0xb1, 0x30, + 0xb7, 0xda, 0x85, 0x83, 0x33, 0x9f, 0x64, 0xe1, 0xb0, 0x61, 0xb0, 0xd3, 0x99, 0x38, 0x95, 0x0a, + 0x87, 0xa5, 0x8d, 0x98, 0xc3, 0xd0, 0x65, 0x40, 0x2c, 0x1b, 0xe7, 0x52, 0x1c, 0xb7, 0x94, 0x09, + 0x3a, 0x71, 0x3a, 0x59, 0x62, 0xeb, 0x62, 0x17, 0x06, 0xce, 0x78, 0x8a, 0x5a, 0x34, 0x7e, 0xc0, + 0xa8, 0x4f, 0x3c, 0x98, 0xb4, 0x68, 0xae, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x9f, 0x58, 0x30, 0xaa, + 0x96, 0xf6, 0x31, 0xa4, 0xcb, 0x79, 0xc9, 0x74, 0xb9, 0x85, 0xc3, 0x0b, 0x47, 0xd6, 0xf3, 0x1e, + 0x31, 0xe9, 0x5f, 0x1b, 0x06, 0xd0, 0x02, 0x54, 0xe9, 0x2e, 0xab, 0xa7, 0xee, 0xba, 0x6f, 0x85, + 0x57, 0x56, 0x31, 0xac, 0xd2, 0xbd, 0x2d, 0x86, 0x55, 0x85, 0x33, 0xd2, 0xb2, 0xe0, 0x87, 0x7d, + 0x97, 0x82, 0x48, 0xc9, 0xc2, 0xf2, 0xec, 0xa3, 0x82, 0xd0, 0x99, 0xc5, 0x2c, 0x24, 0x9c, 0xfd, + 0x6c, 0xc2, 0xa0, 0x19, 0xda, 0xd7, 0xca, 0x54, 0xcb, 0x7f, 0x69, 0x43, 0xde, 0x6e, 0x96, 0x5a, + 0xfe, 0x4b, 0x17, 0xab, 0x58, 0xe3, 0x64, 0xeb, 0x80, 0x4a, 0x4e, 0x3a, 0x00, 0x0e, 0xac, 0x03, + 0xa4, 0x34, 0x1a, 0xee, 0x29, 0x8d, 0xe4, 0xa1, 0xc2, 0x48, 0xcf, 0x43, 0x85, 0x77, 0xc0, 0x98, + 0xeb, 0x6f, 0x92, 0xd0, 0x8d, 0x49, 0x9d, 0xad, 0x05, 0x26, 0xa9, 0xca, 0xda, 0x02, 0x58, 0x4c, + 0x40, 0x71, 0x0a, 0x3b, 0x29, 0x42, 0xc7, 0xfa, 0x10, 0xa1, 0x3d, 0x14, 0xd7, 0x78, 0x3e, 0x8a, + 0xeb, 0xc4, 0xe1, 0x15, 0xd7, 0xc9, 0x23, 0x55, 0x5c, 0x28, 0x17, 0xc5, 0xd5, 0x97, 0x4e, 0x30, + 0x76, 0xa6, 0xa7, 0xf7, 0xd9, 0x99, 0xf6, 0xd2, 0x5a, 0x67, 0xee, 0x5a, 0x6b, 0x65, 0x2b, 0xa4, + 0x07, 0x8e, 0x5a, 0x21, 0x7d, 0xbc, 0x00, 0x67, 0xb4, 0xc8, 0xa6, 0x0b, 0xc5, 0xdd, 0xa0, 0x42, + 0x8b, 0xdd, 0xa5, 0xc9, 0xcf, 0xe8, 0x8c, 0xa4, 0x4b, 0x9d, 0xbf, 0xa9, 0x20, 0xd8, 0xc0, 0x62, + 0xb9, 0x8b, 0x24, 0x64, 0x85, 0xe7, 0xd3, 0xf2, 0x7c, 0x4e, 0xb4, 0x63, 0x85, 0x41, 0xa7, 0x22, + 0xfd, 0x2d, 0x72, 0xd0, 0xd3, 0x25, 0x4d, 0xe7, 0x34, 0x08, 0x9b, 0x78, 0xe8, 0x49, 0xce, 0x84, + 0xc9, 0x12, 0x2a, 0xd3, 0x47, 0xf8, 0x46, 0x44, 0x89, 0x0f, 0x05, 0x95, 0xdd, 0x61, 0x49, 0xaa, + 0xa5, 0xee, 0xee, 0xb0, 0x70, 0x37, 0x85, 0x61, 0xff, 0x4f, 0x0b, 0x1e, 0xca, 0x1c, 0x8a, 0x63, + 0xd0, 0xd3, 0x3b, 0x49, 0x3d, 0x5d, 0xcd, 0x6b, 0x13, 0x63, 0xbc, 0x45, 0x0f, 0x9d, 0xfd, 0x9f, + 0x2c, 0x18, 0xd3, 0xf8, 0xc7, 0xf0, 0xaa, 0x6e, 0xf2, 0x55, 0xf3, 0xdb, 0xaf, 0x55, 0xba, 0xde, + 0xed, 0xf7, 0x0a, 0xa0, 0xca, 0x0c, 0xcf, 0xd4, 0x64, 0x11, 0xf7, 0x7d, 0x4e, 0x8d, 0x3b, 0x30, + 0xc8, 0x0e, 0xbd, 0xa3, 0x7c, 0x02, 0x7a, 0x92, 0xfc, 0xd9, 0x01, 0xba, 0x0e, 0x28, 0x60, 0x7f, + 0x23, 0x2c, 0x18, 0xb2, 0x6b, 0x11, 0x78, 0x05, 0xd7, 0xba, 0x48, 0xc1, 0xd3, 0xd7, 0x22, 0x88, + 0x76, 0xac, 0x30, 0xa8, 0x26, 0x71, 0x6b, 0x81, 0x3f, 0xe7, 0x39, 0x91, 0xbc, 0x5e, 0x5b, 0x69, + 0x92, 0x45, 0x09, 0xc0, 0x1a, 0x87, 0x9d, 0x87, 0xbb, 0x51, 0xcb, 0x73, 0x3a, 0xc6, 0xae, 0xdc, + 0xa8, 0xb5, 0xa2, 0x40, 0xd8, 0xc4, 0xb3, 0x9b, 0x30, 0x91, 0x7c, 0x89, 0x79, 0xb2, 0xc1, 0x82, + 0x51, 0xfb, 0x1a, 0xce, 0x69, 0xa8, 0x38, 0xec, 0xa9, 0xa5, 0xb6, 0x23, 0x64, 0x82, 0x0e, 0xc9, + 0x94, 0x00, 0xac, 0x71, 0xec, 0x7f, 0x6a, 0xc1, 0xa9, 0x8c, 0x41, 0xcb, 0x31, 0xc5, 0x31, 0xd6, + 0xd2, 0x26, 0xcb, 0x06, 0xf8, 0x21, 0x18, 0xaa, 0x93, 0x0d, 0x47, 0x86, 0x3b, 0x1a, 0xd2, 0x73, + 0x9e, 0x37, 0x63, 0x09, 0xb7, 0x7f, 0xab, 0x00, 0xe3, 0xc9, 0xbe, 0x46, 0x2c, 0x6d, 0x88, 0x0f, + 0x93, 0x1b, 0xd5, 0x82, 0x6d, 0x12, 0x76, 0xe8, 0x9b, 0x5b, 0xa9, 0xb4, 0xa1, 0x2e, 0x0c, 0x9c, + 0xf1, 0x14, 0x2b, 0x32, 0x5e, 0x57, 0xa3, 0x2d, 0x67, 0xe4, 0xf5, 0x3c, 0x67, 0xa4, 0xfe, 0x98, + 0x66, 0x68, 0x84, 0x62, 0x89, 0x4d, 0xfe, 0xd4, 0x16, 0x61, 0x71, 0xd8, 0xb3, 0x6d, 0xd7, 0x8b, + 0x5d, 0x5f, 0xbc, 0xb2, 0x98, 0xab, 0xca, 0x16, 0x59, 0xee, 0x46, 0xc1, 0x59, 0xcf, 0xd9, 0xdf, + 0x19, 0x00, 0x95, 0xbe, 0xcf, 0x42, 0xd7, 0x72, 0x0a, 0xfc, 0x3b, 0x68, 0xf2, 0x99, 0x9a, 0x5b, + 0x03, 0x7b, 0xc5, 0x92, 0x70, 0x57, 0x8e, 0xe9, 0xcf, 0x55, 0x03, 0xb6, 0xa6, 0x41, 0xd8, 0xc4, + 0xa3, 0x3d, 0xf1, 0xdc, 0x6d, 0xc2, 0x1f, 0x1a, 0x4c, 0xf6, 0x64, 0x49, 0x02, 0xb0, 0xc6, 0xa1, + 0x3d, 0xa9, 0xbb, 0x1b, 0x1b, 0xc2, 0x2f, 0xa1, 0x7a, 0x42, 0x47, 0x07, 0x33, 0x08, 0xbf, 0x86, + 0x22, 0xd8, 0x12, 0xf6, 0xb7, 0x71, 0x0d, 0x45, 0xb0, 0x85, 0x19, 0x84, 0x7e, 0x25, 0x3f, 0x08, + 0x9b, 0x8e, 0xe7, 0xbe, 0x46, 0xea, 0x8a, 0x8b, 0xb0, 0xbb, 0xd5, 0x57, 0xba, 0xda, 0x8d, 0x82, + 0xb3, 0x9e, 0xa3, 0x13, 0xba, 0x15, 0x92, 0xba, 0x5b, 0x8b, 0x4d, 0x6a, 0x90, 0x9c, 0xd0, 0xab, + 0x5d, 0x18, 0x38, 0xe3, 0x29, 0x34, 0x03, 0xe3, 0xb2, 0xfc, 0x82, 0x2c, 0xe8, 0x35, 0x9c, 0x2c, + 0x20, 0x84, 0x93, 0x60, 0x9c, 0xc6, 0xa7, 0x42, 0xb2, 0x29, 0xca, 0x11, 0x32, 0x33, 0xdd, 0x10, + 0x92, 0xb2, 0x4c, 0x21, 0x56, 0x18, 0xf6, 0x87, 0x8b, 0x54, 0xa9, 0xf7, 0xa8, 0xfa, 0x79, 0x6c, + 0x81, 0xa6, 0xc9, 0x19, 0x39, 0xd0, 0xc7, 0x8c, 0x7c, 0x16, 0x46, 0x6e, 0x46, 0x81, 0xaf, 0x82, + 0x38, 0x4b, 0x3d, 0x83, 0x38, 0x0d, 0xac, 0xec, 0x20, 0xce, 0xc1, 0xbc, 0x82, 0x38, 0x87, 0xee, + 0x32, 0x88, 0xf3, 0x0f, 0x4a, 0xa0, 0xee, 0x19, 0xbb, 0x4a, 0xe2, 0x5b, 0x41, 0xb8, 0xe5, 0xfa, + 0x0d, 0x56, 0x4a, 0xe0, 0x4b, 0x96, 0xac, 0x46, 0xb0, 0x64, 0x26, 0xe1, 0x6d, 0xe4, 0x74, 0x57, + 0x54, 0x82, 0xd9, 0xd4, 0x9a, 0xc1, 0x28, 0x75, 0x1d, 0xba, 0x09, 0xc2, 0x89, 0x1e, 0xa1, 0x0f, + 0x00, 0x48, 0x27, 0xee, 0x86, 0x94, 0xc0, 0x8b, 0xf9, 0xf4, 0x0f, 0x93, 0x0d, 0x6d, 0x52, 0xaf, + 0x29, 0x26, 0xd8, 0x60, 0x88, 0x3e, 0xae, 0x13, 0x14, 0x79, 0xb6, 0xc7, 0xfb, 0x8e, 0x64, 0x6c, + 0xfa, 0x49, 0x4f, 0xc4, 0x30, 0xe4, 0xfa, 0x0d, 0x3a, 0x4f, 0x44, 0xb0, 0xdb, 0x5b, 0xb2, 0x4a, + 0xbe, 0x2c, 0x05, 0x4e, 0x7d, 0xd6, 0xf1, 0x1c, 0xbf, 0x46, 0xc2, 0x45, 0x8e, 0xae, 0x35, 0xa8, + 0x68, 0xc0, 0x92, 0x50, 0xd7, 0x65, 0x68, 0xa5, 0x7e, 0x2e, 0x43, 0x3b, 0xfb, 0x4e, 0x38, 0xd9, + 0xf5, 0x31, 0x0f, 0x94, 0x8d, 0x78, 0xf7, 0x89, 0x8c, 0xf6, 0x6f, 0x0f, 0x6a, 0xa5, 0x75, 0x35, + 0xa8, 0xf3, 0xbb, 0xb5, 0x42, 0xfd, 0x45, 0x85, 0xc9, 0x9c, 0xe3, 0x14, 0x51, 0x6a, 0xc6, 0x68, + 0xc4, 0x26, 0x4b, 0x3a, 0x47, 0x5b, 0x4e, 0x48, 0xfc, 0xa3, 0x9e, 0xa3, 0xab, 0x8a, 0x09, 0x36, + 0x18, 0xa2, 0xcd, 0x44, 0x3a, 0xd2, 0xc5, 0xc3, 0xa7, 0x23, 0xb1, 0x02, 0x7c, 0x59, 0x57, 0xd0, + 0x7c, 0xd6, 0x82, 0x31, 0x3f, 0x31, 0x73, 0xf3, 0x89, 0x40, 0xce, 0x5e, 0x15, 0xfc, 0x9a, 0xca, + 0x64, 0x1b, 0x4e, 0xf1, 0xcf, 0x52, 0x69, 0xa5, 0x03, 0xaa, 0x34, 0x7d, 0xb7, 0xdf, 0x60, 0xaf, + 0xbb, 0xfd, 0x90, 0xaf, 0x6e, 0x5c, 0x1d, 0xca, 0xfd, 0xc6, 0x55, 0xc8, 0xb8, 0x6d, 0xf5, 0x06, + 0x54, 0x6a, 0x21, 0x71, 0xe2, 0xbb, 0xbc, 0x7c, 0x93, 0xc5, 0x76, 0xcc, 0x49, 0x02, 0x58, 0xd3, + 0xb2, 0xff, 0xcf, 0x00, 0x9c, 0x90, 0x23, 0x22, 0xb3, 0x17, 0xa8, 0x7e, 0xe4, 0x7c, 0xb5, 0xad, + 0xac, 0xf4, 0xe3, 0x25, 0x09, 0xc0, 0x1a, 0x87, 0xda, 0x63, 0xed, 0x88, 0xac, 0xb4, 0x88, 0xbf, + 0xe4, 0xae, 0x47, 0xe2, 0x30, 0x56, 0x2d, 0x94, 0x6b, 0x1a, 0x84, 0x4d, 0x3c, 0x6a, 0xdb, 0x3b, + 0x86, 0xd1, 0x6a, 0xd8, 0xf6, 0xd2, 0x50, 0x95, 0x70, 0xf4, 0x4b, 0x99, 0x65, 0xc8, 0xf3, 0xc9, + 0xf9, 0xeb, 0x4a, 0xda, 0x38, 0xe0, 0xd5, 0xd1, 0xff, 0xc8, 0x82, 0x33, 0xbc, 0x55, 0x8e, 0xe4, + 0xb5, 0x56, 0xdd, 0x89, 0x49, 0x94, 0xcf, 0xf5, 0x25, 0x19, 0xfd, 0xd3, 0xee, 0xe5, 0x2c, 0xb6, + 0x38, 0xbb, 0x37, 0xe8, 0x33, 0x16, 0x8c, 0x6f, 0x25, 0xca, 0xc5, 0x48, 0xd5, 0x71, 0xd8, 0x4a, + 0x0e, 0x09, 0xa2, 0x7a, 0xa9, 0x25, 0xdb, 0x23, 0x9c, 0xe6, 0x6e, 0xff, 0x0f, 0x0b, 0x4c, 0x31, + 0x7a, 0xfc, 0x55, 0x66, 0x0e, 0x6e, 0x0a, 0x4a, 0xeb, 0xb2, 0xd4, 0xd3, 0xba, 0x7c, 0x14, 0x8a, + 0x6d, 0xb7, 0x2e, 0xf6, 0x17, 0xfa, 0x88, 0x78, 0x71, 0x1e, 0xd3, 0x76, 0xfb, 0x5f, 0x95, 0xb4, + 0x1b, 0x44, 0xa4, 0xd4, 0x7d, 0x5f, 0xbc, 0xf6, 0x86, 0xaa, 0xc3, 0xc8, 0xdf, 0xfc, 0x6a, 0x57, + 0x1d, 0xc6, 0x1f, 0x3f, 0x78, 0xc6, 0x24, 0x1f, 0xa0, 0x5e, 0x65, 0x18, 0x87, 0xf6, 0x49, 0x97, + 0xbc, 0x09, 0x65, 0xba, 0x05, 0x63, 0xfe, 0xcc, 0x72, 0xa2, 0x53, 0xe5, 0x4b, 0xa2, 0xfd, 0xce, + 0xee, 0xe4, 0x8f, 0x1d, 0xbc, 0x5b, 0xf2, 0x69, 0xac, 0xe8, 0xa3, 0x08, 0x2a, 0xf4, 0x37, 0xcb, + 0xec, 0x14, 0x9b, 0xbb, 0x6b, 0x4a, 0x66, 0x4a, 0x40, 0x2e, 0x69, 0xa3, 0x9a, 0x0f, 0xf2, 0xa1, + 0xc2, 0x6e, 0xd9, 0x67, 0x4c, 0xf9, 0x1e, 0x70, 0x55, 0xe5, 0x57, 0x4a, 0xc0, 0x9d, 0xdd, 0xc9, + 0x17, 0x0e, 0xce, 0x54, 0x3d, 0x8e, 0x35, 0x0b, 0xfb, 0x6f, 0x06, 0xf4, 0xdc, 0x15, 0xe5, 0x37, + 0xbf, 0x2f, 0xe6, 0xee, 0xf3, 0xa9, 0xb9, 0x7b, 0xae, 0x6b, 0xee, 0x8e, 0xe9, 0x2b, 0xd8, 0x13, + 0xb3, 0xf1, 0xb8, 0x0d, 0x81, 0xfd, 0xfd, 0x0d, 0xcc, 0x02, 0x7a, 0xb5, 0xed, 0x86, 0x24, 0x5a, + 0x0d, 0xdb, 0xbe, 0xeb, 0x37, 0xd8, 0x74, 0x2c, 0x9b, 0x16, 0x50, 0x02, 0x8c, 0xd3, 0xf8, 0x74, + 0x53, 0x4f, 0xbf, 0xf9, 0x0d, 0x67, 0x9b, 0xcf, 0x2a, 0xa3, 0x62, 0x5b, 0x55, 0xb4, 0x63, 0x85, + 0x81, 0x36, 0xe1, 0x11, 0x49, 0x60, 0x9e, 0x78, 0x44, 0xdc, 0xa1, 0xbe, 0xe1, 0x86, 0x4d, 0x1e, + 0x20, 0xce, 0x23, 0x13, 0xde, 0x2c, 0x28, 0x3c, 0x82, 0xf7, 0xc0, 0xc5, 0x7b, 0x52, 0xb2, 0xbf, + 0xca, 0xce, 0xeb, 0x8d, 0xe4, 0x75, 0x3a, 0xfb, 0x3c, 0xb7, 0xe9, 0xca, 0xc2, 0x72, 0x6a, 0xf6, + 0x2d, 0xd1, 0x46, 0xcc, 0x61, 0xe8, 0x16, 0x0c, 0xad, 0xf3, 0xab, 0x6e, 0xf3, 0xb9, 0x56, 0x43, + 0xdc, 0x9b, 0xcb, 0xaa, 0xb3, 0xca, 0x4b, 0x74, 0xef, 0xe8, 0x9f, 0x58, 0x72, 0xb3, 0xbf, 0x51, + 0x82, 0xf1, 0xd4, 0xbd, 0xf6, 0x89, 0x92, 0xd5, 0x85, 0x7d, 0x4b, 0x56, 0xbf, 0x17, 0xa0, 0x4e, + 0x5a, 0x5e, 0xd0, 0x61, 0x86, 0xdf, 0xc0, 0x81, 0x0d, 0x3f, 0xb5, 0x57, 0x98, 0x57, 0x54, 0xb0, + 0x41, 0x51, 0x54, 0xd3, 0xe3, 0x15, 0xb0, 0x53, 0xd5, 0xf4, 0x8c, 0xcb, 0x77, 0x06, 0x8f, 0xf7, + 0xf2, 0x1d, 0x17, 0xc6, 0x79, 0x17, 0x55, 0x8a, 0xf8, 0x5d, 0x64, 0x82, 0xb3, 0x24, 0x9b, 0xf9, + 0x24, 0x19, 0x9c, 0xa6, 0x6b, 0xde, 0xac, 0x53, 0x3e, 0xee, 0x9b, 0x75, 0xde, 0x0a, 0x15, 0xf9, + 0x9d, 0xa3, 0x89, 0x8a, 0x2e, 0xb3, 0x21, 0xa7, 0x41, 0x84, 0x35, 0xbc, 0xab, 0xda, 0x05, 0xdc, + 0xab, 0x6a, 0x17, 0xf6, 0xa7, 0x0b, 0x74, 0xc7, 0xc0, 0xfb, 0xa5, 0x0a, 0x37, 0x3d, 0x01, 0x83, + 0x4e, 0x3b, 0xde, 0x0c, 0xba, 0x2e, 0xcb, 0x9d, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x12, 0x0c, 0xd4, + 0x75, 0x31, 0x9e, 0x83, 0x7c, 0x4f, 0xed, 0x7c, 0x75, 0x62, 0x82, 0x19, 0x15, 0xf4, 0x08, 0x0c, + 0xc4, 0x4e, 0x43, 0xe6, 0x05, 0xb2, 0x5c, 0xf0, 0x35, 0xa7, 0x11, 0x61, 0xd6, 0x7a, 0x90, 0x02, + 0xa4, 0x2f, 0xc0, 0x68, 0xe4, 0x36, 0x7c, 0x27, 0x6e, 0x87, 0xc4, 0x38, 0x9f, 0xd4, 0xd1, 0x29, + 0x26, 0x10, 0x27, 0x71, 0xed, 0xdf, 0x19, 0x81, 0xd3, 0xd5, 0xb9, 0x65, 0x79, 0x85, 0xc2, 0x91, + 0xa5, 0xf6, 0x65, 0xf1, 0x38, 0xbe, 0xd4, 0xbe, 0x1e, 0xdc, 0x3d, 0x23, 0xb5, 0xcf, 0x33, 0x52, + 0xfb, 0x92, 0x79, 0x56, 0xc5, 0x3c, 0xf2, 0xac, 0xb2, 0x7a, 0xd0, 0x4f, 0x9e, 0xd5, 0x91, 0xe5, + 0xfa, 0xed, 0xd9, 0xa1, 0x03, 0xe5, 0xfa, 0xa9, 0x44, 0xc8, 0x5c, 0x32, 0x60, 0x7a, 0x7c, 0xaa, + 0xcc, 0x44, 0x48, 0x95, 0x84, 0xc6, 0xb3, 0xbb, 0x84, 0xa8, 0x7f, 0x39, 0xff, 0x0e, 0xf4, 0x91, + 0x84, 0x26, 0x12, 0xcc, 0xcc, 0xc4, 0xc7, 0xa1, 0x3c, 0x12, 0x1f, 0xb3, 0xba, 0xb3, 0x6f, 0xe2, + 0xe3, 0x0b, 0x30, 0x5a, 0xf3, 0x02, 0x9f, 0xac, 0x86, 0x41, 0x1c, 0xd4, 0x02, 0x79, 0x5d, 0xa7, + 0xbe, 0x6d, 0xca, 0x04, 0xe2, 0x24, 0x6e, 0xaf, 0xac, 0xc9, 0xca, 0x61, 0xb3, 0x26, 0xe1, 0x1e, + 0x65, 0x4d, 0xfe, 0xac, 0xce, 0xef, 0x1f, 0x66, 0x5f, 0xe4, 0xbd, 0xf9, 0x7f, 0x91, 0xbe, 0xee, + 0xe3, 0x7c, 0x9d, 0xdf, 0x56, 0x4b, 0x4d, 0xf0, 0xb9, 0xa0, 0x49, 0x0d, 0xbf, 0x11, 0x36, 0x24, + 0xaf, 0x1c, 0xc1, 0x84, 0xbd, 0x51, 0xd5, 0x6c, 0xd4, 0x0d, 0xb6, 0xba, 0x09, 0x27, 0x3b, 0x72, + 0x98, 0xfa, 0x03, 0x5f, 0x28, 0xc0, 0x0f, 0xec, 0xdb, 0x05, 0x74, 0x0b, 0x20, 0x76, 0x1a, 0x62, + 0xa2, 0x8a, 0xa3, 0x99, 0x43, 0x86, 0x90, 0xae, 0x49, 0x7a, 0xbc, 0x70, 0x8e, 0xfa, 0xcb, 0x0e, + 0x3d, 0xe4, 0x6f, 0x16, 0x39, 0x1a, 0x78, 0x5d, 0xf5, 0x45, 0x71, 0xe0, 0x11, 0xcc, 0x20, 0x54, + 0xfd, 0x87, 0xa4, 0x41, 0x4d, 0xda, 0x62, 0x52, 0xfd, 0x63, 0xd6, 0x8a, 0x05, 0x14, 0x3d, 0x07, + 0xc3, 0x8e, 0xe7, 0xf1, 0xf4, 0x24, 0x12, 0x89, 0x6b, 0xe0, 0x74, 0xa1, 0x43, 0x0d, 0xc2, 0x26, + 0x9e, 0xfd, 0x57, 0x05, 0x98, 0xdc, 0x47, 0xa6, 0x74, 0xa5, 0xa5, 0x96, 0xfa, 0x4e, 0x4b, 0x15, + 0x29, 0x1b, 0x83, 0x3d, 0x52, 0x36, 0x9e, 0x83, 0xe1, 0x98, 0x38, 0x4d, 0x11, 0x74, 0x26, 0x7c, + 0x0e, 0xfa, 0xac, 0x59, 0x83, 0xb0, 0x89, 0x47, 0xa5, 0xd8, 0x98, 0x53, 0xab, 0x91, 0x28, 0x92, + 0x39, 0x19, 0xc2, 0x6f, 0x9b, 0x5b, 0xc2, 0x07, 0x73, 0x87, 0xcf, 0x24, 0x58, 0xe0, 0x14, 0xcb, + 0xf4, 0x80, 0x57, 0xfa, 0x1c, 0xf0, 0x2f, 0x17, 0xe0, 0xd1, 0x3d, 0xb5, 0x5b, 0xdf, 0xe9, 0x32, + 0xed, 0x88, 0x84, 0xe9, 0x89, 0x73, 0x2d, 0x22, 0x21, 0x66, 0x10, 0x3e, 0x4a, 0xad, 0x96, 0x0a, + 0x18, 0xce, 0x3f, 0x77, 0x8c, 0x8f, 0x52, 0x82, 0x05, 0x4e, 0xb1, 0xbc, 0xdb, 0x69, 0xf9, 0x8d, + 0x01, 0x78, 0xbc, 0x0f, 0x1b, 0x20, 0xc7, 0x1c, 0xbb, 0x64, 0x3e, 0x68, 0xf1, 0x1e, 0xe5, 0x83, + 0xde, 0xdd, 0x70, 0xbd, 0x91, 0x46, 0xda, 0x57, 0x2e, 0xdf, 0x57, 0x0b, 0x70, 0xb6, 0xb7, 0xc1, + 0x82, 0xde, 0x0e, 0xe3, 0xa1, 0x0a, 0xb2, 0x33, 0x53, 0x49, 0x4f, 0x71, 0xcf, 0x4e, 0x02, 0x84, + 0xd3, 0xb8, 0x68, 0x0a, 0xa0, 0xe5, 0xc4, 0x9b, 0xd1, 0x85, 0x1d, 0x37, 0x8a, 0x45, 0x41, 0xa9, + 0x31, 0x7e, 0x96, 0x28, 0x5b, 0xb1, 0x81, 0x41, 0xd9, 0xb1, 0x7f, 0xf3, 0xc1, 0xd5, 0x20, 0xe6, + 0x0f, 0xf1, 0xcd, 0xd6, 0x29, 0x79, 0xbd, 0x94, 0x01, 0xc2, 0x69, 0x5c, 0xca, 0x8e, 0x9d, 0x56, + 0xf3, 0x8e, 0xf2, 0x5d, 0x18, 0x63, 0xb7, 0xa4, 0x5a, 0xb1, 0x81, 0x91, 0x4e, 0x92, 0x2d, 0xed, + 0x9f, 0x24, 0x6b, 0xff, 0xcb, 0x02, 0x3c, 0xd4, 0xd3, 0xe0, 0xed, 0x4f, 0x4c, 0xdd, 0x7f, 0x89, + 0xad, 0x77, 0xb9, 0xc2, 0x0e, 0x96, 0x10, 0xf9, 0xa7, 0x3d, 0x66, 0x9a, 0x48, 0x88, 0xbc, 0xfb, + 0x3a, 0x0f, 0xf7, 0xdf, 0x78, 0x76, 0xe5, 0x40, 0x0e, 0x1c, 0x20, 0x07, 0x32, 0xf5, 0x31, 0x4a, + 0x7d, 0x6a, 0x87, 0x3f, 0x1f, 0xe8, 0x39, 0xbc, 0x74, 0x83, 0xdc, 0x97, 0xdf, 0x7c, 0x1e, 0x4e, + 0xb8, 0x3e, 0xbb, 0x6a, 0xb0, 0xda, 0x5e, 0x17, 0x35, 0x86, 0x78, 0x21, 0x4d, 0x95, 0x68, 0xb1, + 0x98, 0x82, 0xe3, 0xae, 0x27, 0xee, 0xc3, 0x9c, 0xd4, 0xbb, 0x1b, 0xd2, 0x03, 0x4a, 0xee, 0x15, + 0x38, 0x23, 0x87, 0x62, 0xd3, 0x09, 0x49, 0x5d, 0x28, 0xdb, 0x48, 0xa4, 0xd6, 0x3c, 0xc4, 0xd3, + 0x73, 0x32, 0x10, 0x70, 0xf6, 0x73, 0xec, 0x76, 0xb7, 0xa0, 0xe5, 0xd6, 0xc4, 0x56, 0x50, 0xdf, + 0xee, 0x46, 0x1b, 0x31, 0x87, 0x69, 0x7d, 0x51, 0x39, 0x1e, 0x7d, 0xf1, 0x5e, 0xa8, 0xa8, 0xf1, + 0xe6, 0x59, 0x02, 0x6a, 0x92, 0x77, 0x65, 0x09, 0xa8, 0x19, 0x6e, 0x60, 0xed, 0x77, 0x33, 0xf2, + 0x8f, 0xc0, 0x88, 0xf2, 0x7e, 0xf5, 0x7b, 0xc7, 0x9e, 0xfd, 0x7f, 0x0b, 0x90, 0xba, 0x05, 0x07, + 0xed, 0x40, 0xa5, 0x2e, 0xef, 0x26, 0xce, 0xa7, 0x90, 0xab, 0xba, 0xea, 0x58, 0x1f, 0xff, 0xa8, + 0x26, 0xac, 0x99, 0xa1, 0xf7, 0xf3, 0x9a, 0xa9, 0x82, 0x75, 0x21, 0x8f, 0xbc, 0xe4, 0xaa, 0xa2, + 0x67, 0x5e, 0xa2, 0x25, 0xdb, 0xb0, 0xc1, 0x0f, 0xc5, 0x50, 0xd9, 0x94, 0xb7, 0xfd, 0xe4, 0x23, + 0xee, 0xd4, 0xe5, 0x41, 0xdc, 0x44, 0x53, 0x7f, 0xb1, 0x66, 0x64, 0xff, 0x49, 0x01, 0x4e, 0x27, + 0x3f, 0x80, 0x38, 0xae, 0xfb, 0x35, 0x0b, 0x1e, 0xf4, 0x9c, 0x28, 0xae, 0xb6, 0xd9, 0x46, 0x61, + 0xa3, 0xed, 0xad, 0xa4, 0xca, 0xeb, 0x1e, 0xd6, 0xd9, 0xa2, 0x08, 0xa7, 0x6f, 0x87, 0x9a, 0x7d, + 0xf8, 0xf6, 0xee, 0xe4, 0x83, 0x4b, 0xd9, 0xcc, 0x71, 0xaf, 0x5e, 0xa1, 0xcf, 0x5a, 0x70, 0xa2, + 0xd6, 0x0e, 0x43, 0xe2, 0xc7, 0xba, 0xab, 0xfc, 0x2b, 0x5e, 0xcd, 0x65, 0x20, 0x75, 0x07, 0x4f, + 0x53, 0x81, 0x3a, 0x97, 0xe2, 0x85, 0xbb, 0xb8, 0xdb, 0xbf, 0x40, 0x35, 0x67, 0xcf, 0xf7, 0xfc, + 0x5b, 0x76, 0x9d, 0xd5, 0x5f, 0x0c, 0xc2, 0x68, 0xa2, 0x86, 0x70, 0xe2, 0x88, 0xcb, 0xda, 0xf7, + 0x88, 0x8b, 0x25, 0x83, 0xb5, 0x7d, 0x79, 0xd9, 0xae, 0x91, 0x0c, 0xd6, 0xf6, 0x09, 0xe6, 0x30, + 0x31, 0xa4, 0xb8, 0xed, 0x8b, 0xe8, 0x76, 0x73, 0x48, 0x71, 0xdb, 0xc7, 0x02, 0x8a, 0x3e, 0x64, + 0xc1, 0x08, 0x5b, 0x7c, 0xe2, 0x80, 0x50, 0x28, 0xb4, 0xcb, 0x39, 0x2c, 0x77, 0x59, 0x2f, 0x9b, + 0x45, 0x43, 0x9a, 0x2d, 0x38, 0xc1, 0x11, 0x7d, 0xd4, 0x82, 0x8a, 0xba, 0x9f, 0x4f, 0xdc, 0x9c, + 0x5d, 0xcd, 0xb7, 0x44, 0x73, 0x4a, 0xea, 0xa9, 0x5a, 0xb9, 0x58, 0x33, 0x46, 0x91, 0x3a, 0xbd, + 0x1b, 0x3a, 0x9a, 0xd3, 0x3b, 0xc8, 0x38, 0xb9, 0x7b, 0x2b, 0x54, 0x9a, 0x8e, 0xef, 0x6e, 0x90, + 0x28, 0xe6, 0x07, 0x6a, 0xb2, 0x72, 0xbc, 0x6c, 0xc4, 0x1a, 0x4e, 0x8d, 0xfd, 0x88, 0xbd, 0x58, + 0x6c, 0x9c, 0x80, 0x31, 0x63, 0xbf, 0xaa, 0x9b, 0xb1, 0x89, 0x63, 0x1e, 0xd7, 0xc1, 0x3d, 0x3d, + 0xae, 0x1b, 0xde, 0xe7, 0xb8, 0xae, 0x0a, 0x67, 0x9c, 0x76, 0x1c, 0x5c, 0x22, 0x8e, 0x37, 0xc3, + 0x6f, 0xe8, 0x8f, 0x78, 0xd9, 0xe9, 0x11, 0xe6, 0x02, 0x56, 0xf1, 0x5b, 0x55, 0xe2, 0x6d, 0x74, + 0x21, 0xe1, 0xec, 0x67, 0xed, 0x7f, 0x6e, 0xc1, 0x99, 0xcc, 0xa9, 0x70, 0xff, 0x46, 0xce, 0xdb, + 0x9f, 0x2f, 0xc1, 0xa9, 0x8c, 0x0a, 0xe3, 0xa8, 0x63, 0x2e, 0x12, 0x2b, 0x8f, 0x20, 0xb4, 0x64, + 0x4c, 0x95, 0xfc, 0x36, 0x19, 0x2b, 0xe3, 0x60, 0x27, 0xf0, 0xfa, 0x14, 0xbc, 0x78, 0xbc, 0xa7, + 0xe0, 0xc6, 0x5c, 0x1f, 0xb8, 0xa7, 0x73, 0xbd, 0xb4, 0xcf, 0x5c, 0xff, 0x9a, 0x05, 0x13, 0xcd, + 0x1e, 0xd7, 0xda, 0x88, 0xf3, 0xa4, 0xeb, 0x47, 0x73, 0x69, 0xce, 0xec, 0x23, 0xb7, 0x77, 0x27, + 0x7b, 0xde, 0x26, 0x84, 0x7b, 0xf6, 0xca, 0xfe, 0x4e, 0x11, 0x98, 0xbd, 0xc6, 0xaa, 0xc8, 0x76, + 0xd0, 0x07, 0xcd, 0x8b, 0x0a, 0xac, 0xbc, 0x8a, 0xea, 0x73, 0xe2, 0xea, 0xa2, 0x03, 0x3e, 0x82, + 0x59, 0xf7, 0x1e, 0xa4, 0x25, 0x61, 0xa1, 0x0f, 0x49, 0xe8, 0xc9, 0x1b, 0x21, 0x8a, 0xf9, 0xdf, + 0x08, 0x51, 0x49, 0xdf, 0x06, 0xb1, 0xf7, 0x27, 0x1e, 0xb8, 0x2f, 0x3f, 0xf1, 0x2f, 0x5b, 0x5c, + 0xf0, 0xa4, 0xbe, 0x82, 0x36, 0x37, 0xac, 0x3d, 0xcc, 0x8d, 0xa7, 0xa0, 0x1c, 0x09, 0xc9, 0x2c, + 0xcc, 0x12, 0x1d, 0x00, 0x25, 0xda, 0xb1, 0xc2, 0xa0, 0xbb, 0x2e, 0xc7, 0xf3, 0x82, 0x5b, 0x17, + 0x9a, 0xad, 0xb8, 0x23, 0x0c, 0x14, 0xb5, 0x2d, 0x98, 0x51, 0x10, 0x6c, 0x60, 0xd9, 0x9b, 0x60, + 0x6c, 0x18, 0xee, 0xfe, 0x16, 0xd0, 0x3e, 0xae, 0x6f, 0xfe, 0x87, 0x05, 0xc1, 0x8a, 0x6f, 0x00, + 0x9e, 0x4f, 0x5d, 0x97, 0xdd, 0x7f, 0xa8, 0xdb, 0xfb, 0x01, 0x6a, 0x41, 0xb3, 0x45, 0xb7, 0xc4, + 0x6b, 0x41, 0x3e, 0xfb, 0xa8, 0x39, 0x45, 0x4f, 0x0f, 0x98, 0x6e, 0xc3, 0x06, 0xbf, 0x84, 0xd4, + 0x2e, 0xee, 0x2b, 0xb5, 0x13, 0x02, 0x6c, 0x60, 0x6f, 0x01, 0x66, 0xff, 0x95, 0x05, 0x09, 0x83, + 0x0e, 0xb5, 0xa0, 0x44, 0xbb, 0xdb, 0x11, 0xb2, 0x60, 0x25, 0x3f, 0xeb, 0x91, 0x0a, 0x61, 0xb1, + 0xc0, 0xd8, 0x4f, 0xcc, 0x19, 0x21, 0x4f, 0x84, 0xf5, 0xe5, 0xb2, 0xaf, 0x31, 0x19, 0x5e, 0x0a, + 0x82, 0x2d, 0x1e, 0x19, 0xa3, 0x43, 0x04, 0xed, 0xe7, 0xe1, 0x64, 0x57, 0xa7, 0xd8, 0xcd, 0xa1, + 0x81, 0xdc, 0x9c, 0x1b, 0x0b, 0x83, 0x55, 0x39, 0xc0, 0x1c, 0x66, 0x7f, 0xd5, 0x82, 0x13, 0x69, + 0xf2, 0xe8, 0x75, 0x0b, 0x4e, 0x46, 0x69, 0x7a, 0x47, 0x35, 0x76, 0x2a, 0x34, 0xbf, 0x0b, 0x84, + 0xbb, 0x3b, 0x61, 0xff, 0x8d, 0x98, 0xfc, 0x37, 0x5c, 0xbf, 0x1e, 0xdc, 0x52, 0x26, 0x90, 0xd5, + 0xd3, 0x04, 0xa2, 0x2b, 0xbf, 0xb6, 0x49, 0xea, 0x6d, 0xaf, 0xab, 0x66, 0x42, 0x55, 0xb4, 0x63, + 0x85, 0xc1, 0x52, 0xc4, 0xdb, 0x62, 0x4b, 0x9a, 0x9a, 0x94, 0xf3, 0xa2, 0x1d, 0x2b, 0x0c, 0xf4, + 0x2c, 0x8c, 0x18, 0x2f, 0x29, 0xe7, 0x25, 0xdb, 0x4f, 0x18, 0xca, 0x39, 0xc2, 0x09, 0x2c, 0x34, + 0x05, 0xa0, 0xcc, 0x29, 0xa9, 0x8c, 0x99, 0x0f, 0x5d, 0xc9, 0xbc, 0x08, 0x1b, 0x18, 0xac, 0x20, + 0x83, 0xd7, 0x8e, 0xd8, 0x21, 0xf1, 0xa0, 0x2e, 0x98, 0x3e, 0x27, 0xda, 0xb0, 0x82, 0x52, 0xb9, + 0xd5, 0x74, 0xfc, 0xb6, 0xe3, 0xd1, 0x11, 0x12, 0x5e, 0x31, 0xb5, 0x0c, 0x97, 0x15, 0x04, 0x1b, + 0x58, 0xf4, 0x8d, 0x63, 0xb7, 0x49, 0x5e, 0x0a, 0x7c, 0x19, 0x52, 0xad, 0xe3, 0x06, 0x44, 0x3b, + 0x56, 0x18, 0xf6, 0x5f, 0x5a, 0x30, 0xae, 0x2b, 0xc1, 0x30, 0x5f, 0x56, 0xc2, 0x89, 0x67, 0xed, + 0xeb, 0xc4, 0x4b, 0xd6, 0xbd, 0x28, 0xf4, 0x55, 0xf7, 0xc2, 0x2c, 0x49, 0x51, 0xdc, 0xb3, 0x24, + 0xc5, 0x0f, 0xc2, 0xd0, 0x16, 0xe9, 0x18, 0xb5, 0x2b, 0x86, 0xa9, 0x39, 0x74, 0x85, 0x37, 0x61, + 0x09, 0x43, 0x36, 0x0c, 0xd6, 0x1c, 0x55, 0x31, 0x6d, 0x84, 0x6f, 0x7d, 0xe6, 0x66, 0x18, 0x92, + 0x80, 0xd8, 0x2b, 0x50, 0x51, 0xc7, 0xe7, 0xd2, 0xa7, 0x66, 0x65, 0xfb, 0xd4, 0xfa, 0x4a, 0x8d, + 0x9f, 0x5d, 0xff, 0xfa, 0x77, 0x1f, 0x7b, 0xd3, 0x1f, 0x7d, 0xf7, 0xb1, 0x37, 0x7d, 0xfb, 0xbb, + 0x8f, 0xbd, 0xe9, 0x43, 0xb7, 0x1f, 0xb3, 0xbe, 0x7e, 0xfb, 0x31, 0xeb, 0x8f, 0x6e, 0x3f, 0x66, + 0x7d, 0xfb, 0xf6, 0x63, 0xd6, 0x77, 0x6e, 0x3f, 0x66, 0x7d, 0xf6, 0xbf, 0x3e, 0xf6, 0xa6, 0x97, + 0x32, 0x63, 0xea, 0xe9, 0x8f, 0xa7, 0x6b, 0xf5, 0xe9, 0xed, 0xf3, 0x2c, 0xac, 0x9b, 0x2e, 0xaf, + 0x69, 0x63, 0x4e, 0x4d, 0xcb, 0xe5, 0xf5, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0xa6, 0xfc, 0x44, + 0xf5, 0xc0, 0xf5, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -7384,6 +7610,14 @@ func (m *ApplicationSourceHelm) MarshalToSizedBuffer(dAtA []byte) (int, error) { var l int _ = l i-- + if m.SkipSchemaValidation { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x78 + i-- if m.SkipTests { dAtA[i] = 1 } else { @@ -7881,6 +8115,18 @@ func (m *ApplicationSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.SourceHydrator != nil { + { + size, err := m.SourceHydrator.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x4a + } if len(m.Sources) > 0 { for iNdEx := len(m.Sources) - 1; iNdEx >= 0; iNdEx-- { { @@ -7990,6 +8236,16 @@ func (m *ApplicationStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + { + size, err := m.SourceHydrator.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x72 i -= len(m.ControllerNamespace) copy(dAtA[i:], m.ControllerNamespace) i = encodeVarintGenerated(dAtA, i, uint64(len(m.ControllerNamespace))) @@ -9211,6 +9467,44 @@ func (m *ConnectionState) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *DrySource) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *DrySource) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *DrySource) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Path) + copy(dAtA[i:], m.Path) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Path))) + i-- + dAtA[i] = 0x1a + i -= len(m.TargetRevision) + copy(dAtA[i:], m.TargetRevision) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.TargetRevision))) + i-- + dAtA[i] = 0x12 + i -= len(m.RepoURL) + copy(dAtA[i:], m.RepoURL) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.RepoURL))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *DuckTypeGenerator) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -9709,6 +10003,18 @@ func (m *HealthStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.LastTransitionTime != nil { + { + size, err := m.LastTransitionTime.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } i -= len(m.Message) copy(dAtA[i:], m.Message) i = encodeVarintGenerated(dAtA, i, uint64(len(m.Message))) @@ -9917,6 +10223,109 @@ func (m *HostResourceInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *HydrateOperation) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *HydrateOperation) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *HydrateOperation) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.SourceHydrator.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + i -= len(m.HydratedSHA) + copy(dAtA[i:], m.HydratedSHA) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.HydratedSHA))) + i-- + dAtA[i] = 0x32 + i -= len(m.DrySHA) + copy(dAtA[i:], m.DrySHA) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.DrySHA))) + i-- + dAtA[i] = 0x2a + i -= len(m.Message) + copy(dAtA[i:], m.Message) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Message))) + i-- + dAtA[i] = 0x22 + i -= len(m.Phase) + copy(dAtA[i:], m.Phase) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Phase))) + i-- + dAtA[i] = 0x1a + if m.FinishedAt != nil { + { + size, err := m.FinishedAt.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + { + size, err := m.StartedAt.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *HydrateTo) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *HydrateTo) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *HydrateTo) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.TargetBranch) + copy(dAtA[i:], m.TargetBranch) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.TargetBranch))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *Info) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -14220,6 +14629,151 @@ func (m *SignatureKey) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *SourceHydrator) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SourceHydrator) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SourceHydrator) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.HydrateTo != nil { + { + size, err := m.HydrateTo.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + { + size, err := m.SyncSource.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + { + size, err := m.DrySource.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *SourceHydratorStatus) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SourceHydratorStatus) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SourceHydratorStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.CurrentOperation != nil { + { + size, err := m.CurrentOperation.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if m.LastSuccessfulOperation != nil { + { + size, err := m.LastSuccessfulOperation.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *SuccessfulHydrateOperation) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SuccessfulHydrateOperation) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SuccessfulHydrateOperation) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + { + size, err := m.SourceHydrator.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + i -= len(m.HydratedSHA) + copy(dAtA[i:], m.HydratedSHA) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.HydratedSHA))) + i-- + dAtA[i] = 0x32 + i -= len(m.DrySHA) + copy(dAtA[i:], m.DrySHA) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.DrySHA))) + i-- + dAtA[i] = 0x2a + return len(dAtA) - i, nil +} + func (m *SyncOperation) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -14591,6 +15145,39 @@ func (m *SyncPolicyAutomated) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *SyncSource) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SyncSource) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *SyncSource) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Path) + copy(dAtA[i:], m.Path) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Path))) + i-- + dAtA[i] = 0x12 + i -= len(m.TargetBranch) + copy(dAtA[i:], m.TargetBranch) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.TargetBranch))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *SyncStatus) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -15746,6 +16333,7 @@ func (m *ApplicationSourceHelm) Size() (n int) { } } n += 2 + n += 2 return n } @@ -15930,6 +16518,10 @@ func (m *ApplicationSpec) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + if m.SourceHydrator != nil { + l = m.SourceHydrator.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -15987,6 +16579,8 @@ func (m *ApplicationStatus) Size() (n int) { } l = len(m.ControllerNamespace) n += 1 + l + sovGenerated(uint64(l)) + l = m.SourceHydrator.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -16394,6 +16988,21 @@ func (m *ConnectionState) Size() (n int) { return n } +func (m *DrySource) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.RepoURL) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.TargetRevision) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Path) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *DuckTypeGenerator) Size() (n int) { if m == nil { return 0 @@ -16584,6 +17193,10 @@ func (m *HealthStatus) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.Message) n += 1 + l + sovGenerated(uint64(l)) + if m.LastTransitionTime != nil { + l = m.LastTransitionTime.Size() + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -16662,6 +17275,42 @@ func (m *HostResourceInfo) Size() (n int) { return n } +func (m *HydrateOperation) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.StartedAt.Size() + n += 1 + l + sovGenerated(uint64(l)) + if m.FinishedAt != nil { + l = m.FinishedAt.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + l = len(m.Phase) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Message) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.DrySHA) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.HydratedSHA) + n += 1 + l + sovGenerated(uint64(l)) + l = m.SourceHydrator.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *HydrateTo) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.TargetBranch) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *Info) Size() (n int) { if m == nil { return 0 @@ -18249,6 +18898,55 @@ func (m *SignatureKey) Size() (n int) { return n } +func (m *SourceHydrator) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.DrySource.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.SyncSource.Size() + n += 1 + l + sovGenerated(uint64(l)) + if m.HydrateTo != nil { + l = m.HydrateTo.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *SourceHydratorStatus) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.LastSuccessfulOperation != nil { + l = m.LastSuccessfulOperation.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.CurrentOperation != nil { + l = m.CurrentOperation.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + return n +} + +func (m *SuccessfulHydrateOperation) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.DrySHA) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.HydratedSHA) + n += 1 + l + sovGenerated(uint64(l)) + l = m.SourceHydrator.Size() + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *SyncOperation) Size() (n int) { if m == nil { return 0 @@ -18392,6 +19090,19 @@ func (m *SyncPolicyAutomated) Size() (n int) { return n } +func (m *SyncSource) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.TargetBranch) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Path) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + func (m *SyncStatus) Size() (n int) { if m == nil { return 0 @@ -19100,6 +19811,7 @@ func (this *ApplicationSourceHelm) String() string { `KubeVersion:` + fmt.Sprintf("%v", this.KubeVersion) + `,`, `APIVersions:` + fmt.Sprintf("%v", this.APIVersions) + `,`, `SkipTests:` + fmt.Sprintf("%v", this.SkipTests) + `,`, + `SkipSchemaValidation:` + fmt.Sprintf("%v", this.SkipSchemaValidation) + `,`, `}`, }, "") return s @@ -19244,6 +19956,7 @@ func (this *ApplicationSpec) String() string { `Info:` + repeatedStringForInfo + `,`, `RevisionHistoryLimit:` + valueToStringGenerated(this.RevisionHistoryLimit) + `,`, `Sources:` + repeatedStringForSources + `,`, + `SourceHydrator:` + strings.Replace(this.SourceHydrator.String(), "SourceHydrator", "SourceHydrator", 1) + `,`, `}`, }, "") return s @@ -19281,6 +19994,7 @@ func (this *ApplicationStatus) String() string { `ResourceHealthSource:` + fmt.Sprintf("%v", this.ResourceHealthSource) + `,`, `SourceTypes:` + fmt.Sprintf("%v", this.SourceTypes) + `,`, `ControllerNamespace:` + fmt.Sprintf("%v", this.ControllerNamespace) + `,`, + `SourceHydrator:` + strings.Replace(strings.Replace(this.SourceHydrator.String(), "SourceHydratorStatus", "SourceHydratorStatus", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -19596,6 +20310,18 @@ func (this *ConnectionState) String() string { }, "") return s } +func (this *DrySource) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&DrySource{`, + `RepoURL:` + fmt.Sprintf("%v", this.RepoURL) + `,`, + `TargetRevision:` + fmt.Sprintf("%v", this.TargetRevision) + `,`, + `Path:` + fmt.Sprintf("%v", this.Path) + `,`, + `}`, + }, "") + return s +} func (this *DuckTypeGenerator) String() string { if this == nil { return "nil" @@ -19761,6 +20487,7 @@ func (this *HealthStatus) String() string { s := strings.Join([]string{`&HealthStatus{`, `Status:` + fmt.Sprintf("%v", this.Status) + `,`, `Message:` + fmt.Sprintf("%v", this.Message) + `,`, + `LastTransitionTime:` + strings.Replace(fmt.Sprintf("%v", this.LastTransitionTime), "Time", "v1.Time", 1) + `,`, `}`, }, "") return s @@ -19828,6 +20555,32 @@ func (this *HostResourceInfo) String() string { }, "") return s } +func (this *HydrateOperation) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&HydrateOperation{`, + `StartedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.StartedAt), "Time", "v1.Time", 1), `&`, ``, 1) + `,`, + `FinishedAt:` + strings.Replace(fmt.Sprintf("%v", this.FinishedAt), "Time", "v1.Time", 1) + `,`, + `Phase:` + fmt.Sprintf("%v", this.Phase) + `,`, + `Message:` + fmt.Sprintf("%v", this.Message) + `,`, + `DrySHA:` + fmt.Sprintf("%v", this.DrySHA) + `,`, + `HydratedSHA:` + fmt.Sprintf("%v", this.HydratedSHA) + `,`, + `SourceHydrator:` + strings.Replace(strings.Replace(this.SourceHydrator.String(), "SourceHydrator", "SourceHydrator", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} +func (this *HydrateTo) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&HydrateTo{`, + `TargetBranch:` + fmt.Sprintf("%v", this.TargetBranch) + `,`, + `}`, + }, "") + return s +} func (this *Info) String() string { if this == nil { return "nil" @@ -21003,6 +21756,41 @@ func (this *SignatureKey) String() string { }, "") return s } +func (this *SourceHydrator) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&SourceHydrator{`, + `DrySource:` + strings.Replace(strings.Replace(this.DrySource.String(), "DrySource", "DrySource", 1), `&`, ``, 1) + `,`, + `SyncSource:` + strings.Replace(strings.Replace(this.SyncSource.String(), "SyncSource", "SyncSource", 1), `&`, ``, 1) + `,`, + `HydrateTo:` + strings.Replace(this.HydrateTo.String(), "HydrateTo", "HydrateTo", 1) + `,`, + `}`, + }, "") + return s +} +func (this *SourceHydratorStatus) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&SourceHydratorStatus{`, + `LastSuccessfulOperation:` + strings.Replace(this.LastSuccessfulOperation.String(), "SuccessfulHydrateOperation", "SuccessfulHydrateOperation", 1) + `,`, + `CurrentOperation:` + strings.Replace(this.CurrentOperation.String(), "HydrateOperation", "HydrateOperation", 1) + `,`, + `}`, + }, "") + return s +} +func (this *SuccessfulHydrateOperation) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&SuccessfulHydrateOperation{`, + `DrySHA:` + fmt.Sprintf("%v", this.DrySHA) + `,`, + `HydratedSHA:` + fmt.Sprintf("%v", this.HydratedSHA) + `,`, + `SourceHydrator:` + strings.Replace(strings.Replace(this.SourceHydrator.String(), "SourceHydrator", "SourceHydrator", 1), `&`, ``, 1) + `,`, + `}`, + }, "") + return s +} func (this *SyncOperation) String() string { if this == nil { return "nil" @@ -21096,6 +21884,17 @@ func (this *SyncPolicyAutomated) String() string { }, "") return s } +func (this *SyncSource) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&SyncSource{`, + `TargetBranch:` + fmt.Sprintf("%v", this.TargetBranch) + `,`, + `Path:` + fmt.Sprintf("%v", this.Path) + `,`, + `}`, + }, "") + return s +} func (this *SyncStatus) String() string { if this == nil { return "nil" @@ -27854,6 +28653,26 @@ func (m *ApplicationSourceHelm) Unmarshal(dAtA []byte) error { } } m.SkipTests = bool(v != 0) + case 15: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field SkipSchemaValidation", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.SkipSchemaValidation = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -29358,6 +30177,42 @@ func (m *ApplicationSpec) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SourceHydrator", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.SourceHydrator == nil { + m.SourceHydrator = &SourceHydrator{} + } + if err := m.SourceHydrator.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -29845,6 +30700,39 @@ func (m *ApplicationStatus) Unmarshal(dAtA []byte) error { } m.ControllerNamespace = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 14: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SourceHydrator", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SourceHydrator.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -33360,6 +34248,152 @@ func (m *ConnectionState) Unmarshal(dAtA []byte) error { } return nil } +func (m *DrySource) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DrySource: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DrySource: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RepoURL", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RepoURL = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TargetRevision", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TargetRevision = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Path = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *DuckTypeGenerator) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -35116,15 +36150,361 @@ func (m *HealthStatus) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: HealthStatus: wiretype end group for non-group") + return fmt.Errorf("proto: HealthStatus: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: HealthStatus: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Status = github_com_argoproj_gitops_engine_pkg_health.HealthStatusCode(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Message = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field LastTransitionTime", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.LastTransitionTime == nil { + m.LastTransitionTime = &v1.Time{} + } + if err := m.LastTransitionTime.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *HelmFileParameter) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: HelmFileParameter: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: HelmFileParameter: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Path = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *HelmOptions) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: HelmOptions: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: HelmOptions: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ValuesFileSchemes", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ValuesFileSchemes = append(m.ValuesFileSchemes, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *HelmParameter) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: HelmParameter: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: HealthStatus: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: HelmParameter: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Status", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35152,11 +36532,11 @@ func (m *HealthStatus) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Status = github_com_argoproj_gitops_engine_pkg_health.HealthStatusCode(dAtA[iNdEx:postIndex]) + m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35184,8 +36564,28 @@ func (m *HealthStatus) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Message = string(dAtA[iNdEx:postIndex]) + m.Value = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ForceString", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.ForceString = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -35207,7 +36607,7 @@ func (m *HealthStatus) Unmarshal(dAtA []byte) error { } return nil } -func (m *HelmFileParameter) Unmarshal(dAtA []byte) error { +func (m *HostInfo) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35230,10 +36630,10 @@ func (m *HelmFileParameter) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: HelmFileParameter: wiretype end group for non-group") + return fmt.Errorf("proto: HostInfo: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: HelmFileParameter: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: HostInfo: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: @@ -35270,9 +36670,9 @@ func (m *HelmFileParameter) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourcesInfo", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -35282,23 +36682,58 @@ func (m *HelmFileParameter) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.Path = string(dAtA[iNdEx:postIndex]) + m.ResourcesInfo = append(m.ResourcesInfo, HostResourceInfo{}) + if err := m.ResourcesInfo[len(m.ResourcesInfo)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SystemInfo", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SystemInfo.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -35321,7 +36756,7 @@ func (m *HelmFileParameter) Unmarshal(dAtA []byte) error { } return nil } -func (m *HelmOptions) Unmarshal(dAtA []byte) error { +func (m *HostResourceInfo) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35344,15 +36779,15 @@ func (m *HelmOptions) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: HelmOptions: wiretype end group for non-group") + return fmt.Errorf("proto: HostResourceInfo: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: HelmOptions: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: HostResourceInfo: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ValuesFileSchemes", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35380,8 +36815,65 @@ func (m *HelmOptions) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ValuesFileSchemes = append(m.ValuesFileSchemes, string(dAtA[iNdEx:postIndex])) + m.ResourceName = k8s_io_api_core_v1.ResourceName(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RequestedByApp", wireType) + } + m.RequestedByApp = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.RequestedByApp |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RequestedByNeighbors", wireType) + } + m.RequestedByNeighbors = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.RequestedByNeighbors |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Capacity", wireType) + } + m.Capacity = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Capacity |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -35403,7 +36895,7 @@ func (m *HelmOptions) Unmarshal(dAtA []byte) error { } return nil } -func (m *HelmParameter) Unmarshal(dAtA []byte) error { +func (m *HydrateOperation) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35426,17 +36918,17 @@ func (m *HelmParameter) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: HelmParameter: wiretype end group for non-group") + return fmt.Errorf("proto: HydrateOperation: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: HelmParameter: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: HydrateOperation: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field StartedAt", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -35446,27 +36938,64 @@ func (m *HelmParameter) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + msglen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + if err := m.StartedAt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field FinishedAt", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.FinishedAt == nil { + m.FinishedAt = &v1.Time{} + } + if err := m.FinishedAt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Phase", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35494,13 +37023,13 @@ func (m *HelmParameter) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Value = string(dAtA[iNdEx:postIndex]) + m.Phase = HydrateOperationPhase(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ForceString", wireType) + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Message", wireType) } - var v int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -35510,65 +37039,27 @@ func (m *HelmParameter) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - v |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - m.ForceString = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *HostInfo) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated } - if iNdEx >= l { + if postIndex > l { return io.ErrUnexpectedEOF } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: HostInfo: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: HostInfo: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: + m.Message = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DrySHA", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35596,13 +37087,13 @@ func (m *HostInfo) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Name = string(dAtA[iNdEx:postIndex]) + m.DrySHA = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourcesInfo", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field HydratedSHA", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGenerated @@ -35612,29 +37103,27 @@ func (m *HostInfo) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= int(b&0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGenerated } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex < 0 { return ErrInvalidLengthGenerated } if postIndex > l { return io.ErrUnexpectedEOF } - m.ResourcesInfo = append(m.ResourcesInfo, HostResourceInfo{}) - if err := m.ResourcesInfo[len(m.ResourcesInfo)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } + m.HydratedSHA = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 7: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SystemInfo", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SourceHydrator", wireType) } var msglen int for shift := uint(0); ; shift += 7 { @@ -35661,7 +37150,7 @@ func (m *HostInfo) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - if err := m.SystemInfo.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + if err := m.SourceHydrator.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } iNdEx = postIndex @@ -35686,7 +37175,7 @@ func (m *HostInfo) Unmarshal(dAtA []byte) error { } return nil } -func (m *HostResourceInfo) Unmarshal(dAtA []byte) error { +func (m *HydrateTo) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 for iNdEx < l { @@ -35709,15 +37198,15 @@ func (m *HostResourceInfo) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: HostResourceInfo: wiretype end group for non-group") + return fmt.Errorf("proto: HydrateTo: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: HostResourceInfo: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: HydrateTo: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field TargetBranch", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -35745,65 +37234,8 @@ func (m *HostResourceInfo) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ResourceName = k8s_io_api_core_v1.ResourceName(dAtA[iNdEx:postIndex]) + m.TargetBranch = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestedByApp", wireType) - } - m.RequestedByApp = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.RequestedByApp |= int64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestedByNeighbors", wireType) - } - m.RequestedByNeighbors = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.RequestedByNeighbors |= int64(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Capacity", wireType) - } - m.Capacity = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Capacity |= int64(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -50429,15 +51861,371 @@ func (m *SignatureKey) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: SignatureKey: wiretype end group for non-group") + return fmt.Errorf("proto: SignatureKey: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SignatureKey: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field KeyID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.KeyID = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SourceHydrator) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SourceHydrator: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SourceHydrator: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DrySource", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.DrySource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SyncSource", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SyncSource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field HydrateTo", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.HydrateTo == nil { + m.HydrateTo = &HydrateTo{} + } + if err := m.HydrateTo.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SourceHydratorStatus) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SourceHydratorStatus: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: SignatureKey: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: SourceHydratorStatus: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field KeyID", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field LastSuccessfulOperation", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.LastSuccessfulOperation == nil { + m.LastSuccessfulOperation = &SuccessfulHydrateOperation{} + } + if err := m.LastSuccessfulOperation.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CurrentOperation", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.CurrentOperation == nil { + m.CurrentOperation = &HydrateOperation{} + } + if err := m.CurrentOperation.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *SuccessfulHydrateOperation) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SuccessfulHydrateOperation: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SuccessfulHydrateOperation: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DrySHA", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -50465,7 +52253,72 @@ func (m *SignatureKey) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.KeyID = string(dAtA[iNdEx:postIndex]) + m.DrySHA = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field HydratedSHA", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.HydratedSHA = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SourceHydrator", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SourceHydrator.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } iNdEx = postIndex default: iNdEx = preIndex @@ -51594,6 +53447,120 @@ func (m *SyncPolicyAutomated) Unmarshal(dAtA []byte) error { } return nil } +func (m *SyncSource) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SyncSource: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SyncSource: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TargetBranch", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TargetBranch = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Path = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *SyncStatus) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 729286e069e5f..6823a76261de4 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -521,6 +521,9 @@ message ApplicationSourceHelm { // SkipTests skips test manifest installation step (Helm's --skip-tests). optional bool skipTests = 14; + + // SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation) + optional bool skipSchemaValidation = 15; } // ApplicationSourceJsonnet holds options specific to applications of type Jsonnet @@ -641,6 +644,9 @@ message ApplicationSpec { // Sources is a reference to the location of the application's manifests or chart repeated ApplicationSource sources = 8; + + // SourceHydrator provides a way to push hydrated manifests back to git before syncing them to the cluster. + optional SourceHydrator sourceHydrator = 9; } // ApplicationStatus contains status information for the application @@ -684,6 +690,9 @@ message ApplicationStatus { // ControllerNamespace indicates the namespace in which the application controller is located optional string controllerNamespace = 13; + + // SourceHydrator stores information about the current state of source hydration + optional SourceHydratorStatus sourceHydrator = 14; } // ApplicationSummary contains information about URLs and container images used by an application @@ -954,6 +963,18 @@ message ConnectionState { optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time attemptedAt = 3; } +// DrySource specifies a location for dry "don't repeat yourself" manifest source information. +message DrySource { + // RepoURL is the URL to the git repository that contains the application manifests + optional string repoURL = 1; + + // TargetRevision defines the revision of the source to hydrate + optional string targetRevision = 2; + + // Path is a directory path within the Git repository where the manifests are located + optional string path = 3; +} + // DuckType defines a generator to match against clusters registered with ArgoCD. message DuckTypeGenerator { // ConfigMapRef is a ConfigMap with the duck type definitions needed to retrieve the data @@ -1069,6 +1090,9 @@ message HealthStatus { // Message is a human-readable informational message describing the health status optional string message = 2; + + // LastTransitionTime is the time the HealthStatus was set or updated + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; } // HelmFileParameter is a file parameter that's passed to helm template during manifest generation @@ -1119,6 +1143,37 @@ message HostResourceInfo { optional int64 capacity = 4; } +// HydrateOperation contains information about the most recent hydrate operation +message HydrateOperation { + // StartedAt indicates when the hydrate operation started + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 1; + + // FinishedAt indicates when the hydrate operation finished + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 2; + + // Phase indicates the status of the hydrate operation + optional string phase = 3; + + // Message contains a message describing the current status of the hydrate operation + optional string message = 4; + + // DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation + optional string drySHA = 5; + + // HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation + optional string hydratedSHA = 6; + + // SourceHydrator holds the hydrator config used for the hydrate operation + optional SourceHydrator sourceHydrator = 7; +} + +// HydrateTo specifies a location to which hydrated manifests should be pushed as a "staging area" before being moved to +// the SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator. +message HydrateTo { + // TargetBranch is the branch to which hydrated manifests should be committed + optional string targetBranch = 1; +} + message Info { optional string name = 1; @@ -2238,6 +2293,41 @@ message SignatureKey { optional string keyID = 1; } +// SourceHydrator specifies a dry "don't repeat yourself" source for manifests, a sync source from which to sync +// hydrated manifests, and an optional hydrateTo location to act as a "staging" aread for hydrated manifests. +message SourceHydrator { + // DrySource specifies where the dry "don't repeat yourself" manifest source lives. + optional DrySource drySource = 1; + + // SyncSource specifies where to sync hydrated manifests from. + optional SyncSource syncSource = 2; + + // HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + // have to move manifests to the SyncSource, e.g. by pull request. + optional HydrateTo hydrateTo = 3; +} + +// SourceHydratorStatus contains information about the current state of source hydration +message SourceHydratorStatus { + // LastSuccessfulOperation holds info about the most recent successful hydration + optional SuccessfulHydrateOperation lastSuccessfulOperation = 1; + + // CurrentOperation holds the status of the hydrate operation + optional HydrateOperation currentOperation = 2; +} + +// SuccessfulHydrateOperation contains information about the most recent successful hydrate operation +message SuccessfulHydrateOperation { + // DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation + optional string drySHA = 5; + + // HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation + optional string hydratedSHA = 6; + + // SourceHydrator holds the hydrator config used for the hydrate operation + optional SourceHydrator sourceHydrator = 7; +} + // SyncOperation contains details about a sync operation. message SyncOperation { // Revision is the revision (Git) or chart version (Helm) which to sync the application to @@ -2337,6 +2427,17 @@ message SyncPolicyAutomated { optional bool allowEmpty = 3; } +// SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the +// associated DrySource config in the SourceHydrator. +message SyncSource { + // TargetBranch is the branch to which hydrated manifests should be committed + optional string targetBranch = 1; + + // Path is a directory path within the git repository where hydrated manifests should be committed to and synced + // from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + optional string path = 2; +} + // SyncStatus contains information about the currently observed live and desired states of an application message SyncStatus { // Status is the sync state of the comparison diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index 5221381ed80da..28492686a8003 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -72,6 +72,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigManagementPlugin": schema_pkg_apis_application_v1alpha1_ConfigManagementPlugin(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConfigMapKeyRef": schema_pkg_apis_application_v1alpha1_ConfigMapKeyRef(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConnectionState": schema_pkg_apis_application_v1alpha1_ConnectionState(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DrySource": schema_pkg_apis_application_v1alpha1_DrySource(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DuckTypeGenerator": schema_pkg_apis_application_v1alpha1_DuckTypeGenerator(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.EnvEntry": schema_pkg_apis_application_v1alpha1_EnvEntry(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ErrApplicationNotAllowedToUseProject": schema_pkg_apis_application_v1alpha1_ErrApplicationNotAllowedToUseProject(ref), @@ -87,6 +88,8 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HelmParameter": schema_pkg_apis_application_v1alpha1_HelmParameter(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HostInfo": schema_pkg_apis_application_v1alpha1_HostInfo(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HostResourceInfo": schema_pkg_apis_application_v1alpha1_HostResourceInfo(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateOperation": schema_pkg_apis_application_v1alpha1_HydrateOperation(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateTo": schema_pkg_apis_application_v1alpha1_HydrateTo(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Info": schema_pkg_apis_application_v1alpha1_Info(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.InfoItem": schema_pkg_apis_application_v1alpha1_InfoItem(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.JWTToken": schema_pkg_apis_application_v1alpha1_JWTToken(ref), @@ -158,11 +161,15 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SCMProviderGeneratorGitlab": schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorGitlab(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SecretRef": schema_pkg_apis_application_v1alpha1_SecretRef(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SignatureKey": schema_pkg_apis_application_v1alpha1_SignatureKey(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator": schema_pkg_apis_application_v1alpha1_SourceHydrator(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydratorStatus": schema_pkg_apis_application_v1alpha1_SourceHydratorStatus(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SuccessfulHydrateOperation": schema_pkg_apis_application_v1alpha1_SuccessfulHydrateOperation(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncOperation": schema_pkg_apis_application_v1alpha1_SyncOperation(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncOperationResource": schema_pkg_apis_application_v1alpha1_SyncOperationResource(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncOperationResult": schema_pkg_apis_application_v1alpha1_SyncOperationResult(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicy": schema_pkg_apis_application_v1alpha1_SyncPolicy(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicyAutomated": schema_pkg_apis_application_v1alpha1_SyncPolicyAutomated(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncSource": schema_pkg_apis_application_v1alpha1_SyncSource(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStatus": schema_pkg_apis_application_v1alpha1_SyncStatus(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStrategy": schema_pkg_apis_application_v1alpha1_SyncStrategy(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStrategyApply": schema_pkg_apis_application_v1alpha1_SyncStrategyApply(ref), @@ -2317,12 +2324,18 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSpec(ref common.ReferenceCa }, }, }, + "sourceHydrator": { + SchemaProps: spec.SchemaProps{ + Description: "SourceHydrator provides a way to push hydrated manifests back to git before syncing them to the cluster.", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator"), + }, + }, }, Required: []string{"destination", "project"}, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestination", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Info", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceIgnoreDifferences", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicy"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationDestination", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.Info", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceIgnoreDifferences", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncPolicy"}, } } @@ -2450,11 +2463,18 @@ func schema_pkg_apis_application_v1alpha1_ApplicationStatus(ref common.Reference Format: "", }, }, + "sourceHydrator": { + SchemaProps: spec.SchemaProps{ + Description: "SourceHydrator stores information about the current state of source hydration", + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydratorStatus"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationCondition", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSummary", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HealthStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OperationState", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RevisionHistory", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationCondition", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSummary", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HealthStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OperationState", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.RevisionHistory", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydratorStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -3346,6 +3366,44 @@ func schema_pkg_apis_application_v1alpha1_ConnectionState(ref common.ReferenceCa } } +func schema_pkg_apis_application_v1alpha1_DrySource(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DrySource specifies a location for dry \"don't repeat yourself\" manifest source information.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "repoURL": { + SchemaProps: spec.SchemaProps{ + Description: "RepoURL is the URL to the git repository that contains the application manifests", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "targetRevision": { + SchemaProps: spec.SchemaProps{ + Description: "TargetRevision defines the revision of the source to hydrate", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "path": { + SchemaProps: spec.SchemaProps{ + Description: "Path is a directory path within the Git repository where the manifests are located", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"repoURL", "targetRevision", "path"}, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_DuckTypeGenerator(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -3787,9 +3845,17 @@ func schema_pkg_apis_application_v1alpha1_HealthStatus(ref common.ReferenceCallb Format: "", }, }, + "lastTransitionTime": { + SchemaProps: spec.SchemaProps{ + Description: "LastTransitionTime is the time the HealthStatus was set", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, }, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -3958,6 +4024,93 @@ func schema_pkg_apis_application_v1alpha1_HostResourceInfo(ref common.ReferenceC } } +func schema_pkg_apis_application_v1alpha1_HydrateOperation(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "HydrateOperation contains information about the most recent hydrate operation", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "startedAt": { + SchemaProps: spec.SchemaProps{ + Description: "StartedAt indicates when the hydrate operation started", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "finishedAt": { + SchemaProps: spec.SchemaProps{ + Description: "FinishedAt indicates when the hydrate operation finished", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "phase": { + SchemaProps: spec.SchemaProps{ + Description: "Phase indicates the status of the hydrate operation", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "Message contains a message describing the current status of the hydrate operation", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "drySHA": { + SchemaProps: spec.SchemaProps{ + Description: "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation", + Type: []string{"string"}, + Format: "", + }, + }, + "hydratedSHA": { + SchemaProps: spec.SchemaProps{ + Description: "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation", + Type: []string{"string"}, + Format: "", + }, + }, + "sourceHydrator": { + SchemaProps: spec.SchemaProps{ + Description: "SourceHydrator holds the hydrator config used for the hydrate operation", + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator"), + }, + }, + }, + Required: []string{"phase", "message"}, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + } +} + +func schema_pkg_apis_application_v1alpha1_HydrateTo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "HydrateTo specifies a location to which hydrated manifests should be pushed as a \"staging area\" before being moved to the SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetBranch": { + SchemaProps: spec.SchemaProps{ + Description: "TargetBranch is the branch to which hydrated manifests should be committed", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetBranch"}, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_Info(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -7643,6 +7796,105 @@ func schema_pkg_apis_application_v1alpha1_SignatureKey(ref common.ReferenceCallb } } +func schema_pkg_apis_application_v1alpha1_SourceHydrator(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SourceHydrator specifies a dry \"don't repeat yourself\" source for manifests, a sync source from which to sync hydrated manifests, and an optional hydrateTo location to act as a \"staging\" aread for hydrated manifests.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "drySource": { + SchemaProps: spec.SchemaProps{ + Description: "DrySource specifies where the dry \"don't repeat yourself\" manifest source lives.", + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DrySource"), + }, + }, + "syncSource": { + SchemaProps: spec.SchemaProps{ + Description: "SyncSource specifies where to sync hydrated manifests from.", + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncSource"), + }, + }, + "hydrateTo": { + SchemaProps: spec.SchemaProps{ + Description: "HydrateTo specifies an optional \"staging\" location to push hydrated manifests to. An external system would then have to move manifests to the SyncSource, e.g. by pull request.", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateTo"), + }, + }, + }, + Required: []string{"drySource", "syncSource"}, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.DrySource", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateTo", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SyncSource"}, + } +} + +func schema_pkg_apis_application_v1alpha1_SourceHydratorStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SourceHydratorStatus contains information about the current state of source hydration", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "lastSuccessfulOperation": { + SchemaProps: spec.SchemaProps{ + Description: "LastSuccessfulOperation holds info about the most recent successful hydration", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SuccessfulHydrateOperation"), + }, + }, + "currentOperation": { + SchemaProps: spec.SchemaProps{ + Description: "CurrentOperation holds the status of the hydrate operation", + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateOperation"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.HydrateOperation", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SuccessfulHydrateOperation"}, + } +} + +func schema_pkg_apis_application_v1alpha1_SuccessfulHydrateOperation(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SuccessfulHydrateOperation contains information about the most recent successful hydrate operation", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "drySHA": { + SchemaProps: spec.SchemaProps{ + Description: "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation", + Type: []string{"string"}, + Format: "", + }, + }, + "hydratedSHA": { + SchemaProps: spec.SchemaProps{ + Description: "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation", + Type: []string{"string"}, + Format: "", + }, + }, + "sourceHydrator": { + SchemaProps: spec.SchemaProps{ + Description: "SourceHydrator holds the hydrator config used for the hydrate operation", + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.SourceHydrator"}, + } +} + func schema_pkg_apis_application_v1alpha1_SyncOperation(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -7965,6 +8217,36 @@ func schema_pkg_apis_application_v1alpha1_SyncPolicyAutomated(ref common.Referen } } +func schema_pkg_apis_application_v1alpha1_SyncSource(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the associated DrySource config in the SourceHydrator.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetBranch": { + SchemaProps: spec.SchemaProps{ + Description: "TargetBranch is the branch to which hydrated manifests should be committed", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "path": { + SchemaProps: spec.SchemaProps{ + Description: "Path is a directory path within the git repository where hydrated manifests should be committed to and synced from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetBranch", "path"}, + }, + }, + } +} + func schema_pkg_apis_application_v1alpha1_SyncStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/apis/application/v1alpha1/repository_types.go b/pkg/apis/application/v1alpha1/repository_types.go index 5a30d24fbcfdb..047ae14b1ac97 100644 --- a/pkg/apis/application/v1alpha1/repository_types.go +++ b/pkg/apis/application/v1alpha1/repository_types.go @@ -5,6 +5,7 @@ import ( "net/url" "strings" + "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/cert" "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/helm" @@ -283,6 +284,34 @@ func (m *Repository) StringForLogging() string { return fmt.Sprintf("&Repository{Repo: %q, Type: %q, Name: %q, Project: %q}", m.Repo, m.Type, m.Name, m.Project) } +// Sanitized returns a copy of the Repository with sensitive information removed. +func (m *Repository) Sanitized() *Repository { + return &Repository{ + Repo: m.Repo, + Type: m.Type, + Name: m.Name, + Username: m.Username, + Insecure: m.IsInsecure(), + EnableLFS: m.EnableLFS, + EnableOCI: m.EnableOCI, + Proxy: m.Proxy, + NoProxy: m.NoProxy, + Project: m.Project, + ForceHttpBasicAuth: m.ForceHttpBasicAuth, + InheritedCreds: m.InheritedCreds, + GithubAppId: m.GithubAppId, + GithubAppInstallationId: m.GithubAppInstallationId, + GitHubAppEnterpriseBaseURL: m.GitHubAppEnterpriseBaseURL, + } +} + +func (m *Repository) Normalize() *Repository { + if m.Type == "" { + m.Type = common.DefaultRepoType + } + return m +} + // Repositories defines a list of Repository configurations type Repositories []*Repository diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 75a5c12f7e277..2c57c60d58b19 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -86,6 +86,9 @@ type ApplicationSpec struct { // Sources is a reference to the location of the application's manifests or chart Sources ApplicationSources `json:"sources,omitempty" protobuf:"bytes,8,opt,name=sources"` + + // SourceHydrator provides a way to push hydrated manifests back to git before syncing them to the cluster. + SourceHydrator *SourceHydrator `json:"sourceHydrator,omitempty" protobuf:"bytes,9,opt,name=sourceHydrator"` } type IgnoreDifferences []ResourceIgnoreDifferences @@ -216,6 +219,9 @@ func (a ApplicationSources) IsZero() bool { } func (a *ApplicationSpec) GetSource() ApplicationSource { + if a.SourceHydrator != nil { + return a.SourceHydrator.GetSyncSource() + } // if Application has multiple sources, return the first source in sources if a.HasMultipleSources() { return a.Sources[0] @@ -226,7 +232,26 @@ func (a *ApplicationSpec) GetSource() ApplicationSource { return ApplicationSource{} } +// GetHydrateToSource returns the hydrateTo source if it exists, otherwise returns the sync source. +func (a *ApplicationSpec) GetHydrateToSource() ApplicationSource { + if a.SourceHydrator != nil { + targetRevision := a.SourceHydrator.SyncSource.TargetBranch + if a.SourceHydrator.HydrateTo != nil { + targetRevision = a.SourceHydrator.HydrateTo.TargetBranch + } + return ApplicationSource{ + RepoURL: a.SourceHydrator.DrySource.RepoURL, + Path: a.SourceHydrator.SyncSource.Path, + TargetRevision: targetRevision, + } + } + return ApplicationSource{} +} + func (a *ApplicationSpec) GetSources() ApplicationSources { + if a.SourceHydrator != nil { + return ApplicationSources{a.SourceHydrator.GetSyncSource()} + } if a.HasMultipleSources() { return a.Sources } @@ -237,7 +262,7 @@ func (a *ApplicationSpec) GetSources() ApplicationSources { } func (a *ApplicationSpec) HasMultipleSources() bool { - return len(a.Sources) > 0 + return a.SourceHydrator == nil && len(a.Sources) > 0 } func (a *ApplicationSpec) GetSourcePtrByPosition(sourcePosition int) *ApplicationSource { @@ -246,6 +271,10 @@ func (a *ApplicationSpec) GetSourcePtrByPosition(sourcePosition int) *Applicatio } func (a *ApplicationSpec) GetSourcePtrByIndex(sourceIndex int) *ApplicationSource { + if a.SourceHydrator != nil { + source := a.SourceHydrator.GetSyncSource() + return &source + } // if Application has multiple sources, return the first source in sources if a.HasMultipleSources() { if sourceIndex > 0 { @@ -351,6 +380,82 @@ const ( ApplicationSourceTypePlugin ApplicationSourceType = "Plugin" ) +// SourceHydrator specifies a dry "don't repeat yourself" source for manifests, a sync source from which to sync +// hydrated manifests, and an optional hydrateTo location to act as a "staging" aread for hydrated manifests. +type SourceHydrator struct { + // DrySource specifies where the dry "don't repeat yourself" manifest source lives. + DrySource DrySource `json:"drySource" protobuf:"bytes,1,name=drySource"` + // SyncSource specifies where to sync hydrated manifests from. + SyncSource SyncSource `json:"syncSource" protobuf:"bytes,2,name=syncSource"` + // HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then + // have to move manifests to the SyncSource, e.g. by pull request. + HydrateTo *HydrateTo `json:"hydrateTo,omitempty" protobuf:"bytes,3,opt,name=hydrateTo"` +} + +// GetSyncSource gets the source from which we should sync when a source hydrator is configured. +func (s SourceHydrator) GetSyncSource() ApplicationSource { + return ApplicationSource{ + // Pull the RepoURL from the dry source. The SyncSource's RepoURL is assumed to be the same. + RepoURL: s.DrySource.RepoURL, + Path: s.SyncSource.Path, + TargetRevision: s.SyncSource.TargetBranch, + } +} + +// GetDrySource gets the dry source when a source hydrator is configured. +func (s SourceHydrator) GetDrySource() ApplicationSource { + return ApplicationSource{ + RepoURL: s.DrySource.RepoURL, + Path: s.DrySource.Path, + TargetRevision: s.DrySource.TargetRevision, + } +} + +// DeepEquals returns true if the SourceHydrator is deeply equal to the given SourceHydrator. +func (s SourceHydrator) DeepEquals(hydrator SourceHydrator) bool { + return s.DrySource == hydrator.DrySource && s.SyncSource == hydrator.SyncSource && s.HydrateTo.DeepEquals(hydrator.HydrateTo) +} + +// DrySource specifies a location for dry "don't repeat yourself" manifest source information. +type DrySource struct { + // RepoURL is the URL to the git repository that contains the application manifests + RepoURL string `json:"repoURL" protobuf:"bytes,1,name=repoURL"` + // TargetRevision defines the revision of the source to hydrate + TargetRevision string `json:"targetRevision" protobuf:"bytes,2,name=targetRevision"` + // Path is a directory path within the Git repository where the manifests are located + Path string `json:"path" protobuf:"bytes,3,name=path"` +} + +// SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the +// associated DrySource config in the SourceHydrator. +type SyncSource struct { + // TargetBranch is the branch to which hydrated manifests should be committed + TargetBranch string `json:"targetBranch" protobuf:"bytes,1,name=targetBranch"` + // Path is a directory path within the git repository where hydrated manifests should be committed to and synced + // from. If hydrateTo is set, this is just the path from which hydrated manifests will be synced. + Path string `json:"path" protobuf:"bytes,2,name=path"` +} + +// HydrateTo specifies a location to which hydrated manifests should be pushed as a "staging area" before being moved to +// the SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator. +type HydrateTo struct { + // TargetBranch is the branch to which hydrated manifests should be committed + TargetBranch string `json:"targetBranch" protobuf:"bytes,1,name=targetBranch"` +} + +// DeepEquals returns true if the HydrateTo is deeply equal to the given HydrateTo. +func (in *HydrateTo) DeepEquals(to *HydrateTo) bool { + if in == nil { + return to == nil + } + if to == nil { + // We already know in is not nil. + return false + } + // Compare de-referenced structs. + return *in == *to +} + // RefreshType specifies how to refresh the sources of a given application type RefreshType string @@ -401,6 +506,8 @@ type ApplicationSourceHelm struct { APIVersions []string `json:"apiVersions,omitempty" protobuf:"bytes,13,opt,name=apiVersions"` // SkipTests skips test manifest installation step (Helm's --skip-tests). SkipTests bool `json:"skipTests,omitempty" protobuf:"bytes,14,opt,name=skipTests"` + // SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation) + SkipSchemaValidation bool `json:"skipSchemaValidation,omitempty" protobuf:"bytes,15,opt,name=skipSchemaValidation"` } // HelmParameter is a parameter that's passed to helm template during manifest generation @@ -482,7 +589,7 @@ func (in *ApplicationSourceHelm) AddFileParameter(p HelmFileParameter) { // IsZero Returns true if the Helm options in an application source are considered zero func (h *ApplicationSourceHelm) IsZero() bool { - return h == nil || (h.Version == "") && (h.ReleaseName == "") && len(h.ValueFiles) == 0 && len(h.Parameters) == 0 && len(h.FileParameters) == 0 && h.ValuesIsEmpty() && !h.PassCredentials && !h.IgnoreMissingValueFiles && !h.SkipCrds && !h.SkipTests && h.KubeVersion == "" && len(h.APIVersions) == 0 && h.Namespace == "" + return h == nil || (h.Version == "") && (h.ReleaseName == "") && len(h.ValueFiles) == 0 && len(h.Parameters) == 0 && len(h.FileParameters) == 0 && h.ValuesIsEmpty() && !h.PassCredentials && !h.IgnoreMissingValueFiles && !h.SkipCrds && !h.SkipTests && !h.SkipSchemaValidation && h.KubeVersion == "" && len(h.APIVersions) == 0 && h.Namespace == "" } // KustomizeImage represents a Kustomize image definition in the format [old_image_name=]: @@ -902,12 +1009,12 @@ func (p ApplicationSourcePluginParameters) Environ() ([]string, error) { if err != nil { return nil, fmt.Errorf("failed to marshal plugin parameters: %w", err) } - jsonParam := fmt.Sprintf("ARGOCD_APP_PARAMETERS=%s", string(out)) + jsonParam := "ARGOCD_APP_PARAMETERS=" + string(out) env := []string{jsonParam} for _, param := range p { - envBaseName := fmt.Sprintf("PARAM_%s", escaped(param.Name)) + envBaseName := "PARAM_" + escaped(param.Name) if param.String_ != nil { env = append(env, fmt.Sprintf("%s=%s", envBaseName, *param.String_)) } @@ -1003,6 +1110,8 @@ type ApplicationDestination struct { // nolint:govet isServerInferred bool `json:"-"` + // nolint:govet + isNameInferred bool `json:"-"` } // SetIsServerInferred sets the isServerInferred flag. This is used to allow comparison between two destinations where @@ -1047,6 +1156,16 @@ type ApplicationStatus struct { SourceTypes []ApplicationSourceType `json:"sourceTypes,omitempty" protobuf:"bytes,12,opt,name=sourceTypes"` // ControllerNamespace indicates the namespace in which the application controller is located ControllerNamespace string `json:"controllerNamespace,omitempty" protobuf:"bytes,13,opt,name=controllerNamespace"` + // SourceHydrator stores information about the current state of source hydration + SourceHydrator SourceHydratorStatus `json:"sourceHydrator,omitempty" protobuf:"bytes,14,opt,name=sourceHydrator"` +} + +// SourceHydratorStatus contains information about the current state of source hydration +type SourceHydratorStatus struct { + // LastSuccessfulOperation holds info about the most recent successful hydration + LastSuccessfulOperation *SuccessfulHydrateOperation `json:"lastSuccessfulOperation,omitempty" protobuf:"bytes,1,opt,name=lastSuccessfulOperation"` + // CurrentOperation holds the status of the hydrate operation + CurrentOperation *HydrateOperation `json:"currentOperation,omitempty" protobuf:"bytes,2,opt,name=currentOperation"` } func (a *ApplicationStatus) FindResource(key kube.ResourceKey) (*ResourceStatus, bool) { @@ -1059,6 +1178,44 @@ func (a *ApplicationStatus) FindResource(key kube.ResourceKey) (*ResourceStatus, return nil, false } +// HydrateOperation contains information about the most recent hydrate operation +type HydrateOperation struct { + // StartedAt indicates when the hydrate operation started + StartedAt metav1.Time `json:"startedAt,omitempty" protobuf:"bytes,1,opt,name=startedAt"` + // FinishedAt indicates when the hydrate operation finished + FinishedAt *metav1.Time `json:"finishedAt,omitempty" protobuf:"bytes,2,opt,name=finishedAt"` + // Phase indicates the status of the hydrate operation + Phase HydrateOperationPhase `json:"phase" protobuf:"bytes,3,opt,name=phase"` + // Message contains a message describing the current status of the hydrate operation + Message string `json:"message" protobuf:"bytes,4,opt,name=message"` + // DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation + DrySHA string `json:"drySHA,omitempty" protobuf:"bytes,5,opt,name=drySHA"` + // HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation + HydratedSHA string `json:"hydratedSHA,omitempty" protobuf:"bytes,6,opt,name=hydratedSHA"` + // SourceHydrator holds the hydrator config used for the hydrate operation + SourceHydrator SourceHydrator `json:"sourceHydrator,omitempty" protobuf:"bytes,7,opt,name=sourceHydrator"` +} + +// SuccessfulHydrateOperation contains information about the most recent successful hydrate operation +type SuccessfulHydrateOperation struct { + // DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation + DrySHA string `json:"drySHA,omitempty" protobuf:"bytes,5,opt,name=drySHA"` + // HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation + HydratedSHA string `json:"hydratedSHA,omitempty" protobuf:"bytes,6,opt,name=hydratedSHA"` + // SourceHydrator holds the hydrator config used for the hydrate operation + SourceHydrator SourceHydrator `json:"sourceHydrator,omitempty" protobuf:"bytes,7,opt,name=sourceHydrator"` +} + +// HydrateOperationPhase indicates the status of a hydrate operation +// +kubebuilder:validation:Enum=Hydrating;Failed;Hydrated +type HydrateOperationPhase string + +const ( + HydrateOperationPhaseHydrating HydrateOperationPhase = "Hydrating" + HydrateOperationPhaseFailed HydrateOperationPhase = "Failed" + HydrateOperationPhaseHydrated HydrateOperationPhase = "Hydrated" +) + // GetRevisions will return the current revision associated with the Application. // If app has multisources, it will return all corresponding revisions preserving // order from the app.spec.sources. If app has only one source, it will return a @@ -1617,6 +1774,8 @@ type HealthStatus struct { Status health.HealthStatusCode `json:"status,omitempty" protobuf:"bytes,1,opt,name=status"` // Message is a human-readable informational message describing the health status Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"` + // LastTransitionTime is the time the HealthStatus was set or updated + LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"` } // InfoItem contains arbitrary, human readable information about an application @@ -2857,6 +3016,22 @@ func (app *Application) IsRefreshRequested() (RefreshType, bool) { return refreshType, true } +// IsHydrateRequested returns whether hydration has been requested for an application +func (app *Application) IsHydrateRequested() bool { + annotations := app.GetAnnotations() + if annotations == nil { + return false + } + typeStr, ok := annotations[AnnotationKeyHydrate] + if !ok { + return false + } + if typeStr == "normal" { + return true + } + return false +} + func (app *Application) HasPostDeleteFinalizer(stage ...string) bool { return getFinalizerIndex(app.ObjectMeta, strings.Join(append([]string{PostDeleteFinalizerName}, stage...), "/")) > -1 } @@ -3050,6 +3225,17 @@ func (dest ApplicationDestination) Equals(other ApplicationDestination) bool { other.Server = "" other.isServerInferred = false } + + if dest.isNameInferred { + dest.Name = "" + dest.isNameInferred = false + } + + if other.isNameInferred { + other.Name = "" + other.isNameInferred = false + } + return reflect.DeepEqual(dest, other) } @@ -3312,6 +3498,12 @@ func (d *ApplicationDestination) SetInferredServer(server string) { d.Server = server } +// SetInferredName sets the Name field of the destination. See IsNameInferred() for details. +func (d *ApplicationDestination) SetInferredName(name string) { + d.isNameInferred = true + d.Name = name +} + // An ApplicationDestination has an 'inferred server' if the ApplicationDestination // contains a Name, but not a Server URL. In this case it is necessary to retrieve // the Server URL by looking up the cluster name. @@ -3322,6 +3514,10 @@ func (d *ApplicationDestination) IsServerInferred() bool { return d.isServerInferred } +func (d *ApplicationDestination) IsNameInferred() bool { + return d.isNameInferred +} + // MarshalJSON marshals an application destination to JSON format func (d *ApplicationDestination) MarshalJSON() ([]byte, error) { type Alias ApplicationDestination @@ -3330,6 +3526,11 @@ func (d *ApplicationDestination) MarshalJSON() ([]byte, error) { dest = dest.DeepCopy() dest.Server = "" } + if d.isNameInferred { + dest = dest.DeepCopy() + dest.Name = "" + } + return json.Marshal(&struct{ *Alias }{Alias: (*Alias)(dest)}) } diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index 83f7028484395..754ff50beca17 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -6,7 +6,6 @@ import ( "fmt" "os" "path" - "reflect" "testing" "time" @@ -107,12 +106,16 @@ func TestAppProject_IsNegatedSourcePermitted(t *testing.T) { } func TestAppProject_IsDestinationPermitted(t *testing.T) { + t.Parallel() + testData := []struct { + name string projDest []ApplicationDestination appDest ApplicationDestination isPermitted bool }{ { + name: "server an namespace match", projDest: []ApplicationDestination{{ Server: "https://kubernetes.default.svc", Namespace: "default", }}, @@ -120,6 +123,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: true, }, { + name: "namespace does not match", projDest: []ApplicationDestination{{ Server: "https://kubernetes.default.svc", Namespace: "default", }}, @@ -127,6 +131,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: false, }, { + name: "server does not match", projDest: []ApplicationDestination{{ Server: "https://my-cluster", Namespace: "default", }}, @@ -134,6 +139,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: false, }, { + name: "wildcard namespace", projDest: []ApplicationDestination{{ Server: "https://kubernetes.default.svc", Namespace: "*", }}, @@ -141,6 +147,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: true, }, { + name: "wildcard server", projDest: []ApplicationDestination{{ Server: "https://*.default.svc", Namespace: "default", }}, @@ -148,6 +155,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: true, }, { + name: "wildcard server and namespace", projDest: []ApplicationDestination{{ Server: "https://team1-*", Namespace: "default", }}, @@ -155,6 +163,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: false, }, { + name: "wildcard namespace with prefix", projDest: []ApplicationDestination{{ Server: "https://kubernetes.default.svc", Namespace: "test-*", }}, @@ -162,6 +171,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: true, }, { + name: "wildcard namespace without prefix", projDest: []ApplicationDestination{{ Server: "https://kubernetes.default.svc", Namespace: "test-*", }}, @@ -169,6 +179,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: false, }, { + name: "wildcard server and namespace", projDest: []ApplicationDestination{{ Server: "*", Namespace: "*", }}, @@ -176,6 +187,7 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: true, }, { + name: "wildcard server and namespace with name", projDest: []ApplicationDestination{{ Server: "", Namespace: "*", Name: "test", }}, @@ -183,24 +195,51 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { isPermitted: true, }, { + name: "wildcard server and namespace with different name", projDest: []ApplicationDestination{{ Server: "", Namespace: "*", Name: "test2", }}, appDest: ApplicationDestination{Name: "test", Namespace: "test"}, isPermitted: false, }, + /** + - name: host-cluster + namespace: '!{kube-system,argocd}' + server: 'https://kubernetes.default.svc' + - name: destination-cluster-01 + namespace: '*' + server: 'https://eks-cluster-endpoint.ap-southeast-1.eks.amazonaws.com' + + destination: + server: https://eks-cluster-endpoint.ap-southeast-1.eks.amazonaws.com + namespace: karpenter + */ + { + name: "negated namespace with multiple values", + projDest: []ApplicationDestination{ + {Name: "host-cluster", Server: "https://kubernetes.default.svc", Namespace: "!{kube-system,argocd}"}, + {Name: "destination-cluster-01", Server: "https://eks-cluster-endpoint.ap-southeast-1.eks.amazonaws.com", Namespace: "*"}, + }, + appDest: ApplicationDestination{Server: "https://eks-cluster-endpoint.ap-southeast-1.eks.amazonaws.com", Namespace: "kube-system"}, + isPermitted: true, + }, } for _, data := range testData { - proj := AppProject{ - Spec: AppProjectSpec{ - Destinations: data.projDest, - }, - } - permitted, _ := proj.IsDestinationPermitted(data.appDest, func(project string) ([]*Cluster, error) { - return []*Cluster{}, nil + data := data + t.Run(data.name, func(t *testing.T) { + t.Parallel() + + proj := AppProject{ + Spec: AppProjectSpec{ + Destinations: data.projDest, + }, + } + permitted, _ := proj.IsDestinationPermitted(data.appDest, func(project string) ([]*Cluster, error) { + return []*Cluster{}, nil + }) + assert.Equal(t, data.isPermitted, permitted) }) - assert.Equal(t, data.isPermitted, permitted) } } @@ -1090,9 +1129,7 @@ func TestAppProjectSpec_DestinationClusters(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { d := AppProjectSpec{Destinations: tt.destinations} - if got := d.DestinationClusters(); !reflect.DeepEqual(got, tt.want) { - t.Errorf("AppProjectSpec.DestinationClusters() = %v, want %v", got, tt.want) - } + require.Equal(t, tt.want, d.DestinationClusters(), "AppProjectSpec.DestinationClusters()") }) } } @@ -1136,9 +1173,7 @@ func TestRepository_HasCredentials(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := tt.repo.HasCredentials(); got != tt.want { - t.Errorf("Repository.HasCredentials() = %v, want %v", got, tt.want) - } + assert.Equalf(t, tt.want, tt.repo.HasCredentials(), "Repository.HasCredentials()") }) } } @@ -1177,9 +1212,7 @@ func TestRepository_IsInsecure(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := tt.repo.IsInsecure(); got != tt.want { - t.Errorf("Repository.IsInsecure() = %v, want %v", got, tt.want) - } + assert.Equalf(t, tt.want, tt.repo.IsInsecure(), "Repository.IsInsecure()") }) } } @@ -1218,9 +1251,7 @@ func TestRepository_IsLFSEnabled(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := tt.repo.IsLFSEnabled(); got != tt.want { - t.Errorf("Repository.IsLFSEnabled() = %v, want %v", got, tt.want) - } + assert.Equalf(t, tt.want, tt.repo.IsLFSEnabled(), "Repository.IsLFSEnabled()") }) } } @@ -1336,9 +1367,7 @@ func TestSyncStrategy_Force(t *testing.T) { Apply: tt.fields.Apply, Hook: tt.fields.Hook, } - if got := m.Force(); got != tt.want { - t.Errorf("SyncStrategy.Force() = %v, want %v", got, tt.want) - } + assert.Equalf(t, tt.want, m.Force(), "SyncStrategy.Force()") }) } } @@ -1361,9 +1390,7 @@ func TestSyncOperation_IsApplyStrategy(t *testing.T) { o := &SyncOperation{ SyncStrategy: tt.fields.SyncStrategy, } - if got := o.IsApplyStrategy(); got != tt.want { - t.Errorf("SyncOperation.IsApplyStrategy() = %v, want %v", got, tt.want) - } + assert.Equalf(t, tt.want, o.IsApplyStrategy(), "SyncOperation.IsApplyStrategy()") }) } } @@ -1395,12 +1422,8 @@ func TestResourceResults_Find(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { got, got1 := tt.r.Find(tt.args.group, tt.args.kind, tt.args.namespace, tt.args.name, tt.args.phase) - if got != tt.want { - t.Errorf("ResourceResults.Find() got = %v, want %v", got, tt.want) - } - if !reflect.DeepEqual(got1, tt.want1) { - t.Errorf("ResourceResults.Find() got1 = %v, want %v", got1, tt.want1) - } + assert.Equal(t, tt.want, got, "ResourceResults.Find()") + assert.Equal(t, tt.want1, got1, "ResourceResults.Find()") }) } } @@ -1418,9 +1441,7 @@ func TestResourceResults_PruningRequired(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if gotNum := tt.r.PruningRequired(); gotNum != tt.wantNum { - t.Errorf("ResourceResults.PruningRequired() = %v, want %v", gotNum, tt.wantNum) - } + assert.Equalf(t, tt.wantNum, tt.r.PruningRequired(), "ResourceResults.PruningRequired()") }) } } diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index dc80bffd77243..9faf5d3a73b00 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -1352,6 +1352,11 @@ func (in *ApplicationSpec) DeepCopyInto(out *ApplicationSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.SourceHydrator != nil { + in, out := &in.SourceHydrator, &out.SourceHydrator + *out = new(SourceHydrator) + (*in).DeepCopyInto(*out) + } return } @@ -1376,7 +1381,7 @@ func (in *ApplicationStatus) DeepCopyInto(out *ApplicationStatus) { } } in.Sync.DeepCopyInto(&out.Sync) - out.Health = in.Health + in.Health.DeepCopyInto(&out.Health) if in.History != nil { in, out := &in.History, &out.History *out = make(RevisionHistories, len(*in)) @@ -1410,6 +1415,7 @@ func (in *ApplicationStatus) DeepCopyInto(out *ApplicationStatus) { *out = make([]ApplicationSourceType, len(*in)) copy(*out, *in) } + in.SourceHydrator.DeepCopyInto(&out.SourceHydrator) return } @@ -1906,6 +1912,22 @@ func (in *ConnectionState) DeepCopy() *ConnectionState { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DrySource) DeepCopyInto(out *DrySource) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DrySource. +func (in *DrySource) DeepCopy() *DrySource { + if in == nil { + return nil + } + out := new(DrySource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DuckTypeGenerator) DeepCopyInto(out *DuckTypeGenerator) { *out = *in @@ -2134,6 +2156,10 @@ func (in *GnuPGPublicKeyList) DeepCopy() *GnuPGPublicKeyList { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HealthStatus) DeepCopyInto(out *HealthStatus) { *out = *in + if in.LastTransitionTime != nil { + in, out := &in.LastTransitionTime, &out.LastTransitionTime + *out = (*in).DeepCopy() + } return } @@ -2238,6 +2264,44 @@ func (in *HostResourceInfo) DeepCopy() *HostResourceInfo { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HydrateOperation) DeepCopyInto(out *HydrateOperation) { + *out = *in + in.StartedAt.DeepCopyInto(&out.StartedAt) + if in.FinishedAt != nil { + in, out := &in.FinishedAt, &out.FinishedAt + *out = (*in).DeepCopy() + } + in.SourceHydrator.DeepCopyInto(&out.SourceHydrator) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HydrateOperation. +func (in *HydrateOperation) DeepCopy() *HydrateOperation { + if in == nil { + return nil + } + out := new(HydrateOperation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HydrateTo) DeepCopyInto(out *HydrateTo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HydrateTo. +func (in *HydrateTo) DeepCopy() *HydrateTo { + if in == nil { + return nil + } + out := new(HydrateTo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in IgnoreDifferences) DeepCopyInto(out *IgnoreDifferences) { { @@ -3651,7 +3715,7 @@ func (in *ResourceNode) DeepCopyInto(out *ResourceNode) { if in.Health != nil { in, out := &in.Health, &out.Health *out = new(HealthStatus) - **out = **in + (*in).DeepCopyInto(*out) } if in.CreatedAt != nil { in, out := &in.CreatedAt, &out.CreatedAt @@ -3757,7 +3821,7 @@ func (in *ResourceStatus) DeepCopyInto(out *ResourceStatus) { if in.Health != nil { in, out := &in.Health, &out.Health *out = new(HealthStatus) - **out = **in + (*in).DeepCopyInto(*out) } return } @@ -4189,6 +4253,72 @@ func (in *SignatureKey) DeepCopy() *SignatureKey { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SourceHydrator) DeepCopyInto(out *SourceHydrator) { + *out = *in + out.DrySource = in.DrySource + out.SyncSource = in.SyncSource + if in.HydrateTo != nil { + in, out := &in.HydrateTo, &out.HydrateTo + *out = new(HydrateTo) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceHydrator. +func (in *SourceHydrator) DeepCopy() *SourceHydrator { + if in == nil { + return nil + } + out := new(SourceHydrator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SourceHydratorStatus) DeepCopyInto(out *SourceHydratorStatus) { + *out = *in + if in.LastSuccessfulOperation != nil { + in, out := &in.LastSuccessfulOperation, &out.LastSuccessfulOperation + *out = new(SuccessfulHydrateOperation) + (*in).DeepCopyInto(*out) + } + if in.CurrentOperation != nil { + in, out := &in.CurrentOperation, &out.CurrentOperation + *out = new(HydrateOperation) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SourceHydratorStatus. +func (in *SourceHydratorStatus) DeepCopy() *SourceHydratorStatus { + if in == nil { + return nil + } + out := new(SourceHydratorStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SuccessfulHydrateOperation) DeepCopyInto(out *SuccessfulHydrateOperation) { + *out = *in + in.SourceHydrator.DeepCopyInto(&out.SourceHydrator) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SuccessfulHydrateOperation. +func (in *SuccessfulHydrateOperation) DeepCopy() *SuccessfulHydrateOperation { + if in == nil { + return nil + } + out := new(SuccessfulHydrateOperation) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SyncOperation) DeepCopyInto(out *SyncOperation) { *out = *in @@ -4375,6 +4505,22 @@ func (in *SyncPolicyAutomated) DeepCopy() *SyncPolicyAutomated { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SyncSource) DeepCopyInto(out *SyncSource) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyncSource. +func (in *SyncSource) DeepCopy() *SyncSource { + if in == nil { + return nil + } + out := new(SyncSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SyncStatus) DeepCopyInto(out *SyncStatus) { *out = *in diff --git a/pkg/ratelimiter/ratelimiter.go b/pkg/ratelimiter/ratelimiter.go index 53536f7b39a62..b9f0f4a19fe6f 100644 --- a/pkg/ratelimiter/ratelimiter.go +++ b/pkg/ratelimiter/ratelimiter.go @@ -35,10 +35,10 @@ func GetDefaultAppRateLimiterConfig() *AppControllerRateLimiterConfig { // NewCustomAppControllerRateLimiter is a constructor for the rate limiter for a workqueue used by app controller. It has // both overall and per-item rate limiting. The overall is a token bucket and the per-item is exponential(with auto resets) -func NewCustomAppControllerRateLimiter(cfg *AppControllerRateLimiterConfig) workqueue.TypedRateLimiter[string] { - return workqueue.NewTypedMaxOfRateLimiter[string]( - NewItemExponentialRateLimiterWithAutoReset(cfg.BaseDelay, cfg.MaxDelay, cfg.FailureCoolDown, cfg.BackoffFactor), - &workqueue.TypedBucketRateLimiter[string]{Limiter: rate.NewLimiter(rate.Limit(cfg.BucketQPS), int(cfg.BucketSize))}, +func NewCustomAppControllerRateLimiter[T comparable](cfg *AppControllerRateLimiterConfig) workqueue.TypedRateLimiter[T] { + return workqueue.NewTypedMaxOfRateLimiter[T]( + NewItemExponentialRateLimiterWithAutoReset[T](cfg.BaseDelay, cfg.MaxDelay, cfg.FailureCoolDown, cfg.BackoffFactor), + &workqueue.TypedBucketRateLimiter[T]{Limiter: rate.NewLimiter(rate.Limit(cfg.BucketQPS), int(cfg.BucketSize))}, ) } @@ -49,7 +49,7 @@ type failureData struct { // ItemExponentialRateLimiterWithAutoReset does a simple baseDelay*2^ limit // dealing with max failures and expiration/resets are up dependent on the cooldown period -type ItemExponentialRateLimiterWithAutoReset struct { +type ItemExponentialRateLimiterWithAutoReset[T comparable] struct { failuresLock sync.Mutex failures map[interface{}]failureData @@ -59,10 +59,10 @@ type ItemExponentialRateLimiterWithAutoReset struct { backoffFactor float64 } -var _ workqueue.TypedRateLimiter[string] = &ItemExponentialRateLimiterWithAutoReset{} +var _ workqueue.TypedRateLimiter[string] = &ItemExponentialRateLimiterWithAutoReset[string]{} -func NewItemExponentialRateLimiterWithAutoReset(baseDelay, maxDelay, failureCoolDown time.Duration, backoffFactor float64) workqueue.TypedRateLimiter[string] { - return &ItemExponentialRateLimiterWithAutoReset{ +func NewItemExponentialRateLimiterWithAutoReset[T comparable](baseDelay, maxDelay, failureCoolDown time.Duration, backoffFactor float64) workqueue.TypedRateLimiter[T] { + return &ItemExponentialRateLimiterWithAutoReset[T]{ failures: map[interface{}]failureData{}, baseDelay: baseDelay, maxDelay: maxDelay, @@ -71,7 +71,7 @@ func NewItemExponentialRateLimiterWithAutoReset(baseDelay, maxDelay, failureCool } } -func (r *ItemExponentialRateLimiterWithAutoReset) When(item string) time.Duration { +func (r *ItemExponentialRateLimiterWithAutoReset[T]) When(item T) time.Duration { r.failuresLock.Lock() defer r.failuresLock.Unlock() @@ -109,14 +109,14 @@ func (r *ItemExponentialRateLimiterWithAutoReset) When(item string) time.Duratio return calculated } -func (r *ItemExponentialRateLimiterWithAutoReset) NumRequeues(item string) int { +func (r *ItemExponentialRateLimiterWithAutoReset[T]) NumRequeues(item T) int { r.failuresLock.Lock() defer r.failuresLock.Unlock() return r.failures[item].failures } -func (r *ItemExponentialRateLimiterWithAutoReset) Forget(item string) { +func (r *ItemExponentialRateLimiterWithAutoReset[T]) Forget(item T) { r.failuresLock.Lock() defer r.failuresLock.Unlock() diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 1e4083d989769..34adb3bc07fdc 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -2371,6 +2371,9 @@ func (m *UpdateRevisionForPathsRequest) GetInstallationID() string { } type UpdateRevisionForPathsResponse struct { + // Changes indicates whether any changes were detected in the provided paths. If false, it means that the manifest + // cache was updated to the new revision. If true, it means that there are relevant changes in the repo files and + // that new manifests should be generated. Changes bool `protobuf:"varint,1,opt,name=changes,proto3" json:"changes,omitempty"` Revision string `protobuf:"bytes,2,opt,name=revision,proto3" json:"revision,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` diff --git a/reposerver/cache/cache.go b/reposerver/cache/cache.go index cdc16ea4ebb82..1fa9eb1c0fe2d 100644 --- a/reposerver/cache/cache.go +++ b/reposerver/cache/cache.go @@ -162,7 +162,7 @@ func (c *Cache) SetApps(repoUrl, revision string, apps map[string]string) error } func helmIndexRefsKey(repo string) string { - return fmt.Sprintf("helm-index|%s", repo) + return "helm-index|" + repo } // SetHelmIndex stores helm repository index.yaml content to cache @@ -183,7 +183,7 @@ func (c *Cache) GetHelmIndex(repo string, indexData *[]byte) error { } func gitRefsKey(repo string) string { - return fmt.Sprintf("git-refs|%s", repo) + return "git-refs|" + repo } // SetGitReferences saves resolved Git repository references to cache diff --git a/reposerver/cache/cache_test.go b/reposerver/cache/cache_test.go index a42ac0a513239..f8279693c2afb 100644 --- a/reposerver/cache/cache_test.go +++ b/reposerver/cache/cache_test.go @@ -3,7 +3,6 @@ package cache import ( "encoding/json" "errors" - "fmt" "testing" "time" @@ -44,17 +43,17 @@ func TestCache_GetRevisionMetadata(t *testing.T) { mockCache := fixtures.mockCache // cache miss _, err := cache.GetRevisionMetadata("my-repo-url", "my-revision") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) mockCache.RedisClient.AssertCalled(t, "Get", mock.Anything, mock.Anything) // populate cache err = cache.SetRevisionMetadata("my-repo-url", "my-revision", &RevisionMetadata{Message: "my-message"}) require.NoError(t, err) // cache miss _, err = cache.GetRevisionMetadata("other-repo-url", "my-revision") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) // cache miss _, err = cache.GetRevisionMetadata("my-repo-url", "other-revision") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) // cache hit value, err := cache.GetRevisionMetadata("my-repo-url", "my-revision") require.NoError(t, err) @@ -69,16 +68,16 @@ func TestCache_ListApps(t *testing.T) { mockCache := fixtures.mockCache // cache miss _, err := cache.ListApps("my-repo-url", "my-revision") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) // populate cache err = cache.SetApps("my-repo-url", "my-revision", map[string]string{"foo": "bar"}) require.NoError(t, err) // cache miss _, err = cache.ListApps("other-repo-url", "my-revision") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) // cache miss _, err = cache.ListApps("my-repo-url", "other-revision") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) // cache hit value, err := cache.ListApps("my-repo-url", "my-revision") require.NoError(t, err) @@ -95,34 +94,34 @@ func TestCache_GetManifests(t *testing.T) { q := &apiclient.ManifestRequest{} value := &CachedManifestResponse{} err := cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) // populate cache res := &CachedManifestResponse{ManifestResponse: &apiclient.ManifestResponse{SourceType: "my-source-type"}} err = cache.SetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", res, nil, "") require.NoError(t, err) t.Run("expect cache miss because of changed revision", func(t *testing.T) { err = cache.GetManifests("other-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) }) t.Run("expect cache miss because of changed path", func(t *testing.T) { err = cache.GetManifests("my-revision", &ApplicationSource{Path: "other-path"}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) }) t.Run("expect cache miss because of changed namespace", func(t *testing.T) { err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "other-namespace", "", "my-app-label-key", "my-app-label-value", value, nil, "") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) }) t.Run("expect cache miss because of changed app label key", func(t *testing.T) { err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "other-app-label-key", "my-app-label-value", value, nil, "") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) }) t.Run("expect cache miss because of changed app label value", func(t *testing.T) { err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "other-app-label-value", value, nil, "") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) }) t.Run("expect cache miss because of changed referenced source", func(t *testing.T) { err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "other-app-label-value", value, map[string]string{"my-referenced-source": "my-referenced-revision"}, "") - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) }) t.Run("expect cache hit", func(t *testing.T) { err = cache.SetManifests( @@ -148,16 +147,16 @@ func TestCache_GetAppDetails(t *testing.T) { value := &apiclient.RepoAppDetailsResponse{} emptyRefSources := map[string]*RefTarget{} err := cache.GetAppDetails("my-revision", &ApplicationSource{}, emptyRefSources, value, "", nil) - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) res := &apiclient.RepoAppDetailsResponse{Type: "my-type"} err = cache.SetAppDetails("my-revision", &ApplicationSource{}, emptyRefSources, res, "", nil) require.NoError(t, err) // cache miss err = cache.GetAppDetails("other-revision", &ApplicationSource{}, emptyRefSources, value, "", nil) - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) // cache miss err = cache.GetAppDetails("my-revision", &ApplicationSource{Path: "other-path"}, emptyRefSources, value, "", nil) - assert.Equal(t, ErrCacheMiss, err) + require.ErrorIs(t, err, ErrCacheMiss) // cache hit err = cache.GetAppDetails("my-revision", &ApplicationSource{}, emptyRefSources, value, "", nil) require.NoError(t, err) @@ -200,9 +199,7 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { } q := &apiclient.ManifestRequest{} err := repoCache.SetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, store, nil, "") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) // Get the cache entry of the set value directly from the in memory cache, and check the values var cacheKey string @@ -221,18 +218,14 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { assert.Equal(t, cmr.ManifestResponse, store.ManifestResponse) regeneratedHash, err := cmr.generateCacheEntryHash() - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) assert.Equal(t, cmr.CacheEntryHash, regeneratedHash) } // Retrieve the value using 'GetManifests' and confirm it works retrievedVal := &CachedManifestResponse{} err = repoCache.GetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, retrievedVal, nil, "") - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) assert.Equal(t, retrievedVal, store) // Corrupt the hash so that it doesn't match @@ -244,9 +237,7 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { Key: cacheKey, Object: &newCmr, }) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) } // Retrieve the value using GetManifests and confirm it returns a cache miss @@ -263,16 +254,12 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { func getInMemoryCacheContents(t *testing.T, inMemCache *cacheutil.InMemoryCache) map[string]*CachedManifestResponse { t.Helper() items, err := inMemCache.Items(func() interface{} { return &CachedManifestResponse{} }) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) result := map[string]*CachedManifestResponse{} for key, val := range items { obj, ok := val.(*CachedManifestResponse) - if !ok { - t.Fatal(errors.New("Unexpected type in cache")) - } + require.True(t, ok, "Unexpected type in cache") result[key] = obj } @@ -431,7 +418,7 @@ func TestTryLockGitRefCache_OwnershipFlows(t *testing.T) { fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 1}) require.NoError(t, err) var output [][2]string - key := fmt.Sprintf("git-refs|%s", "my-repo-url") + key := "git-refs|" + "my-repo-url" err = utilCache.GetItem(key, &output) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 2}) require.NoError(t, err) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index cf3a22e0a8bbe..5efc3876d5475 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -1138,6 +1138,9 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie if appHelm.ReleaseName != "" { templateOpts.Name = appHelm.ReleaseName } + if appHelm.Namespace != "" { + templateOpts.Namespace = appHelm.Namespace + } resolvedValueFiles, err := getResolvedValueFiles(appPath, repoRoot, env, q.GetValuesFileSchemes(), appHelm.ValueFiles, q.RefSources, gitRepoPaths, appHelm.IgnoreMissingValueFiles) if err != nil { @@ -1191,6 +1194,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie } passCredentials = appHelm.PassCredentials templateOpts.SkipCrds = appHelm.SkipCrds + templateOpts.SkipSchemaValidation = appHelm.SkipSchemaValidation templateOpts.SkipTests = appHelm.SkipTests } if templateOpts.Name == "" { @@ -2242,10 +2246,10 @@ func populatePluginAppDetails(ctx context.Context, res *apiclient.RepoAppDetails res.Plugin = &apiclient.PluginAppSpec{} envVars := []string{ - fmt.Sprintf("ARGOCD_APP_NAME=%s", q.AppName), - fmt.Sprintf("ARGOCD_APP_SOURCE_REPO_URL=%s", q.Repo.Repo), - fmt.Sprintf("ARGOCD_APP_SOURCE_PATH=%s", q.Source.Path), - fmt.Sprintf("ARGOCD_APP_SOURCE_TARGET_REVISION=%s", q.Source.TargetRevision), + "ARGOCD_APP_NAME=" + q.AppName, + "ARGOCD_APP_SOURCE_REPO_URL=" + q.Repo.Repo, + "ARGOCD_APP_SOURCE_PATH=" + q.Source.Path, + "ARGOCD_APP_SOURCE_TARGET_REVISION=" + q.Source.TargetRevision, } env, err := getPluginParamEnvs(envVars, q.Source.Plugin) @@ -2347,7 +2351,7 @@ func (s *Service) GetRevisionMetadata(ctx context.Context, q *apiclient.RepoServ if cs != "" { vr := gpg.ParseGitCommitVerification(cs) if vr.Result == gpg.VerifyResultUnknown { - signatureInfo = fmt.Sprintf("UNKNOWN signature: %s", vr.Message) + signatureInfo = "UNKNOWN signature: " + vr.Message } else { signatureInfo = fmt.Sprintf("%s signature from %s key %s", vr.Result, vr.Cipher, gpg.KeyID(vr.KeyID)) } @@ -2528,7 +2532,7 @@ func checkoutRevision(gitClient git.Client, revision string, submoduleEnabled bo } } - err = gitClient.Checkout(revision, submoduleEnabled) + _, err = gitClient.Checkout(revision, submoduleEnabled) if err != nil { // When fetching with no revision, only refs/heads/* and refs/remotes/origin/* are fetched. If checkout fails // for the given revision, try explicitly fetching it. @@ -2540,7 +2544,7 @@ func checkoutRevision(gitClient git.Client, revision string, submoduleEnabled bo return status.Errorf(codes.Internal, "Failed to checkout revision %s: %v", revision, err) } - err = gitClient.Checkout("FETCH_HEAD", submoduleEnabled) + _, err = gitClient.Checkout("FETCH_HEAD", submoduleEnabled) if err != nil { return status.Errorf(codes.Internal, "Failed to checkout FETCH_HEAD: %v", err) } diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index 2f45007d0e884..784ef0cafa12b 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -289,6 +289,9 @@ message UpdateRevisionForPathsRequest { } message UpdateRevisionForPathsResponse { + // Changes indicates whether any changes were detected in the provided paths. If false, it means that the manifest + // cache was updated to the new revision. If true, it means that there are relevant changes in the repo files and + // that new manifests should be generated. bool changes = 1; string revision = 2; } diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 57256dce7468e..e15fc11903e78 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -109,7 +109,7 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", mock.Anything).Return(mock.Anything, nil) gitClient.On("CommitSHA").Return(mock.Anything, nil) gitClient.On("Root").Return(root) @@ -188,7 +188,7 @@ func newServiceWithCommitSHA(t *testing.T, root, revision string) *Service { gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", revision).Return(revision, revisionErr) gitClient.On("CommitSHA").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("Root").Return(root) @@ -363,8 +363,8 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { func TestGenerateManifest_RefOnlyShortCircuit(t *testing.T) { lsremoteCalled := false dir := t.TempDir() - repopath := fmt.Sprintf("%s/tmprepo", dir) - repoRemote := fmt.Sprintf("file://%s", repopath) + repopath := dir + "/tmprepo" + repoRemote := "file://" + repopath cacheMocks := newCacheMocks() t.Cleanup(cacheMocks.mockCache.StopRedisCallback) service := NewService(metrics.NewMetricsServer(), cacheMocks.cache, RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, repopath) @@ -411,14 +411,14 @@ func TestGenerateManifest_RefOnlyShortCircuit(t *testing.T) { }) assert.True(t, lsremoteCalled, "ls-remote should be called when the source is ref only") var revisions [][2]string - require.NoError(t, cacheMocks.cacheutilCache.GetItem(fmt.Sprintf("git-refs|%s", repoRemote), &revisions)) + require.NoError(t, cacheMocks.cacheutilCache.GetItem("git-refs|"+repoRemote, &revisions)) assert.ElementsMatch(t, [][2]string{{"refs/heads/main", revision}, {"HEAD", "ref: refs/heads/main"}}, revisions) } // Test that calling manifest generation on source helm reference helm files that when the revision is cached it does not call ls-remote func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { dir := t.TempDir() - repopath := fmt.Sprintf("%s/tmprepo", dir) + repopath := dir + "/tmprepo" cacheMocks := newCacheMocks() t.Cleanup(func() { cacheMocks.mockCache.StopRedisCallback() @@ -429,9 +429,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { } return err }) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) }) service := NewService(metrics.NewMetricsServer(), cacheMocks.cache, RepoServerInitConstants{ParallelismLimit: 1}, argo.NewResourceTracking(), &git.NoopCredsStore{}, repopath) var gitClient git.Client @@ -448,7 +446,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { gitClient, err = git.NewClientExt(rawRepoURL, root, creds, insecure, enableLfs, proxy, noProxy, opts...) return gitClient, err } - repoRemote := fmt.Sprintf("file://%s", repopath) + repoRemote := "file://" + repopath revision := initGitRepo(t, newGitRepoOptions{ path: repopath, createPath: true, @@ -474,7 +472,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { ProjectSourceRepos: []string{"*"}, RefSources: map[string]*argoappv1.RefTarget{"$ref": {TargetRevision: "HEAD", Repo: *repo}}, } - err = cacheMocks.cacheutilCache.SetItem(fmt.Sprintf("git-refs|%s", repoRemote), [][2]string{{"HEAD", revision}}, nil) + err = cacheMocks.cacheutilCache.SetItem("git-refs|"+repoRemote, [][2]string{{"HEAD", revision}}, nil) require.NoError(t, err) _, err = service.GenerateManifest(context.Background(), &q) require.NoError(t, err) @@ -1144,7 +1142,7 @@ func TestHelmWithMissingValueFiles(t *testing.T) { // Should fail since we're passing a non-existent values file, and error should indicate that _, err := service.GenerateManifest(context.Background(), req) - require.ErrorContains(t, err, fmt.Sprintf("%s: no such file or directory", missingValuesFile)) + require.ErrorContains(t, err, missingValuesFile+": no such file or directory") // Should template without error even if defining a non-existent values file req.ApplicationSource.Helm.IgnoreMissingValueFiles = true @@ -1587,6 +1585,7 @@ func TestListApps(t *testing.T) { "helm-with-dependencies-alias": "Helm", "helm-with-local-dependency": "Helm", "simple-chart": "Helm", + "broken-schema-verification": "Helm", } assert.Equal(t, expectedApps, res.Apps) } @@ -2196,15 +2195,10 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { t.Run(tt.name, func(t *testing.T) { manifestResponse, err := tt.service.GenerateManifest(tt.ctx, tt.manifestRequest) if !tt.wantError { - if err == nil { - assert.Equal(t, manifestResponse.Revision, actualCommitSHA) - } else { - t.Errorf("unexpected error") - } + require.NoError(t, err) + assert.Equal(t, manifestResponse.Revision, actualCommitSHA) } else { - if err == nil { - t.Errorf("expected an error but did not throw one") - } + assert.Errorf(t, err, "expected an error but did not throw one") } }) } @@ -2239,13 +2233,8 @@ func TestGenerateManifestWithAnnotatedTagsAndMultiSourceApp(t *testing.T) { } response, err := service.GenerateManifest(context.Background(), manifestRequest) - if err != nil { - t.Errorf("unexpected %s", err) - } - - if response.Revision != annotatedGitTaghash { - t.Errorf("returned SHA %s is different from expected annotated tag %s", response.Revision, annotatedGitTaghash) - } + require.NoError(t, err) + assert.Equalf(t, response.Revision, annotatedGitTaghash, "returned SHA %s is different from expected annotated tag %s", response.Revision, annotatedGitTaghash) } func TestGenerateMultiSourceHelmWithFileParameter(t *testing.T) { @@ -3070,7 +3059,7 @@ func TestCheckoutRevisionPresentSkipFetch(t *testing.T) { gitClient := &gitmocks.Client{} gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", revision).Return(true) - gitClient.On("Checkout", revision, mock.Anything).Return(nil) + gitClient.On("Checkout", revision, mock.Anything).Return("", nil) err := checkoutRevision(gitClient, revision, false) require.NoError(t, err) @@ -3083,7 +3072,7 @@ func TestCheckoutRevisionNotPresentCallFetch(t *testing.T) { gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", revision).Return(false) gitClient.On("Fetch", "").Return(nil) - gitClient.On("Checkout", revision, mock.Anything).Return(nil) + gitClient.On("Checkout", revision, mock.Anything).Return("", nil) err := checkoutRevision(gitClient, revision, false) require.NoError(t, err) @@ -3409,7 +3398,7 @@ func TestErrorGetGitDirectories(t *testing.T) { }, want: nil, wantErr: assert.Error}, {name: "InvalidResolveRevision", fields: fields{service: func() *Service { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) @@ -3426,7 +3415,7 @@ func TestErrorGetGitDirectories(t *testing.T) { }, want: nil, wantErr: assert.Error}, {name: "ErrorVerifyCommit", fields: fields{service: func() *Service { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) gitClient.On("VerifyCommitSignature", mock.Anything).Return("", fmt.Errorf("revision %s is not signed", "sadfsadf")) gitClient.On("Root").Return(root) @@ -3463,7 +3452,7 @@ func TestGetGitDirectories(t *testing.T) { gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return("", nil) gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(root, nil) @@ -3496,7 +3485,7 @@ func TestGetGitDirectoriesWithHiddenDirSupported(t *testing.T) { gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return("", nil) gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(root, nil) @@ -3551,7 +3540,7 @@ func TestErrorGetGitFiles(t *testing.T) { }, want: nil, wantErr: assert.Error}, {name: "InvalidResolveRevision", fields: fields{service: func() *Service { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) @@ -3590,7 +3579,7 @@ func TestGetGitFiles(t *testing.T) { gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return("", nil) gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("Root").Return(root) gitClient.On("LsFiles", mock.Anything, mock.Anything).Once().Return(files, nil) @@ -3654,7 +3643,7 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) { }, want: nil, wantErr: assert.Error}, {name: "InvalidResolveRevision", fields: fields{service: func() *Service { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) @@ -3672,7 +3661,7 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) { }, want: nil, wantErr: assert.Error}, {name: "InvalidResolveSyncedRevision", fields: fields{service: func() *Service { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) gitClient.On("Root").Return(root) @@ -3725,7 +3714,7 @@ func TestUpdateRevisionForPaths(t *testing.T) { }{ {name: "NoPathAbort", fields: func() fields { s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) }, ".") return fields{ service: s, @@ -3740,7 +3729,7 @@ func TestUpdateRevisionForPaths(t *testing.T) { }, want: &apiclient.UpdateRevisionForPathsResponse{}, wantErr: assert.NoError}, {name: "SameResolvedRevisionAbort", fields: func() fields { s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) paths.On("GetPath", mock.Anything).Return(".", nil) @@ -3766,7 +3755,7 @@ func TestUpdateRevisionForPaths(t *testing.T) { gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("1e67a504d03def3a6a1125d934cb511680f72555", nil) paths.On("GetPath", mock.Anything).Return(".", nil) @@ -3795,7 +3784,7 @@ func TestUpdateRevisionForPaths(t *testing.T) { gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("1e67a504d03def3a6a1125d934cb511680f72555", nil) paths.On("GetPath", mock.Anything).Return(".", nil) @@ -3833,7 +3822,7 @@ func TestUpdateRevisionForPaths(t *testing.T) { gitClient.On("Init").Return(nil) gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("1e67a504d03def3a6a1125d934cb511680f72555", nil) paths.On("GetPath", mock.Anything).Return(".", nil) @@ -3924,7 +3913,7 @@ func TestGetRefs_CacheWithLockDisabled(t *testing.T) { wg.Add(1) go func() { defer wg.Done() - client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) + client, err := git.NewClient("file://"+dir, git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() require.NoError(t, err) @@ -3951,7 +3940,7 @@ func TestGetRefs_CacheDisabled(t *testing.T) { }) cacheMocks := newCacheMocks() t.Cleanup(cacheMocks.mockCache.StopRedisCallback) - client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, false)) + client, err := git.NewClient("file://"+dir, git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, false)) require.NoError(t, err) refs, err := client.LsRefs() require.NoError(t, err) @@ -3980,7 +3969,7 @@ func TestGetRefs_CacheWithLock(t *testing.T) { wg.Add(1) go func() { defer wg.Done() - client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) + client, err := git.NewClient("file://"+dir, git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() require.NoError(t, err) @@ -4008,7 +3997,7 @@ func TestGetRefs_CacheUnlockedOnUpdateFailed(t *testing.T) { }) cacheMocks := newCacheMocks() t.Cleanup(cacheMocks.mockCache.StopRedisCallback) - repoUrl := fmt.Sprintf("file://%s", dir) + repoUrl := "file://" + dir client, err := git.NewClient(repoUrl, git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() @@ -4037,7 +4026,7 @@ func TestGetRefs_CacheLockTryLockGitRefCacheError(t *testing.T) { }) cacheMocks := newCacheMocks() t.Cleanup(cacheMocks.mockCache.StopRedisCallback) - repoUrl := fmt.Sprintf("file://%s", dir) + repoUrl := "file://" + dir // buf := bytes.Buffer{} // log.SetOutput(&buf) client, err := git.NewClient(repoUrl, git.NopCreds{}, true, false, "", "", git.WithCache(cacheMocks.cache, true)) @@ -4053,7 +4042,7 @@ func TestGetRevisionChartDetails(t *testing.T) { service := newService(t, root) _, err := service.GetRevisionChartDetails(context.Background(), &apiclient.RepoServerRevisionChartDetailsRequest{ Repo: &v1alpha1.Repository{ - Repo: fmt.Sprintf("file://%s", root), + Repo: "file://" + root, Name: "test-repo-name", Type: "helm", }, @@ -4066,7 +4055,7 @@ func TestGetRevisionChartDetails(t *testing.T) { t.Run("Test GetRevisionChartDetails", func(t *testing.T) { root := t.TempDir() service := newService(t, root) - repoUrl := fmt.Sprintf("file://%s", root) + repoUrl := "file://" + root err := service.cache.SetRevisionChartDetails(repoUrl, "my-chart", "1.1.0", &argoappv1.ChartDetails{ Description: "test-description", Home: "test-home", @@ -4075,7 +4064,7 @@ func TestGetRevisionChartDetails(t *testing.T) { require.NoError(t, err) chartDetails, err := service.GetRevisionChartDetails(context.Background(), &apiclient.RepoServerRevisionChartDetailsRequest{ Repo: &v1alpha1.Repository{ - Repo: fmt.Sprintf("file://%s", root), + Repo: "file://" + root, Name: "test-repo-name", Type: "helm", }, @@ -4099,7 +4088,6 @@ func TestVerifyCommitSignature(t *testing.T) { mockGitClient := &gitmocks.Client{} mockGitClient.On("VerifyCommitSignature", mock.Anything, mock.Anything, mock.Anything, mock.Anything). Return(testSignature, nil) - err := verifyCommitSignature(true, mockGitClient, "abcd1234", repo) require.NoError(t, err) }) @@ -4109,10 +4097,8 @@ func TestVerifyCommitSignature(t *testing.T) { mockGitClient := &gitmocks.Client{} mockGitClient.On("VerifyCommitSignature", mock.Anything, mock.Anything, mock.Anything, mock.Anything). Return("", nil) - err := verifyCommitSignature(true, mockGitClient, "abcd1234", repo) - require.Error(t, err) - assert.Equal(t, "revision abcd1234 is not signed", err.Error()) + assert.EqualError(t, err, "revision abcd1234 is not signed") }) t.Run("VerifyCommitSignature with unknown signature", func(t *testing.T) { @@ -4120,10 +4106,8 @@ func TestVerifyCommitSignature(t *testing.T) { mockGitClient := &gitmocks.Client{} mockGitClient.On("VerifyCommitSignature", mock.Anything, mock.Anything, mock.Anything, mock.Anything). Return("", fmt.Errorf("UNKNOWN signature: gpg: Unknown signature from ABCDEFGH")) - err := verifyCommitSignature(true, mockGitClient, "abcd1234", repo) - require.Error(t, err) - assert.Equal(t, "UNKNOWN signature: gpg: Unknown signature from ABCDEFGH", err.Error()) + assert.EqualError(t, err, "UNKNOWN signature: gpg: Unknown signature from ABCDEFGH") }) t.Run("VerifyCommitSignature with error verifying signature", func(t *testing.T) { @@ -4131,10 +4115,8 @@ func TestVerifyCommitSignature(t *testing.T) { mockGitClient := &gitmocks.Client{} mockGitClient.On("VerifyCommitSignature", mock.Anything, mock.Anything, mock.Anything, mock.Anything). Return("", fmt.Errorf("error verifying signature of commit 'abcd1234' in repo 'https://github.com/example/repo.git': failed to verify signature")) - err := verifyCommitSignature(true, mockGitClient, "abcd1234", repo) - require.Error(t, err) - assert.Equal(t, "error verifying signature of commit 'abcd1234' in repo 'https://github.com/example/repo.git': failed to verify signature", err.Error()) + assert.EqualError(t, err, "error verifying signature of commit 'abcd1234' in repo 'https://github.com/example/repo.git': failed to verify signature") }) t.Run("VerifyCommitSignature with signature verification disabled", func(t *testing.T) { @@ -4178,8 +4160,9 @@ func Test_GenerateManifests_Commands(t *testing.T) { Value: "false", }, }, - PassCredentials: true, - SkipCrds: true, + PassCredentials: true, + SkipCrds: true, + SkipSchemaValidation: false, ValueFiles: []string{ "my-chart-values.yaml", }, @@ -4325,3 +4308,43 @@ images: }, res.Commands) }) } + +func Test_SkipSchemaValidation(t *testing.T) { + t.Run("helm", func(t *testing.T) { + service := newService(t, "testdata/broken-schema-verification") + + q := apiclient.ManifestRequest{ + AppName: "test-app", + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{ + Path: ".", + Helm: &argoappv1.ApplicationSourceHelm{ + SkipSchemaValidation: true, + }, + }, + } + + res, err := service.GenerateManifest(context.Background(), &q) + + require.NoError(t, err) + assert.Equal(t, []string{"helm template . --name-template test-app --include-crds --skip-schema-validation"}, res.Commands) + }) + t.Run("helm", func(t *testing.T) { + service := newService(t, "testdata/broken-schema-verification") + + q := apiclient.ManifestRequest{ + AppName: "test-app", + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{ + Path: ".", + Helm: &argoappv1.ApplicationSourceHelm{ + SkipSchemaValidation: false, + }, + }, + } + + _, err := service.GenerateManifest(context.Background(), &q) + + require.ErrorContains(t, err, "values don't meet the specifications of the schema(s)") + }) +} diff --git a/reposerver/repository/testdata/broken-schema-verification/Chart.yaml b/reposerver/repository/testdata/broken-schema-verification/Chart.yaml new file mode 100644 index 0000000000000..27808fc463690 --- /dev/null +++ b/reposerver/repository/testdata/broken-schema-verification/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: broken-schema-verification +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/reposerver/repository/testdata/broken-schema-verification/templates/configmap.yaml b/reposerver/repository/testdata/broken-schema-verification/templates/configmap.yaml new file mode 100644 index 0000000000000..b3763e3f0752e --- /dev/null +++ b/reposerver/repository/testdata/broken-schema-verification/templates/configmap.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.name }} +data: {} \ No newline at end of file diff --git a/reposerver/repository/testdata/broken-schema-verification/values.schema.json b/reposerver/repository/testdata/broken-schema-verification/values.schema.json new file mode 100644 index 0000000000000..68277097d7ca9 --- /dev/null +++ b/reposerver/repository/testdata/broken-schema-verification/values.schema.json @@ -0,0 +1,18 @@ +{ + "$defs": { + "myType": { + "$ref": "http://doesnotexist.example.com/", + "title": "myType", + "type": "object" + } + }, + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "$ref": "#/$defs/myType" + } + } +} \ No newline at end of file diff --git a/reposerver/repository/testdata/broken-schema-verification/values.yaml b/reposerver/repository/testdata/broken-schema-verification/values.yaml new file mode 100644 index 0000000000000..e0320b52f196d --- /dev/null +++ b/reposerver/repository/testdata/broken-schema-verification/values.yaml @@ -0,0 +1 @@ +name: test-configmap \ No newline at end of file diff --git a/reposerver/server.go b/reposerver/server.go index 5d280329deed3..56ed69b99b06a 100644 --- a/reposerver/server.go +++ b/reposerver/server.go @@ -55,8 +55,8 @@ func NewServer(metricsServer *metrics.MetricsServer, cache *reposervercache.Cach // repository server. if tlsConfCustomizer != nil { var err error - certPath := fmt.Sprintf("%s/reposerver/tls/tls.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)) - keyPath := fmt.Sprintf("%s/reposerver/tls/tls.key", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)) + certPath := env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath) + "/reposerver/tls/tls.crt" + keyPath := env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath) + "/reposerver/tls/tls.key" tlsConfig, err = tlsutil.CreateServerTLSConfig(certPath, keyPath, tlsHostList) if err != nil { return nil, fmt.Errorf("error creating server TLS config: %w", err) diff --git a/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/health.lua b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/health.lua new file mode 100644 index 0000000000000..9cc7edc368b33 --- /dev/null +++ b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/health.lua @@ -0,0 +1,31 @@ +function getStatus(obj) + local hs = {} + hs.status = "Progressing" + hs.message = "Initializing cluster resource set" + + if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + + -- Ready + if condition.type == "ResourcesApplied" and condition.status == "True" then + hs.status = "Healthy" + hs.message = "cluster resource set is applied" + return hs + end + + -- Resources Applied + if condition.type == "ResourcesApplied" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + + end + end + end + return hs +end + +local hs = getStatus(obj) +return hs \ No newline at end of file diff --git a/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/health_test.yaml b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/health_test.yaml new file mode 100644 index 0000000000000..373d143f9bc26 --- /dev/null +++ b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/health_test.yaml @@ -0,0 +1,13 @@ +tests: +- healthStatus: + status: Progressing + message: 'Initializing cluster resource set' + inputPath: testdata/progressing_resourceapplied.yaml +- healthStatus: + status: Degraded + message: 'Failed to apply resources' + inputPath: testdata/degraded_resourceapplied.yaml +- healthStatus: + status: Healthy + message: 'cluster resource set is applied' + inputPath: testdata/healthy_resourceapplied.yaml \ No newline at end of file diff --git a/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/degraded_resourceapplied.yaml b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/degraded_resourceapplied.yaml new file mode 100644 index 0000000000000..ec27b67ed4be5 --- /dev/null +++ b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/degraded_resourceapplied.yaml @@ -0,0 +1,27 @@ +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + finalizers: + - addons.cluster.x-k8s.io + generation: 1 + labels: + app.argocd.io/instance: clustername + name: clustername-resource-set + namespace: capi-managed-cluster +spec: + clusterSelector: + matchLabels: + clusterName: clustername + resources: + - kind: ConfigMap + name: clustername-default-rbac + strategy: ApplyOnce +status: + conditions: + - lastTransitionTime: '2024-11-11T03:28:48Z' + message: "Failed to apply resources" + reason: RemoteClusterClientFailed + severity: Error + status: 'False' + type: ResourcesApplied + observedGeneration: 1 diff --git a/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/healthy_resourceapplied.yaml b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/healthy_resourceapplied.yaml new file mode 100644 index 0000000000000..4aaf8c7b36104 --- /dev/null +++ b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/healthy_resourceapplied.yaml @@ -0,0 +1,24 @@ +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + finalizers: + - addons.cluster.x-k8s.io + generation: 2 + labels: + app.argocd.io/instance: clustername + name: clustername-resource-set + namespace: capi-managed-cluster +spec: + clusterSelector: + matchLabels: + clusterName: clustername + resources: + - kind: ConfigMap + name: clustername-default-rbac + strategy: ApplyOnce +status: + conditions: + - lastTransitionTime: '2024-11-08T08:49:13Z' + status: 'True' + type: ResourcesApplied + observedGeneration: 2 diff --git a/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/progressing_resourceapplied.yaml b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/progressing_resourceapplied.yaml new file mode 100644 index 0000000000000..f6e499abbc8a6 --- /dev/null +++ b/resource_customizations/addons.cluster.x-k8s.io/ClusterResourceSet/testdata/progressing_resourceapplied.yaml @@ -0,0 +1,18 @@ +apiVersion: addons.cluster.x-k8s.io/v1beta1 +kind: ClusterResourceSet +metadata: + finalizers: + - addons.cluster.x-k8s.io + generation: 2 + labels: + app.argocd.io/instance: clustername + name: clustername-resource-set + namespace: capi-managed-cluster +spec: + clusterSelector: + matchLabels: + clusterName: clustername + resources: + - kind: ConfigMap + name: clustername-default-rbac + strategy: ApplyOnce diff --git a/resource_customizations/argoproj.io/Rollout/actions/action_test.yaml b/resource_customizations/argoproj.io/Rollout/actions/action_test.yaml index f3c3057dc88be..194794efec449 100644 --- a/resource_customizations/argoproj.io/Rollout/actions/action_test.yaml +++ b/resource_customizations/argoproj.io/Rollout/actions/action_test.yaml @@ -5,6 +5,7 @@ discoveryTests: disabled: false - name: restart disabled: false + displayName: Restart Pods - name: abort disabled: false - name: retry @@ -15,6 +16,7 @@ discoveryTests: result: - name: restart disabled: false + displayName: Restart Pods - name: resume disabled: true - name: abort @@ -27,6 +29,7 @@ discoveryTests: result: - name: restart disabled: false + displayName: Restart Pods - name: resume disabled: true - name: abort @@ -39,6 +42,7 @@ discoveryTests: result: - name: restart disabled: false + displayName: Restart Pods - name: resume disabled: false - name: abort @@ -51,6 +55,7 @@ discoveryTests: result: - name: restart disabled: false + displayName: Restart Pods - name: resume disabled: true - name: abort @@ -63,6 +68,7 @@ discoveryTests: result: - name: restart disabled: false + displayName: Restart Pods - name: resume disabled: true - name: abort @@ -75,6 +81,7 @@ discoveryTests: result: - name: restart disabled: false + displayName: Restart Pods - name: resume disabled: true - name: abort @@ -87,6 +94,7 @@ discoveryTests: result: - name: restart disabled: false + displayName: Restart Pods - name: resume disabled: true - name: abort @@ -99,6 +107,7 @@ discoveryTests: result: - name: restart disabled: false + displayName: Restart Pods - name: resume disabled: true - name: abort diff --git a/resource_customizations/argoproj.io/Rollout/actions/discovery.lua b/resource_customizations/argoproj.io/Rollout/actions/discovery.lua index 86a5307e0023b..966034d369b37 100644 --- a/resource_customizations/argoproj.io/Rollout/actions/discovery.lua +++ b/resource_customizations/argoproj.io/Rollout/actions/discovery.lua @@ -1,5 +1,8 @@ local actions = {} -actions["restart"] = {["disabled"] = false} +actions["restart"] = { + ["disabled"] = false, + ["displayName"] = "Restart Pods" +} local paused = false if obj.status ~= nil and obj.status.pauseConditions ~= nil then diff --git a/resource_customizations/platform.confluent.io/Connector/health.lua b/resource_customizations/platform.confluent.io/Connector/health.lua new file mode 100644 index 0000000000000..a800a33179d30 --- /dev/null +++ b/resource_customizations/platform.confluent.io/Connector/health.lua @@ -0,0 +1,25 @@ +hs = {} +if obj.status ~= nil and obj.status.state ~= nil then + if obj.status.state == "CREATED" and obj.status.connectorState == "RUNNING" and obj.status.failedTasksCount == nil then + hs.status = "Healthy" + hs.message = "Connector running" + return hs + end + if obj.status.state == "ERROR" then + hs.status = "Degraded" + if obj.status.conditions and #obj.status.conditions > 0 then + hs.message = obj.status.conditions[1].message -- Kafka Connector only has one condition and nests the issues in the error message here + else + hs.message = "No conditions available" + end + return hs + end + if obj.status.failedTasksCount ~= nil and obj.status.failedTasksCount > 0 then + hs.status = "Degraded" + hs.message = "Connector has failed tasks" + return hs + end +end +hs.status = "Progressing" +hs.message = "Waiting for Kafka Connector" +return hs \ No newline at end of file diff --git a/resource_customizations/platform.confluent.io/Connector/health_test.yaml b/resource_customizations/platform.confluent.io/Connector/health_test.yaml new file mode 100644 index 0000000000000..c449ba98195e1 --- /dev/null +++ b/resource_customizations/platform.confluent.io/Connector/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Healthy + message: 'Connector running' + inputPath: testdata/connector-healthy.yaml + - healthStatus: + status: Degraded + message: 'connect Rest API request failed: Connector configuration is invalid and contains the following 1 error(s): Could not read properties from file' + inputPath: testdata/connector-failure.yaml + - healthStatus: + status: Degraded + message: 'Connector has failed tasks' + inputPath: testdata/connector-task-failure.yaml \ No newline at end of file diff --git a/resource_customizations/platform.confluent.io/Connector/testdata/connector-failure.yaml b/resource_customizations/platform.confluent.io/Connector/testdata/connector-failure.yaml new file mode 100644 index 0000000000000..b34a297bbabb9 --- /dev/null +++ b/resource_customizations/platform.confluent.io/Connector/testdata/connector-failure.yaml @@ -0,0 +1,27 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Connector +metadata: + finalizers: + - connect.finalizers.platform.confluent.io + generation: 1 + name: connect + namespace: confluent +spec: + class: io.confluent.connect.sftp.SftpSinkConnector + configs: + topics: test-topic + connectClusterRef: + name: connect + name: test-sftp-connector + taskMax: 3 +status: + appState: Failed + conditions: + - lastProbeTime: '2024-04-02T07:43:35Z' + lastTransitionTime: '2024-04-02T07:43:35Z' + message: >- + connect Rest API request failed: Connector configuration is invalid and contains the following 1 error(s): Could not read properties from file + reason: CreateFailed + status: 'False' + type: platform.confluent.io/app-ready + state: ERROR \ No newline at end of file diff --git a/resource_customizations/platform.confluent.io/Connector/testdata/connector-healthy.yaml b/resource_customizations/platform.confluent.io/Connector/testdata/connector-healthy.yaml new file mode 100644 index 0000000000000..10df701b7c53e --- /dev/null +++ b/resource_customizations/platform.confluent.io/Connector/testdata/connector-healthy.yaml @@ -0,0 +1,31 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Connector +metadata: + finalizers: + - connect.finalizers.platform.confluent.io + generation: 1 + name: connect + namespace: confluent +spec: + class: io.confluent.connect.sftp.SftpSinkConnector + configs: + topics: test-topic + connectClusterRef: + name: connect + name: test-sftp-connector + taskMax: 3 +status: + appState: Created + conditions: + - lastProbeTime: '2024-04-02T07:43:35Z' + lastTransitionTime: '2024-04-02T07:43:35Z' + message: Application is created + reason: Created + status: 'True' + type: platform.confluent.io/app-ready + connectorState: RUNNING + restartPolicy: + maxRetry: 10 + type: OnFailure + state: CREATED + tasksReady: 3/3 \ No newline at end of file diff --git a/resource_customizations/platform.confluent.io/Connector/testdata/connector-task-failure.yaml b/resource_customizations/platform.confluent.io/Connector/testdata/connector-task-failure.yaml new file mode 100644 index 0000000000000..09134a48f41b2 --- /dev/null +++ b/resource_customizations/platform.confluent.io/Connector/testdata/connector-task-failure.yaml @@ -0,0 +1,37 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Connector +metadata: + finalizers: + - connect.finalizers.platform.confluent.io + generation: 1 + name: connect + namespace: confluent +spec: + class: io.confluent.connect.sftp.SftpSinkConnector + configs: + topics: test-topic + connectClusterRef: + name: connect + name: test-sftp-connector + taskMax: 3 +status: + appState: Unknown + conditions: + - lastProbeTime: '2024-01-19T06:42:40Z' + lastTransitionTime: '2024-01-19T06:42:40Z' + message: Application is created + reason: Created + status: 'True' + type: platform.confluent.io/app-ready + connectorState: RUNNING + failedTasks: + task-0: + id: 0 + retryCount: 10 + failedTasksCount: 1 + observedGeneration: 1 + restartPolicy: + maxRetry: 10 + type: OnFailure + state: CREATED + tasksReady: 0/1 \ No newline at end of file diff --git a/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/health.lua b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/health.lua new file mode 100644 index 0000000000000..48ef1a8aea9d6 --- /dev/null +++ b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/health.lua @@ -0,0 +1,18 @@ +local hs = {} +if obj.status ~= nil then + local state_map = { + initializing = "Progressing", + ready = "Healthy", + error = "Degraded", + stopping = "Progressing", + paused = "Suspended" + } + + hs.status = state_map[obj.status.state] or "Unknown" + hs.message = obj.status.ready .. "/" .. obj.status.size .. " node(s) are ready" + return hs +end + +hs.status = "Unknown" +hs.message = "Cluster status is unknown" +return hs diff --git a/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/health_test.yaml b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/health_test.yaml new file mode 100644 index 0000000000000..7949e34ec4ce9 --- /dev/null +++ b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/health_test.yaml @@ -0,0 +1,25 @@ +tests: +- healthStatus: + status: Progressing + message: "0/9 node(s) are ready" + inputPath: testdata/initializing.yaml +- healthStatus: + status: Healthy + message: "9/9 node(s) are ready" + inputPath: testdata/ready.yaml +- healthStatus: + status: Suspended + message: "0/9 node(s) are ready" + inputPath: testdata/paused.yaml +- healthStatus: + status: Progressing + message: "6/9 node(s) are ready" + inputPath: testdata/stopping.yaml +- healthStatus: + status: Degraded + message: "0/9 node(s) are ready" + inputPath: testdata/error.yaml +- healthStatus: + status: Unknown + message: "0/0 node(s) are ready" + inputPath: testdata/unknown.yaml diff --git a/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/error.yaml b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/error.yaml new file mode 100644 index 0000000000000..74914f3c55ca8 --- /dev/null +++ b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/error.yaml @@ -0,0 +1,25 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: cluster +spec: {} +status: + mongos: + ready: 0 + size: 3 + status: error + observedGeneration: 1 + ready: 0 + replsets: + cfg: + initialized: true + ready: 0 + size: 3 + status: error + rs0: + initialized: true + ready: 0 + size: 3 + status: error + size: 9 + state: error diff --git a/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/initializing.yaml b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/initializing.yaml new file mode 100644 index 0000000000000..a59e055f3d7e7 --- /dev/null +++ b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/initializing.yaml @@ -0,0 +1,25 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: cluster +spec: {} +status: + mongos: + ready: 0 + size: 3 + status: initializing + observedGeneration: 1 + ready: 0 + replsets: + cfg: + initialized: false + ready: 0 + size: 3 + status: initializing + rs0: + initialized: false + ready: 0 + size: 3 + status: initializing + size: 9 + state: initializing diff --git a/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/paused.yaml b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/paused.yaml new file mode 100644 index 0000000000000..722cc2536fbce --- /dev/null +++ b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/paused.yaml @@ -0,0 +1,25 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: cluster +spec: {} +status: + mongos: + ready: 0 + size: 3 + status: paused + observedGeneration: 1 + ready: 0 + replsets: + cfg: + initialized: true + ready: 0 + size: 3 + status: paused + rs0: + initialized: true + ready: 0 + size: 3 + status: paused + size: 9 + state: paused diff --git a/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/ready.yaml b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/ready.yaml new file mode 100644 index 0000000000000..9d3b62a7fb640 --- /dev/null +++ b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/ready.yaml @@ -0,0 +1,25 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: cluster +spec: {} +status: + mongos: + ready: 3 + size: 3 + status: ready + observedGeneration: 1 + ready: 9 + replsets: + cfg: + initialized: true + ready: 3 + size: 3 + status: ready + rs0: + initialized: true + ready: 3 + size: 3 + status: ready + size: 9 + state: ready diff --git a/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/stopping.yaml b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/stopping.yaml new file mode 100644 index 0000000000000..d4f7f3ae03eba --- /dev/null +++ b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/stopping.yaml @@ -0,0 +1,25 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: cluster +spec: {} +status: + mongos: + ready: 2 + size: 3 + status: stopping + observedGeneration: 1 + ready: 6 + replsets: + cfg: + initialized: true + ready: 2 + size: 3 + status: stopping + rs0: + initialized: true + ready: 2 + size: 3 + status: stopping + size: 9 + state: stopping diff --git a/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/unknown.yaml b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/unknown.yaml new file mode 100644 index 0000000000000..7b06350e18023 --- /dev/null +++ b/resource_customizations/psmdb.percona.com/PerconaServerMongoDB/testdata/unknown.yaml @@ -0,0 +1,10 @@ +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: cluster +spec: {} +status: + observedGeneration: 1 + ready: 0 + size: 0 + state: "" diff --git a/server/account/account_test.go b/server/account/account_test.go index 2e7f9ab669e9d..81e0abc0785f4 100644 --- a/server/account/account_test.go +++ b/server/account/account_test.go @@ -63,7 +63,7 @@ func newTestAccountServerExt(ctx context.Context, enforceFn rbac.ClaimsEnforcerF for i := range opts { opts[i](cm, secret) } - kubeclientset := fake.NewSimpleClientset(cm, secret) + kubeclientset := fake.NewClientset(cm, secret) settingsMgr := settings.NewSettingsManager(ctx, kubeclientset, testNamespace) sessionMgr := sessionutil.NewSessionManager(settingsMgr, test.NewFakeProjLister(), "", nil, sessionutil.NewUserStateStorage(nil)) enforcer := rbac.NewEnforcer(kubeclientset, testNamespace, common.ArgoCDRBACConfigMapName, nil) diff --git a/server/application/application.go b/server/application/application.go index 838110c388e1d..7ffbca4f886d2 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -369,7 +369,13 @@ func (s *Server) Create(ctx context.Context, q *application.ApplicationCreateReq if err != nil { return nil, status.Errorf(codes.Internal, "unable to check existing application details (%s): %v", appNs, err) } - equalSpecs := reflect.DeepEqual(existing.Spec, a.Spec) && + + if err := argo.ValidateDestination(ctx, &existing.Spec.Destination, s.db); err != nil { + return nil, status.Errorf(codes.InvalidArgument, "application destination spec for %s is invalid: %s", existing.Name, err.Error()) + } + + equalSpecs := existing.Spec.Destination.Equals(a.Spec.Destination) && + reflect.DeepEqual(existing.Spec, a.Spec) && reflect.DeepEqual(existing.Labels, a.Labels) && reflect.DeepEqual(existing.Annotations, a.Annotations) && reflect.DeepEqual(existing.Finalizers, a.Finalizers) @@ -2229,7 +2235,7 @@ func getAmbiguousRevision(app *appv1.Application, syncReq *application.Applicati ambiguousRevision := "" if app.Spec.HasMultipleSources() { for i, pos := range syncReq.SourcePositions { - if pos == int64(sourceIndex) { + if pos == int64(sourceIndex+1) { ambiguousRevision = syncReq.Revisions[i] } } @@ -2514,10 +2520,10 @@ func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceA } if res == nil { - s.logAppEvent(a, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s", q.GetAction())) + s.logAppEvent(a, ctx, argo.EventReasonResourceActionRan, "ran action "+q.GetAction()) } else { s.logAppEvent(a, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s on resource %s/%s/%s", q.GetAction(), res.Group, res.Kind, res.Name)) - s.logResourceEvent(res, ctx, argo.EventReasonResourceActionRan, fmt.Sprintf("ran action %s", q.GetAction())) + s.logResourceEvent(res, ctx, argo.EventReasonResourceActionRan, "ran action "+q.GetAction()) } return &application.ApplicationResponse{}, nil } diff --git a/server/application/application_test.go b/server/application/application_test.go index 0c409357995fe..3b1a4fce27a54 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -48,7 +48,6 @@ import ( appinformer "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" - appmocks "github.com/argoproj/argo-cd/v2/server/application/mocks" servercache "github.com/argoproj/argo-cd/v2/server/cache" "github.com/argoproj/argo-cd/v2/server/rbacpolicy" "github.com/argoproj/argo-cd/v2/test" @@ -71,6 +70,35 @@ const ( var testEnableEventList []string = argo.DefaultEnableEventList() +type broadcasterMock struct { + objects []runtime.Object +} + +func (b broadcasterMock) Subscribe(ch chan *appv1.ApplicationWatchEvent, filters ...func(event *appv1.ApplicationWatchEvent) bool) func() { + // Simulate the broadcaster notifying the subscriber of an application update. + // The second parameter to Subscribe is filters. For the purposes of tests, we ignore the filters. Future tests + // might require implementing those. + go func() { + for _, obj := range b.objects { + app, ok := obj.(*appsv1.Application) + if ok { + oldVersion, err := strconv.Atoi(app.ResourceVersion) + if err != nil { + oldVersion = 0 + } + clonedApp := app.DeepCopy() + clonedApp.ResourceVersion = strconv.Itoa(oldVersion + 1) + ch <- &appsv1.ApplicationWatchEvent{Type: watch.Added, Application: *clonedApp} + } + } + }() + return func() {} +} + +func (broadcasterMock) OnAdd(interface{}, bool) {} +func (broadcasterMock) OnUpdate(interface{}, interface{}) {} +func (broadcasterMock) OnDelete(interface{}) {} + func fakeRepo() *appsv1.Repository { return &appsv1.Repository{ Repo: fakeRepoURL, @@ -109,7 +137,7 @@ func fakeResolveRevisionResponseHelm() *apiclient.ResolveRevisionResponse { func fakeRepoServerClient(isHelm bool) *mocks.RepoServerServiceClient { mockRepoServiceClient := mocks.RepoServerServiceClient{} - mockRepoServiceClient.On("ListApps", mock.Anything, mock.Anything).Return(fakeAppList(), nil) + mockRepoServiceClient.On("GetProcessableApps", mock.Anything, mock.Anything).Return(fakeAppList(), nil) mockRepoServiceClient.On("GenerateManifest", mock.Anything, mock.Anything).Return(&apiclient.ManifestResponse{}, nil) mockRepoServiceClient.On("GetAppDetails", mock.Anything, mock.Anything).Return(&apiclient.RepoAppDetailsResponse{}, nil) mockRepoServiceClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) @@ -141,7 +169,7 @@ func newTestAppServer(t *testing.T, objects ...runtime.Object) *Server { func newTestAppServerWithEnforcerConfigure(t *testing.T, f func(*rbac.Enforcer), additionalConfig map[string]string, objects ...runtime.Object) *Server { t.Helper() - kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ + kubeclientset := fake.NewClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: testNamespace, Name: "argocd-cm", @@ -227,30 +255,9 @@ func newTestAppServerWithEnforcerConfigure(t *testing.T, f func(*rbac.Enforcer), panic("Timed out waiting for caches to sync") } - broadcaster := new(appmocks.Broadcaster) - broadcaster.On("Subscribe", mock.Anything, mock.Anything).Return(func() {}).Run(func(args mock.Arguments) { - // Simulate the broadcaster notifying the subscriber of an application update. - // The second parameter to Subscribe is filters. For the purposes of tests, we ignore the filters. Future tests - // might require implementing those. - go func() { - events := args.Get(0).(chan *appsv1.ApplicationWatchEvent) - for _, obj := range objects { - app, ok := obj.(*appsv1.Application) - if ok { - oldVersion, err := strconv.Atoi(app.ResourceVersion) - if err != nil { - oldVersion = 0 - } - clonedApp := app.DeepCopy() - clonedApp.ResourceVersion = strconv.Itoa(oldVersion + 1) - events <- &appsv1.ApplicationWatchEvent{Type: watch.Added, Application: *clonedApp} - } - } - }() - }) - broadcaster.On("OnAdd", mock.Anything, mock.Anything).Return() - broadcaster.On("OnUpdate", mock.Anything, mock.Anything).Return() - broadcaster.On("OnDelete", mock.Anything).Return() + broadcaster := broadcasterMock{ + objects: objects, + } appStateCache := appstate.NewCache(cache.NewCache(cache.NewInMemoryCache(time.Hour)), time.Hour) // pre-populate the app cache @@ -327,7 +334,7 @@ func newTestAppServerWithBenchmark(b *testing.B, objects ...runtime.Object) *Ser func newTestAppServerWithEnforcerConfigureWithBenchmark(b *testing.B, f func(*rbac.Enforcer), objects ...runtime.Object) *Server { b.Helper() - kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ + kubeclientset := fake.NewClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: testNamespace, Name: "argocd-cm", @@ -410,30 +417,9 @@ func newTestAppServerWithEnforcerConfigureWithBenchmark(b *testing.B, f func(*rb panic("Timed out waiting for caches to sync") } - broadcaster := new(appmocks.Broadcaster) - broadcaster.On("Subscribe", mock.Anything, mock.Anything).Return(func() {}).Run(func(args mock.Arguments) { - // Simulate the broadcaster notifying the subscriber of an application update. - // The second parameter to Subscribe is filters. For the purposes of tests, we ignore the filters. Future tests - // might require implementing those. - go func() { - events := args.Get(0).(chan *appsv1.ApplicationWatchEvent) - for _, obj := range objects { - app, ok := obj.(*appsv1.Application) - if ok { - oldVersion, err := strconv.Atoi(app.ResourceVersion) - if err != nil { - oldVersion = 0 - } - clonedApp := app.DeepCopy() - clonedApp.ResourceVersion = strconv.Itoa(oldVersion + 1) - events <- &appsv1.ApplicationWatchEvent{Type: watch.Added, Application: *clonedApp} - } - } - }() - }) - broadcaster.On("OnAdd", mock.Anything, mock.Anything).Return() - broadcaster.On("OnUpdate", mock.Anything, mock.Anything).Return() - broadcaster.On("OnDelete", mock.Anything).Return() + broadcaster := broadcasterMock{ + objects: objects, + } appStateCache := appstate.NewCache(cache.NewCache(cache.NewInMemoryCache(time.Hour)), time.Hour) // pre-populate the app cache @@ -2946,7 +2932,7 @@ func TestGetAmbiguousRevision_MultiSource(t *testing.T) { }, } syncReq := &application.ApplicationSyncRequest{ - SourcePositions: []int64{0, 1}, + SourcePositions: []int64{1, 2}, Revisions: []string{"rev1", "rev2"}, } diff --git a/server/application/logs.go b/server/application/logs.go index 778f04edec66e..b52eef81e2e77 100644 --- a/server/application/logs.go +++ b/server/application/logs.go @@ -120,16 +120,22 @@ func mergeLogStreams(streams []chan logEntry, bufferingDuration time.Duration) c var sentAt time.Time ticker := time.NewTicker(bufferingDuration) + done := make(chan struct{}) go func() { - for range ticker.C { - sentAtLock.Lock() - // waited long enough for logs from each streams, send everything accumulated - if sentAt.Add(bufferingDuration).Before(time.Now()) { - _ = send(true) - sentAt = time.Now() - } + for { + select { + case <-done: + return + case <-ticker.C: + sentAtLock.Lock() + // waited long enough for logs from each streams, send everything accumulated + if sentAt.Add(bufferingDuration).Before(time.Now()) { + _ = send(true) + sentAt = time.Now() + } - sentAtLock.Unlock() + sentAtLock.Unlock() + } } }() @@ -145,6 +151,11 @@ func mergeLogStreams(streams []chan logEntry, bufferingDuration time.Duration) c _ = send(true) ticker.Stop() + // ticker.Stop() does not close the channel, and it does not wait for the channel to be drained. So we need to + // explicitly prevent the gorountine from leaking by closing the channel. We also need to prevent the goroutine + // from calling `send` again, because `send` pushes to the `merged` channel which we're about to close. + // This describes the approach nicely: https://stackoverflow.com/questions/17797754/ticker-stop-behaviour-in-golang + done <- struct{}{} close(merged) }() return merged diff --git a/server/application/logs_test.go b/server/application/logs_test.go index 76bd5df134ae9..7a565e37efa79 100644 --- a/server/application/logs_test.go +++ b/server/application/logs_test.go @@ -75,3 +75,33 @@ func TestMergeLogStreams(t *testing.T) { assert.Equal(t, []string{"1", "2", "3", "4"}, lines) } + +func TestMergeLogStreams_RaceCondition(t *testing.T) { + // Test for regression of this issue: https://github.com/argoproj/argo-cd/issues/7006 + for i := 0; i < 5000; i++ { + first := make(chan logEntry) + second := make(chan logEntry) + + go func() { + parseLogsStream("first", io.NopCloser(strings.NewReader(`2021-02-09T00:00:01Z 1`)), first) + time.Sleep(time.Duration(i%3) * time.Millisecond) + close(first) + }() + + go func() { + parseLogsStream("second", io.NopCloser(strings.NewReader(`2021-02-09T00:00:02Z 2`)), second) + time.Sleep(time.Duration((i+1)%3) * time.Millisecond) + close(second) + }() + + merged := mergeLogStreams([]chan logEntry{first, second}, 1*time.Millisecond) + + // Drain the channel + for range merged { + } + + // This test intentionally doesn't test the order of the output. Under these intense conditions, the test would + // fail often due to out of order entries. This test is only meant to reproduce a race between a channel writer + // and channel closer. + } +} diff --git a/server/application/websocket_test.go b/server/application/websocket_test.go index 2384cb7fe28cd..25ff759f32538 100644 --- a/server/application/websocket_test.go +++ b/server/application/websocket_test.go @@ -34,7 +34,7 @@ func newTestTerminalSession(w http.ResponseWriter, r *http.Request) terminalSess func newEnforcer() *rbac.Enforcer { additionalConfig := make(map[string]string, 0) - kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ + kubeclientset := fake.NewClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: testNamespace, Name: "argocd-cm", diff --git a/server/applicationset/applicationset.proto b/server/applicationset/applicationset.proto index e2e4663e94e84..8d1cb74a764b0 100644 --- a/server/applicationset/applicationset.proto +++ b/server/applicationset/applicationset.proto @@ -74,7 +74,7 @@ service ApplicationSetService { // Generate generates rpc Generate (ApplicationSetGenerateRequest) returns (ApplicationSetGenerateResponse) { option (google.api.http) = { - post: "/api/v1/applicationsets" + post: "/api/v1/applicationsets/generate" body: "*" }; } diff --git a/server/applicationset/applicationset_test.go b/server/applicationset/applicationset_test.go index 89f7433dea1a0..8f16d415dec13 100644 --- a/server/applicationset/applicationset_test.go +++ b/server/applicationset/applicationset_test.go @@ -72,7 +72,7 @@ func newTestNamespacedAppSetServer(objects ...runtime.Object) *Server { } func newTestAppSetServerWithEnforcerConfigure(f func(*rbac.Enforcer), namespace string, objects ...runtime.Object) *Server { - kubeclientset := fake.NewSimpleClientset(&v1.ConfigMap{ + kubeclientset := fake.NewClientset(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: testNamespace, Name: "argocd-cm", diff --git a/server/badge/badge_test.go b/server/badge/badge_test.go index 9c996ca4873d8..47ebde8f5aa2a 100644 --- a/server/badge/badge_test.go +++ b/server/badge/badge_test.go @@ -100,7 +100,7 @@ func testProject() *v1alpha1.AppProject { } func TestHandlerFeatureIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp()), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app", nil) require.NoError(t, err) @@ -198,7 +198,7 @@ func TestHandlerFeatureProjectIsEnabled(t *testing.T) { argoCDCm.ObjectMeta.Namespace = tt.namespace argoCDSecret.ObjectMeta.Namespace = tt.namespace - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm, argoCDSecret), tt.namespace) + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm, argoCDSecret), tt.namespace) objects := []runtime.Object{testProject()} for _, v := range tt.testApp { objects = append(objects, v) @@ -225,7 +225,7 @@ func TestHandlerFeatureProjectIsEnabled(t *testing.T) { func TestHandlerNamespacesIsEnabled(t *testing.T) { t.Run("Application in allowed namespace", func(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp2()), settingsMgr, "default", []string{"argocd-test"}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&namespace=argocd-test", nil) require.NoError(t, err) @@ -246,7 +246,7 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { }) t.Run("Application in disallowed namespace", func(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp2()), settingsMgr, "default", []string{"argocd-test"}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&namespace=kube-system", nil) require.NoError(t, err) @@ -263,7 +263,7 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { }) t.Run("Request with illegal namespace", func(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp2()), settingsMgr, "default", []string{"argocd-test"}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&namespace=kube()system", nil) require.NoError(t, err) @@ -276,7 +276,7 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { } func TestHandlerFeatureIsEnabledKeepFullRevisionIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{""}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=true", nil) require.NoError(t, err) @@ -297,7 +297,7 @@ func TestHandlerFeatureIsEnabledKeepFullRevisionIsEnabled(t *testing.T) { } func TestHandlerFeatureIsEnabledKeepFullRevisionIsDisabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=false", nil) require.NoError(t, err) @@ -318,7 +318,7 @@ func TestHandlerFeatureIsEnabledKeepFullRevisionIsDisabled(t *testing.T) { } func TestHandlerFeatureIsEnabledKeepFullRevisionAndWidthIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{""}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=true&width=500", nil) require.NoError(t, err) @@ -392,7 +392,7 @@ func createApplicationsWithName(appCombo, projectName []string, namespace string } func TestHandlerFeatureIsEnabledRevisionIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp()), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true", nil) require.NoError(t, err) @@ -416,7 +416,7 @@ func TestHandlerRevisionIsEnabledNoOperationState(t *testing.T) { app := testApp() app.Status.OperationState = nil - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(app), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true", nil) require.NoError(t, err) @@ -440,7 +440,7 @@ func TestHandlerRevisionIsEnabledShortCommitSHA(t *testing.T) { app := testApp() app.Status.OperationState.SyncResult.Revision = "abc" - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(app), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true", nil) require.NoError(t, err) diff --git a/server/cluster/cluster_test.go b/server/cluster/cluster_test.go index 1d8f5ec9767d0..f5540dd30753d 100644 --- a/server/cluster/cluster_test.go +++ b/server/cluster/cluster_test.go @@ -120,13 +120,13 @@ func newServerInMemoryCache() *servercache.Cache { } func newNoopEnforcer() *rbac.Enforcer { - enf := rbac.NewEnforcer(fake.NewSimpleClientset(test.NewFakeConfigMap()), test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) + enf := rbac.NewEnforcer(fake.NewClientset(test.NewFakeConfigMap()), test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) enf.EnableEnforce(false) return enf } func newEnforcer() *rbac.Enforcer { - enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(test.NewFakeConfigMap()), test.FakeArgoCDNamespace, common.ArgoCDRBACConfigMapName, nil) + enforcer := rbac.NewEnforcer(fake.NewClientset(test.NewFakeConfigMap()), test.FakeArgoCDNamespace, common.ArgoCDRBACConfigMapName, nil) _ = enforcer.SetBuiltinPolicy(assets.BuiltinPolicyCSV) enforcer.SetDefaultRole("role:test") enforcer.SetClaimsEnforcerFunc(func(claims jwt.Claims, rvals ...interface{}) bool { @@ -229,7 +229,7 @@ func TestUpdateCluster_RejectInvalidParams(t *testing.T) { }, ) - enf := rbac.NewEnforcer(fake.NewSimpleClientset(test.NewFakeConfigMap()), test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) + enf := rbac.NewEnforcer(fake.NewClientset(test.NewFakeConfigMap()), test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) _ = enf.SetBuiltinPolicy(`p, role:test, clusters, *, https://127.0.0.1, allow p, role:test, clusters, *, allowed-project/*, allow`) enf.SetDefaultRole("role:test") @@ -606,7 +606,7 @@ func getClientset(config map[string]string, ns string, objects ...runtime.Object }, Data: config, } - return fake.NewSimpleClientset(append(objects, &cm, &secret)...) + return fake.NewClientset(append(objects, &cm, &secret)...) } func TestListCluster(t *testing.T) { diff --git a/server/extension/extension.go b/server/extension/extension.go index d28d3aac5dc9f..f7506692d7ebb 100644 --- a/server/extension/extension.go +++ b/server/extension/extension.go @@ -729,7 +729,7 @@ func (m *Manager) CallExtension() func(http.ResponseWriter, *http.Request) { return func(w http.ResponseWriter, r *http.Request) { segments := strings.Split(strings.TrimPrefix(r.URL.Path, "/"), "/") if segments[0] != "extensions" { - http.Error(w, fmt.Sprintf("Invalid URL: first segment must be %s", URLPrefix), http.StatusBadRequest) + http.Error(w, "Invalid URL: first segment must be "+URLPrefix, http.StatusBadRequest) return } extName := segments[1] diff --git a/server/extension/extension_test.go b/server/extension/extension_test.go index 3a92fcfeffb8f..9e42386481fb2 100644 --- a/server/extension/extension_test.go +++ b/server/extension/extension_test.go @@ -258,7 +258,7 @@ func TestCallExtension(t *testing.T) { mux := http.NewServeMux() extHandler := http.HandlerFunc(m.CallExtension()) - mux.Handle(fmt.Sprintf("%s/", extension.URLPrefix), extHandler) + mux.Handle(extension.URLPrefix+"/", extHandler) return &fixture{ mux: mux, @@ -713,7 +713,7 @@ func TestCallExtension(t *testing.T) { withUser(f, "some-user", []string{"group1", "group2"}) ts := startTestServer(t, f) defer ts.Close() - r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/", ts.URL)) + r := newExtensionRequest(t, "Get", ts.URL+"/extensions/") f.appGetterMock.On("Get", mock.Anything, mock.Anything).Return(getApp("", "", differentProject), nil) // when diff --git a/server/logout/logout.go b/server/logout/logout.go index 6129e2f9a85be..e94424bc7035a 100644 --- a/server/logout/logout.go +++ b/server/logout/logout.go @@ -2,7 +2,6 @@ package logout import ( "context" - "fmt" "net/http" "regexp" "strings" @@ -61,7 +60,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { argoCDSettings, err := h.settingsMgr.GetSettings() if err != nil { w.WriteHeader(http.StatusInternalServerError) - http.Error(w, "Failed to retrieve argoCD settings: "+fmt.Sprintf("%s", err), http.StatusInternalServerError) + http.Error(w, "Failed to retrieve argoCD settings: "+err.Error(), http.StatusInternalServerError) return } @@ -73,7 +72,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // golang does not provide any easy way to determine scheme of current request // so redirecting ot http which will auto-redirect too https if necessary host := strings.TrimRight(r.Host, "/") - argoURL = fmt.Sprintf("http://%s", host) + "/" + strings.TrimRight(strings.TrimLeft(h.rootPath, "/"), "/") + argoURL = "http://" + host + "/" + strings.TrimRight(strings.TrimLeft(h.rootPath, "/"), "/") } logoutRedirectURL := strings.TrimRight(strings.TrimLeft(argoURL, "/"), "/") @@ -82,7 +81,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { tokenString, err = httputil.JoinCookies(common.AuthCookieName, cookies) if tokenString == "" || err != nil { w.WriteHeader(http.StatusBadRequest) - http.Error(w, "Failed to retrieve ArgoCD auth token: "+fmt.Sprintf("%s", err), http.StatusBadRequest) + http.Error(w, "Failed to retrieve ArgoCD auth token: "+err.Error(), http.StatusBadRequest) return } @@ -96,7 +95,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { Value: "", } - argocdCookie.Path = fmt.Sprintf("/%s", strings.TrimRight(strings.TrimLeft(h.baseHRef, "/"), "/")) + argocdCookie.Path = "/" + strings.TrimRight(strings.TrimLeft(h.baseHRef, "/"), "/") w.Header().Add("Set-Cookie", argocdCookie.String()) } diff --git a/server/logout/logout_test.go b/server/logout/logout_test.go index 28345407a8299..83bf8ee5d92f3 100644 --- a/server/logout/logout_test.go +++ b/server/logout/logout_test.go @@ -87,7 +87,7 @@ func TestConstructLogoutURL(t *testing.T) { } func TestHandlerConstructLogoutURL(t *testing.T) { - kubeClientWithOIDCConfig := fake.NewSimpleClientset( + kubeClientWithOIDCConfig := fake.NewClientset( &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -119,7 +119,7 @@ func TestHandlerConstructLogoutURL(t *testing.T) { }, }, ) - kubeClientWithOIDCConfigButNoURL := fake.NewSimpleClientset( + kubeClientWithOIDCConfigButNoURL := fake.NewClientset( &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -151,7 +151,7 @@ func TestHandlerConstructLogoutURL(t *testing.T) { }, }, ) - kubeClientWithOIDCConfigButNoLogoutURL := fake.NewSimpleClientset( + kubeClientWithOIDCConfigButNoLogoutURL := fake.NewClientset( &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -182,7 +182,7 @@ func TestHandlerConstructLogoutURL(t *testing.T) { }, }, ) - kubeClientWithoutOIDCAndMultipleURLs := fake.NewSimpleClientset( + kubeClientWithoutOIDCAndMultipleURLs := fake.NewClientset( &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -210,7 +210,7 @@ func TestHandlerConstructLogoutURL(t *testing.T) { }, }, ) - kubeClientWithoutOIDCConfig := fake.NewSimpleClientset( + kubeClientWithoutOIDCConfig := fake.NewClientset( &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, diff --git a/server/notification/notification_test.go b/server/notification/notification_test.go index 41e0306c84bd0..38467e7d59b75 100644 --- a/server/notification/notification_test.go +++ b/server/notification/notification_test.go @@ -35,7 +35,7 @@ func TestNotificationServer(t *testing.T) { require.NoError(t, err) cm.Namespace = testNamespace - kubeclientset := fake.NewSimpleClientset(&corev1.ConfigMap{ + kubeclientset := fake.NewClientset(&corev1.ConfigMap{ ObjectMeta: v1.ObjectMeta{ Namespace: testNamespace, Name: "argocd-notifications-cm", diff --git a/server/project/project.go b/server/project/project.go index 62487b268a705..cac913715b623 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -398,43 +398,31 @@ func (s *Server) Update(ctx context.Context, q *project.ProjectUpdateRequest) (* return nil, err } - var srcValidatedApps []v1alpha1.Application - var dstValidatedApps []v1alpha1.Application getProjectClusters := func(project string) ([]*v1alpha1.Cluster, error) { return s.db.GetProjectClusters(ctx, project) } - for _, a := range argo.FilterByProjects(appsList.Items, []string{q.Project.Name}) { - if oldProj.IsSourcePermitted(a.Spec.GetSource()) { - srcValidatedApps = append(srcValidatedApps, a) - } - - dstPermitted, err := oldProj.IsDestinationPermitted(a.Spec.Destination, getProjectClusters) - if err != nil { - return nil, err - } - - if dstPermitted { - dstValidatedApps = append(dstValidatedApps, a) - } - } - invalidSrcCount := 0 invalidDstCount := 0 - for _, a := range srcValidatedApps { - if !q.Project.IsSourcePermitted(a.Spec.GetSource()) { + for _, a := range argo.FilterByProjects(appsList.Items, []string{q.Project.Name}) { + if oldProj.IsSourcePermitted(a.Spec.GetSource()) && !q.Project.IsSourcePermitted(a.Spec.GetSource()) { invalidSrcCount++ } - } - for _, a := range dstValidatedApps { - dstPermitted, err := q.Project.IsDestinationPermitted(a.Spec.Destination, getProjectClusters) + + dstPermitted, err := oldProj.IsDestinationPermitted(a.Spec.Destination, getProjectClusters) if err != nil { return nil, err } - if !dstPermitted { - invalidDstCount++ + if dstPermitted { + dstPermitted, err := q.Project.IsDestinationPermitted(a.Spec.Destination, getProjectClusters) + if err != nil { + return nil, err + } + if !dstPermitted { + invalidDstCount++ + } } } diff --git a/server/project/project_test.go b/server/project/project_test.go index cd5a8de5fee53..d4d9c3e40e4eb 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -38,10 +38,10 @@ import ( const testNamespace = "default" -var testEnableEventList []string = argo.DefaultEnableEventList() +var testEnableEventList = argo.DefaultEnableEventList() func TestProjectServer(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(&corev1.ConfigMap{ + kubeclientset := fake.NewClientset(&corev1.ConfigMap{ ObjectMeta: v1.ObjectMeta{ Namespace: testNamespace, Name: "argocd-cm", @@ -94,7 +94,7 @@ func TestProjectServer(t *testing.T) { role1 := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} projectWithRole.Spec.Roles = append(projectWithRole.Spec.Roles, role1) argoDB := db.NewDB("default", settingsMgr, kubeclientset) - projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB, testEnableEventList) + projectServer := NewServer("default", fake.NewClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB, testEnableEventList) err := projectServer.NormalizeProjs() require.NoError(t, err) @@ -196,6 +196,7 @@ func TestProjectServer(t *testing.T) { require.Error(t, err) statusCode, _ := status.FromError(err) assert.Equal(t, codes.InvalidArgument, statusCode.Code()) + assert.Equal(t, "as a result of project update 1 applications destination became invalid", statusCode.Message()) }) t.Run("TestRemoveSourceSuccessful", func(t *testing.T) { @@ -232,6 +233,7 @@ func TestProjectServer(t *testing.T) { require.Error(t, err) statusCode, _ := status.FromError(err) assert.Equal(t, codes.InvalidArgument, statusCode.Code()) + assert.Equal(t, "as a result of project update 1 applications source became invalid", statusCode.Message()) }) t.Run("TestRemoveSourceUsedByAppSuccessfulIfPermittedByAnotherSrc", func(t *testing.T) { @@ -318,6 +320,7 @@ func TestProjectServer(t *testing.T) { require.Error(t, err) statusCode, _ := status.FromError(err) assert.Equal(t, codes.InvalidArgument, statusCode.Code()) + assert.Equal(t, "project is referenced by 1 applications", statusCode.Message()) }) // configure a user named "admin" which is denied by default diff --git a/server/rbacpolicy/rbacpolicy.go b/server/rbacpolicy/rbacpolicy.go index 800dcd43c064a..ea2b0ee0c166d 100644 --- a/server/rbacpolicy/rbacpolicy.go +++ b/server/rbacpolicy/rbacpolicy.go @@ -14,17 +14,18 @@ import ( const ( // please add new items to Resources - ResourceClusters = "clusters" - ResourceProjects = "projects" - ResourceApplications = "applications" - ResourceApplicationSets = "applicationsets" - ResourceRepositories = "repositories" - ResourceCertificates = "certificates" - ResourceAccounts = "accounts" - ResourceGPGKeys = "gpgkeys" - ResourceLogs = "logs" - ResourceExec = "exec" - ResourceExtensions = "extensions" + ResourceClusters = "clusters" + ResourceProjects = "projects" + ResourceApplications = "applications" + ResourceApplicationSets = "applicationsets" + ResourceRepositories = "repositories" + ResourceWriteRepositories = "write-repositories" + ResourceCertificates = "certificates" + ResourceAccounts = "accounts" + ResourceGPGKeys = "gpgkeys" + ResourceLogs = "logs" + ResourceExec = "exec" + ResourceExtensions = "extensions" // please add new items to Actions ActionGet = "get" @@ -45,6 +46,7 @@ var ( ResourceApplications, ResourceApplicationSets, ResourceRepositories, + ResourceWriteRepositories, ResourceCertificates, ResourceAccounts, ResourceGPGKeys, diff --git a/server/rbacpolicy/rbacpolicy_test.go b/server/rbacpolicy/rbacpolicy_test.go index 90de18ea4e0b7..ae8a9442e80df 100644 --- a/server/rbacpolicy/rbacpolicy_test.go +++ b/server/rbacpolicy/rbacpolicy_test.go @@ -49,7 +49,7 @@ func newFakeProj() *argoappv1.AppProject { } func TestEnforceAllPolicies(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap()) + kubeclientset := fake.NewClientset(test.NewFakeConfigMap()) projLister := test.NewFakeProjLister(newFakeProj()) enf := rbac.NewEnforcer(kubeclientset, test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) enf.EnableLog(true) @@ -90,7 +90,7 @@ func TestEnforceAllPolicies(t *testing.T) { } func TestEnforceActionActions(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap()) + kubeclientset := fake.NewClientset(test.NewFakeConfigMap()) projLister := test.NewFakeProjLister(newFakeProj()) enf := rbac.NewEnforcer(kubeclientset, test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) enf.EnableLog(true) @@ -123,7 +123,7 @@ p, cam, applications, %s/argoproj.io/Rollout/resume, my-proj/*, allow } func TestInvalidatedCache(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap()) + kubeclientset := fake.NewClientset(test.NewFakeConfigMap()) projLister := test.NewFakeProjLister(newFakeProj()) enf := rbac.NewEnforcer(kubeclientset, test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) enf.EnableLog(true) diff --git a/server/repocreds/repocreds.go b/server/repocreds/repocreds.go index 5c0c819598fb3..4c3c2d1253db8 100644 --- a/server/repocreds/repocreds.go +++ b/server/repocreds/repocreds.go @@ -65,6 +65,30 @@ func (s *Server) ListRepositoryCredentials(ctx context.Context, q *repocredspkg. return &appsv1.RepoCredsList{Items: items}, nil } +// ListWriteRepositoryCredentials returns a list of all configured repository credential sets +func (s *Server) ListWriteRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsQuery) (*appsv1.RepoCredsList, error) { + urls, err := s.db.ListRepositoryCredentials(ctx) + if err != nil { + return nil, err + } + items := make([]appsv1.RepoCreds, 0) + for _, url := range urls { + if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionGet, url) { + repo, err := s.db.GetWriteRepositoryCredentials(ctx, url) + if err != nil { + return nil, err + } + if repo != nil && repo.Password != "" { + items = append(items, appsv1.RepoCreds{ + URL: url, + Username: repo.Username, + }) + } + } + } + return &appsv1.RepoCredsList{Items: items}, nil +} + // CreateRepositoryCredentials creates a new credential set in the configuration func (s *Server) CreateRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsCreateRequest) (*appsv1.RepoCreds, error) { if q.Creds == nil { @@ -99,6 +123,40 @@ func (s *Server) CreateRepositoryCredentials(ctx context.Context, q *repocredspk return &appsv1.RepoCreds{URL: r.URL}, err } +// CreateWriteRepositoryCredentials creates a new credential set in the configuration +func (s *Server) CreateWriteRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsCreateRequest) (*appsv1.RepoCreds, error) { + if q.Creds == nil { + return nil, status.Errorf(codes.InvalidArgument, "missing payload in request") + } + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionCreate, q.Creds.URL); err != nil { + return nil, err + } + + r := q.Creds + + if r.URL == "" { + return nil, status.Errorf(codes.InvalidArgument, "must specify URL") + } + + _, err := s.db.CreateWriteRepositoryCredentials(ctx, r) + if status.Convert(err).Code() == codes.AlreadyExists { + // act idempotent if existing spec matches new spec + existing, getErr := s.db.GetWriteRepositoryCredentials(ctx, r.URL) + if getErr != nil { + return nil, status.Errorf(codes.Internal, "unable to check existing repository credentials details: %v", getErr) + } + + if reflect.DeepEqual(existing, r) { + err = nil + } else if q.Upsert { + return s.UpdateWriteRepositoryCredentials(ctx, &repocredspkg.RepoCredsUpdateRequest{Creds: r}) + } else { + return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository credentials", existing, r)) + } + } + return &appsv1.RepoCreds{URL: r.URL}, err +} + // UpdateRepositoryCredentials updates a repository credential set func (s *Server) UpdateRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsUpdateRequest) (*appsv1.RepoCreds, error) { if q.Creds == nil { @@ -111,6 +169,18 @@ func (s *Server) UpdateRepositoryCredentials(ctx context.Context, q *repocredspk return &appsv1.RepoCreds{URL: q.Creds.URL}, err } +// UpdateWriteRepositoryCredentials updates a repository credential set +func (s *Server) UpdateWriteRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsUpdateRequest) (*appsv1.RepoCreds, error) { + if q.Creds == nil { + return nil, status.Errorf(codes.InvalidArgument, "missing payload in request") + } + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionUpdate, q.Creds.URL); err != nil { + return nil, err + } + _, err := s.db.UpdateWriteRepositoryCredentials(ctx, q.Creds) + return &appsv1.RepoCreds{URL: q.Creds.URL}, err +} + // DeleteRepositoryCredentials removes a credential set from the configuration func (s *Server) DeleteRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsDeleteRequest) (*repocredspkg.RepoCredsResponse, error) { if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionDelete, q.Url); err != nil { @@ -120,3 +190,13 @@ func (s *Server) DeleteRepositoryCredentials(ctx context.Context, q *repocredspk err := s.db.DeleteRepositoryCredentials(ctx, q.Url) return &repocredspkg.RepoCredsResponse{}, err } + +// DeleteWriteRepositoryCredentials removes a credential set from the configuration +func (s *Server) DeleteWriteRepositoryCredentials(ctx context.Context, q *repocredspkg.RepoCredsDeleteRequest) (*repocredspkg.RepoCredsResponse, error) { + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionDelete, q.Url); err != nil { + return nil, err + } + + err := s.db.DeleteWriteRepositoryCredentials(ctx, q.Url) + return &repocredspkg.RepoCredsResponse{}, err +} diff --git a/server/repocreds/repocreds.proto b/server/repocreds/repocreds.proto index 3019bfdb5bc86..59151b264430b 100644 --- a/server/repocreds/repocreds.proto +++ b/server/repocreds/repocreds.proto @@ -43,6 +43,11 @@ service RepoCredsService { option (google.api.http).get = "/api/v1/repocreds"; } + //ListWriteRepositoryCredentials gets a list of all configured repository credential sets that have write access + rpc ListWriteRepositoryCredentials(RepoCredsQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RepoCredsList) { + option (google.api.http).get = "/api/v1/write-repocreds"; + } + // CreateRepositoryCredentials creates a new repository credential set rpc CreateRepositoryCredentials(RepoCredsCreateRequest) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RepoCreds) { option (google.api.http) = { @@ -51,6 +56,14 @@ service RepoCredsService { }; } + // CreateWriteRepositoryCredentials creates a new repository credential set with write access + rpc CreateWriteRepositoryCredentials(RepoCredsCreateRequest) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RepoCreds) { + option (google.api.http) = { + post: "/api/v1/write-repocreds" + body: "creds" + }; + } + // UpdateRepositoryCredentials updates a repository credential set rpc UpdateRepositoryCredentials(RepoCredsUpdateRequest) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RepoCreds) { option (google.api.http) = { @@ -59,9 +72,21 @@ service RepoCredsService { }; } + // UpdateWriteRepositoryCredentials updates a repository credential set with write access + rpc UpdateWriteRepositoryCredentials(RepoCredsUpdateRequest) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RepoCreds) { + option (google.api.http) = { + put: "/api/v1/write-repocreds/{creds.url}" + body: "creds" + }; + } + // DeleteRepositoryCredentials deletes a repository credential set from the configuration rpc DeleteRepositoryCredentials(RepoCredsDeleteRequest) returns (RepoCredsResponse) { option (google.api.http).delete = "/api/v1/repocreds/{url}"; } + // DeleteWriteRepositoryCredentials deletes a repository credential set with write access from the configuration + rpc DeleteWriteRepositoryCredentials(RepoCredsDeleteRequest) returns (RepoCredsResponse) { + option (google.api.http).delete = "/api/v1/write-repocreds/{url}"; + } } diff --git a/server/repository/repository.go b/server/repository/repository.go index 001818490f37e..191b720733e0f 100644 --- a/server/repository/repository.go +++ b/server/repository/repository.go @@ -16,7 +16,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" - "github.com/argoproj/argo-cd/v2/common" repositorypkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/repository" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -35,14 +34,15 @@ import ( // Server provides a Repository service type Server struct { - db db.ArgoDB - repoClientset apiclient.Clientset - enf *rbac.Enforcer - cache *servercache.Cache - appLister applisters.ApplicationLister - projLister cache.SharedIndexInformer - settings *settings.SettingsManager - namespace string + db db.ArgoDB + repoClientset apiclient.Clientset + enf *rbac.Enforcer + cache *servercache.Cache + appLister applisters.ApplicationLister + projLister cache.SharedIndexInformer + settings *settings.SettingsManager + namespace string + hydratorEnabled bool } // NewServer returns a new instance of the Repository service @@ -55,16 +55,18 @@ func NewServer( projLister cache.SharedIndexInformer, namespace string, settings *settings.SettingsManager, + hydratorEnabled bool, ) *Server { return &Server{ - db: db, - repoClientset: repoClientset, - enf: enf, - cache: cache, - appLister: appLister, - projLister: projLister, - namespace: namespace, - settings: settings, + db: db, + repoClientset: repoClientset, + enf: enf, + cache: cache, + appLister: appLister, + projLister: projLister, + namespace: namespace, + settings: settings, + hydratorEnabled: hydratorEnabled, } } @@ -78,6 +80,14 @@ func (s *Server) getRepo(ctx context.Context, url, project string) (*appsv1.Repo return repo, nil } +func (s *Server) getWriteRepo(ctx context.Context, url, project string) (*appsv1.Repository, error) { + repo, err := s.db.GetWriteRepository(ctx, url, project) + if err != nil { + return nil, errPermissionDenied + } + return repo, nil +} + func createRBACObject(project string, repo string) string { if project != "" { return project + "/" + repo @@ -138,7 +148,6 @@ func (s *Server) Get(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.R return nil, err } - // getRepo does not return an error for unconfigured repositories, so we are checking here exists, err := s.db.RepositoryExists(ctx, q.Repo, repo.Project) if err != nil { return nil, err @@ -150,39 +159,75 @@ func (s *Server) Get(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.R return repo, nil } +func (s *Server) GetWrite(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.Repository, error) { + if !s.hydratorEnabled { + return nil, status.Error(codes.Unimplemented, "hydrator is disabled") + } + + repo, err := getRepository(ctx, s.ListWriteRepositories, q) + if err != nil { + return nil, err + } + + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionGet, createRBACObject(repo.Project, repo.Repo)); err != nil { + return nil, err + } + + exists, err := s.db.WriteRepositoryExists(ctx, q.Repo, repo.Project) + if err != nil { + return nil, err + } + if !exists { + return nil, status.Errorf(codes.NotFound, "write repo '%s' not found", q.Repo) + } + + return repo, nil +} + // ListRepositories returns a list of all configured repositories and the state of their connections func (s *Server) ListRepositories(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.RepositoryList, error) { repos, err := s.db.ListRepositories(ctx) if err != nil { return nil, err } + items, err := s.prepareRepoList(ctx, rbacpolicy.ResourceRepositories, repos, q.ForceRefresh) + if err != nil { + return nil, err + } + return &appsv1.RepositoryList{Items: items}, nil +} + +// ListWriteRepositories returns a list of all configured repositories where the user has write access and the state of +// their connections +func (s *Server) ListWriteRepositories(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.RepositoryList, error) { + if !s.hydratorEnabled { + return nil, status.Error(codes.Unimplemented, "hydrator is disabled") + } + + repos, err := s.db.ListWriteRepositories(ctx) + if err != nil { + return nil, err + } + items, err := s.prepareRepoList(ctx, rbacpolicy.ResourceWriteRepositories, repos, q.ForceRefresh) + if err != nil { + return nil, err + } + return &appsv1.RepositoryList{Items: items}, nil +} + +// ListRepositoriesByAppProject returns a list of all configured repositories and the state of their connections. It +// normalizes, sanitizes, and filters out repositories that the user does not have access to in the specified project. +// It also sorts the repositories by project and repo name. +func (s *Server) prepareRepoList(ctx context.Context, resourceType string, repos []*appsv1.Repository, forceRefresh bool) (appsv1.Repositories, error) { items := appsv1.Repositories{} for _, repo := range repos { - if s.enf.Enforce(ctx.Value("claims"), rbacpolicy.ResourceRepositories, rbacpolicy.ActionGet, createRBACObject(repo.Project, repo.Repo)) { - // For backwards compatibility, if we have no repo type set assume a default - rType := repo.Type - if rType == "" { - rType = common.DefaultRepoType - } - // remove secrets - items = append(items, &appsv1.Repository{ - Repo: repo.Repo, - Type: rType, - Name: repo.Name, - Username: repo.Username, - Insecure: repo.IsInsecure(), - EnableLFS: repo.EnableLFS, - EnableOCI: repo.EnableOCI, - Proxy: repo.Proxy, - NoProxy: repo.NoProxy, - Project: repo.Project, - ForceHttpBasicAuth: repo.ForceHttpBasicAuth, - InheritedCreds: repo.InheritedCreds, - }) - } + items = append(items, repo.Normalize().Sanitized()) } - err = kube.RunAllAsync(len(items), func(i int) error { - items[i].ConnectionState = s.getConnectionState(ctx, items[i].Repo, items[i].Project, q.ForceRefresh) + items = items.Filter(func(r *appsv1.Repository) bool { + return s.enf.Enforce(ctx.Value("claims"), resourceType, rbacpolicy.ActionGet, createRBACObject(r.Project, r.Repo)) + }) + err := kube.RunAllAsync(len(items), func(i int) error { + items[i].ConnectionState = s.getConnectionState(ctx, items[i].Repo, items[i].Project, forceRefresh) return nil }) if err != nil { @@ -193,7 +238,7 @@ func (s *Server) ListRepositories(ctx context.Context, q *repositorypkg.RepoQuer second := items[j] return strings.Compare(fmt.Sprintf("%s/%s", first.Project, first.Repo), fmt.Sprintf("%s/%s", second.Project, second.Repo)) < 0 }) - return &appsv1.RepositoryList{Items: items}, nil + return items, nil } func (s *Server) ListRefs(ctx context.Context, q *repositorypkg.RepoQuery) (*apiclient.Refs, error) { @@ -419,7 +464,7 @@ func (s *Server) CreateRepository(ctx context.Context, q *repositorypkg.RepoCrea repo, err = existing, nil } else if q.Upsert { r.Project = q.Repo.Project - return s.UpdateRepository(ctx, &repositorypkg.RepoUpdateRequest{Repo: r}) + return s.db.UpdateRepository(ctx, r) } else { return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("repository", existing, r)) } @@ -430,6 +475,50 @@ func (s *Server) CreateRepository(ctx context.Context, q *repositorypkg.RepoCrea return &appsv1.Repository{Repo: repo.Repo, Type: repo.Type, Name: repo.Name}, nil } +// CreateWriteRepository creates a repository configuration with write credentials +func (s *Server) CreateWriteRepository(ctx context.Context, q *repositorypkg.RepoCreateRequest) (*appsv1.Repository, error) { + if !s.hydratorEnabled { + return nil, status.Error(codes.Unimplemented, "hydrator is disabled") + } + + if q.Repo == nil { + return nil, status.Errorf(codes.InvalidArgument, "missing payload in request") + } + + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionCreate, createRBACObject(q.Repo.Project, q.Repo.Repo)); err != nil { + return nil, err + } + + if !q.Repo.HasCredentials() { + return nil, status.Errorf(codes.InvalidArgument, "missing credentials in request") + } + + err := s.testRepo(ctx, q.Repo) + if err != nil { + return nil, err + } + + repo, err := s.db.CreateWriteRepository(ctx, q.Repo) + if status.Convert(err).Code() == codes.AlreadyExists { + // act idempotent if existing spec matches new spec + existing, getErr := s.db.GetWriteRepository(ctx, q.Repo.Repo, q.Repo.Project) + if getErr != nil { + return nil, status.Errorf(codes.Internal, "unable to check existing repository details: %v", getErr) + } + if reflect.DeepEqual(existing, q.Repo) { + repo, err = existing, nil + } else if q.Upsert { + return s.db.UpdateWriteRepository(ctx, q.Repo) + } else { + return nil, status.Error(codes.InvalidArgument, argo.GenerateSpecIsDifferentErrorMessage("write repository", existing, q.Repo)) + } + } + if err != nil { + return nil, err + } + return &appsv1.Repository{Repo: repo.Repo, Type: repo.Type, Name: repo.Name}, nil +} + // Update updates a repository or credential set // Deprecated: Use UpdateRepository() instead func (s *Server) Update(ctx context.Context, q *repositorypkg.RepoUpdateRequest) (*appsv1.Repository, error) { @@ -459,6 +548,33 @@ func (s *Server) UpdateRepository(ctx context.Context, q *repositorypkg.RepoUpda return &appsv1.Repository{Repo: q.Repo.Repo, Type: q.Repo.Type, Name: q.Repo.Name}, err } +// UpdateWriteRepository updates a repository configuration with write credentials +func (s *Server) UpdateWriteRepository(ctx context.Context, q *repositorypkg.RepoUpdateRequest) (*appsv1.Repository, error) { + if !s.hydratorEnabled { + return nil, status.Error(codes.Unimplemented, "hydrator is disabled") + } + + if q.Repo == nil { + return nil, status.Errorf(codes.InvalidArgument, "missing payload in request") + } + + repo, err := s.getWriteRepo(ctx, q.Repo.Repo, q.Repo.Project) + if err != nil { + return nil, err + } + + // verify that user can do update inside project where repository is located + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionUpdate, createRBACObject(repo.Project, repo.Repo)); err != nil { + return nil, err + } + // verify that user can do update inside project where repository will be located + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionUpdate, createRBACObject(q.Repo.Project, q.Repo.Repo)); err != nil { + return nil, err + } + _, err = s.db.UpdateWriteRepository(ctx, q.Repo) + return &appsv1.Repository{Repo: q.Repo.Repo, Type: q.Repo.Type, Name: q.Repo.Name}, err +} + // Delete removes a repository from the configuration // Deprecated: Use DeleteRepository() instead func (s *Server) Delete(ctx context.Context, q *repositorypkg.RepoQuery) (*repositorypkg.RepoResponse, error) { @@ -485,6 +601,25 @@ func (s *Server) DeleteRepository(ctx context.Context, q *repositorypkg.RepoQuer return &repositorypkg.RepoResponse{}, err } +// DeleteWriteRepository removes a repository from the configuration +func (s *Server) DeleteWriteRepository(ctx context.Context, q *repositorypkg.RepoQuery) (*repositorypkg.RepoResponse, error) { + if !s.hydratorEnabled { + return nil, status.Error(codes.Unimplemented, "hydrator is disabled") + } + + repo, err := getRepository(ctx, s.ListWriteRepositories, q) + if err != nil { + return nil, err + } + + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionDelete, createRBACObject(repo.Project, repo.Repo)); err != nil { + return nil, err + } + + err = s.db.DeleteWriteRepository(ctx, repo.Repo, repo.Project) + return &repositorypkg.RepoResponse{}, err +} + // getRepository fetches a single repository which the user has access to. If only one repository can be found which // matches the same URL, that will be returned (this is for backward compatibility reasons). If multiple repositories // are matched, a repository is only returned if it matches the app project of the incoming request. @@ -568,10 +703,47 @@ func (s *Server) ValidateAccess(ctx context.Context, q *repositorypkg.RepoAccess return &repositorypkg.RepoResponse{}, nil } +// ValidateWriteAccess checks whether write access to a repository is possible with the +// given URL and credentials. +func (s *Server) ValidateWriteAccess(ctx context.Context, q *repositorypkg.RepoAccessQuery) (*repositorypkg.RepoResponse, error) { + if !s.hydratorEnabled { + return nil, status.Error(codes.Unimplemented, "hydrator is disabled") + } + + if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceWriteRepositories, rbacpolicy.ActionCreate, createRBACObject(q.Project, q.Repo)); err != nil { + return nil, err + } + + repo := &appsv1.Repository{ + Repo: q.Repo, + Type: q.Type, + Name: q.Name, + Username: q.Username, + Password: q.Password, + SSHPrivateKey: q.SshPrivateKey, + Insecure: q.Insecure, + TLSClientCertData: q.TlsClientCertData, + TLSClientCertKey: q.TlsClientCertKey, + EnableOCI: q.EnableOci, + GithubAppPrivateKey: q.GithubAppPrivateKey, + GithubAppId: q.GithubAppID, + GithubAppInstallationId: q.GithubAppInstallationID, + GitHubAppEnterpriseBaseURL: q.GithubAppEnterpriseBaseUrl, + Proxy: q.Proxy, + GCPServiceAccountKey: q.GcpServiceAccountKey, + } + + err := s.testRepo(ctx, repo) + if err != nil { + return nil, err + } + return &repositorypkg.RepoResponse{}, nil +} + func (s *Server) testRepo(ctx context.Context, repo *appsv1.Repository) error { conn, repoClient, err := s.repoClientset.NewRepoServerClient() if err != nil { - return err + return fmt.Errorf("failed to connect to repo-server: %w", err) } defer io.Close(conn) diff --git a/server/repository/repository.proto b/server/repository/repository.proto index 379cbdeabf9cc..678cb7ecc583c 100644 --- a/server/repository/repository.proto +++ b/server/repository/repository.proto @@ -116,16 +116,26 @@ service RepositoryService { option deprecated = true; } - // Get returns a repository or its credentials + // Get returns a repository or its credentials rpc Get(RepoQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository) { option (google.api.http).get = "/api/v1/repositories/{repo}"; } + // GetWrite returns a repository or its write credentials + rpc GetWrite(RepoQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository) { + option (google.api.http).get = "/api/v1/write-repositories/{repo}"; + } + // ListRepositories gets a list of all configured repositories rpc ListRepositories(RepoQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RepositoryList) { option (google.api.http).get = "/api/v1/repositories"; } + // ListWriteRepositories gets a list of all configured write repositories + rpc ListWriteRepositories(RepoQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.RepositoryList) { + option (google.api.http).get = "/api/v1/write-repositories"; + } + rpc ListRefs(RepoQuery) returns (Refs) { option (google.api.http).get = "/api/v1/repositories/{repo}/refs"; } @@ -165,6 +175,14 @@ service RepositoryService { }; } + // CreateWriteRepository creates a new write repository configuration + rpc CreateWriteRepository(RepoCreateRequest) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository) { + option (google.api.http) = { + post: "/api/v1/write-repositories" + body: "repo" + }; + } + // Update updates a repo or repo credential set rpc Update(RepoUpdateRequest) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository) { option (google.api.http) = { @@ -182,6 +200,14 @@ service RepositoryService { }; } + // UpdateWriteRepository updates a write repository configuration + rpc UpdateWriteRepository(RepoUpdateRequest) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository) { + option (google.api.http) = { + put: "/api/v1/write-repositories/{repo.repo}" + body: "repo" + }; + } + // Delete deletes a repository from the configuration rpc Delete(RepoQuery) returns (RepoResponse) { option (google.api.http).delete = "/api/v1/repositories/{repo}"; @@ -193,6 +219,11 @@ service RepositoryService { option (google.api.http).delete = "/api/v1/repositories/{repo}"; } + // DeleteWriteRepository deletes a write repository from the configuration + rpc DeleteWriteRepository(RepoQuery) returns (RepoResponse) { + option (google.api.http).delete = "/api/v1/write-repositories/{repo}"; + } + // ValidateAccess validates access to a repository with given parameters rpc ValidateAccess(RepoAccessQuery) returns (RepoResponse) { option (google.api.http) = { @@ -200,4 +231,12 @@ service RepositoryService { body: "repo" }; } + + // ValidateWriteAccess validates write access to a repository with given parameters + rpc ValidateWriteAccess(RepoAccessQuery) returns (RepoResponse) { + option (google.api.http) = { + post: "/api/v1/write-repositories/{repo}/validate" + body: "repo" + }; + } } diff --git a/server/repository/repository_test.go b/server/repository/repository_test.go index f4d80c3c434d8..7b4b77bca2ab1 100644 --- a/server/repository/repository_test.go +++ b/server/repository/repository_test.go @@ -21,6 +21,7 @@ import ( "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient/repository" + repositorypkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/repository" appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" fakeapps "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" appinformer "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions" @@ -266,7 +267,7 @@ func TestRepositoryServer(t *testing.T) { repoServerClient := mocks.RepoServerServiceClient{} repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} - s := NewServer(&repoServerClientset, argoDB, enforcer, nil, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, argoDB, enforcer, nil, appLister, projInformer, testNamespace, settingsMgr, false) url := "https://test" repo, _ := s.getRepo(context.TODO(), url, "") assert.Equal(t, repo.Repo, url) @@ -277,7 +278,7 @@ func TestRepositoryServer(t *testing.T) { repoServerClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} - s := NewServer(&repoServerClientset, argoDB, enforcer, nil, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, argoDB, enforcer, nil, appLister, projInformer, testNamespace, settingsMgr, false) url := "https://test" _, err := s.ValidateAccess(context.TODO(), &repository.RepoAccessQuery{ Repo: url, @@ -296,7 +297,7 @@ func TestRepositoryServer(t *testing.T) { db.On("GetRepository", context.TODO(), url, "").Return(&appsv1.Repository{Repo: url}, nil) db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) @@ -321,7 +322,7 @@ func TestRepositoryServer(t *testing.T) { db.On("GetRepository", context.TODO(), url, "").Return(testRepo, nil) db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) @@ -342,7 +343,7 @@ func TestRepositoryServer(t *testing.T) { db.On("GetRepository", context.TODO(), url, "").Return(nil, errors.New("some error")) db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) @@ -361,7 +362,7 @@ func TestRepositoryServer(t *testing.T) { db.On("GetRepository", context.TODO(), url, "").Return(&appsv1.Repository{Repo: url}, nil) db.On("RepositoryExists", context.TODO(), url, "").Return(false, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) @@ -376,16 +377,19 @@ func TestRepositoryServer(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{{Repo: url, Username: "test", Password: "it's a secret"}}, nil) + db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{{Repo: url, Username: "test", Password: "it's a secret", GitHubAppEnterpriseBaseURL: "https://ghe.example.com/api/v3", GithubAppId: 123456, GithubAppInstallationId: 789}}, nil) db.On("GetRepository", context.TODO(), url, "").Return(&appsv1.Repository{Repo: url, Username: "test", Password: "it's a secret"}, nil) db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) require.NoError(t, err) assert.Equal(t, "https://test", repo.Repo) + assert.Equal(t, "https://ghe.example.com/api/v3", repo.GitHubAppEnterpriseBaseURL) + assert.Equal(t, int64(123456), repo.GithubAppId) + assert.Equal(t, int64(789), repo.GithubAppInstallationId) assert.Empty(t, repo.Password) }) @@ -400,7 +404,7 @@ func TestRepositoryServer(t *testing.T) { db.On("GetRepository", context.TODO(), url, "").Return(&appsv1.Repository{Repo: url, Username: "test"}, nil) db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) @@ -422,7 +426,7 @@ func TestRepositoryServer(t *testing.T) { db.On("GetRepository", context.TODO(), url, "").Return(&appsv1.Repository{Repo: url}, nil) db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) @@ -443,7 +447,7 @@ func TestRepositoryServer(t *testing.T) { Project: "proj", }, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.CreateRepository(context.TODO(), &repository.RepoCreateRequest{ Repo: &appsv1.Repository{ Repo: "test", @@ -459,24 +463,27 @@ func TestRepositoryServer(t *testing.T) { repoServerClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} + r := &appsv1.Repository{ + Repo: "test", + Username: "test", + } + db := &dbmocks.ArgoDB{} db.On("GetRepository", context.TODO(), "test", "").Return(&appsv1.Repository{ Repo: "test", Username: "test", }, nil) db.On("CreateRepository", context.TODO(), mock.Anything).Return(nil, status.Errorf(codes.AlreadyExists, "repository already exists")) - db.On("UpdateRepository", context.TODO(), mock.Anything).Return(nil, nil) + db.On("UpdateRepository", context.TODO(), mock.Anything).Return(r, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) repo, err := s.CreateRepository(context.TODO(), &repository.RepoCreateRequest{ - Repo: &appsv1.Repository{ - Repo: "test", - Username: "test", - }, + Repo: r, Upsert: true, }) require.NoError(t, err) + require.NotNil(t, repo) assert.Equal(t, "test", repo.Repo) }) @@ -492,7 +499,7 @@ func TestRepositoryServer(t *testing.T) { db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{&fakeRepo, &fakeRepo}, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr, false) resp, err := s.ListRepositories(context.TODO(), &repository.RepoQuery{}) require.NoError(t, err) assert.Len(t, resp.Items, 2) @@ -514,7 +521,7 @@ func TestRepositoryServerListApps(t *testing.T) { db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.ListApps(context.TODO(), &repository.RepoAppsQuery{ Repo: "https://test", Revision: "HEAD", @@ -543,7 +550,7 @@ func TestRepositoryServerListApps(t *testing.T) { }, }, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.ListApps(context.TODO(), &repository.RepoAppsQuery{ Repo: "https://test", Revision: "HEAD", @@ -551,7 +558,7 @@ func TestRepositoryServerListApps(t *testing.T) { AppProject: "default", }) require.NoError(t, err) - assert.Len(t, resp.Items, 1) + require.Len(t, resp.Items, 1) assert.Equal(t, "path/to/dir", resp.Items[0].Path) assert.Equal(t, "Kustomize", resp.Items[0].Type) }) @@ -574,7 +581,7 @@ func TestRepositoryServerListApps(t *testing.T) { }, }, nil) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.ListApps(context.TODO(), &repository.RepoAppsQuery{ Repo: "https://test", Revision: "HEAD", @@ -601,7 +608,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: &appsv1.ApplicationSource{ RepoURL: url, @@ -624,7 +631,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: &appsv1.ApplicationSource{ RepoURL: url, @@ -646,7 +653,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: &appsv1.ApplicationSource{ RepoURL: url, @@ -672,7 +679,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { repoServerClient.On("GetAppDetails", context.TODO(), mock.Anything).Return(&expectedResp, nil) appLister, projLister := newAppAndProjLister(defaultProj) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: &appsv1.ApplicationSource{ RepoURL: url, @@ -697,7 +704,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { repoServerClient.On("GetAppDetails", context.TODO(), mock.Anything).Return(&expectedResp, nil) appLister, projLister := newAppAndProjLister(defaultProjNoSources) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: &appsv1.ApplicationSource{ RepoURL: url, @@ -723,7 +730,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { repoServerClient.On("GetAppDetails", context.TODO(), mock.Anything).Return(&expectedResp, nil) appLister, projLister := newAppAndProjLister(defaultProj, guestbookApp) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: guestbookApp.Spec.GetSourcePtrByIndex(0), AppName: "guestbook", @@ -748,7 +755,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { repoServerClient.On("GetAppDetails", context.TODO(), mock.Anything).Return(&expectedResp, nil) appLister, projLister := newAppAndProjLister(defaultProj, multiSourceApp001) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) sources := multiSourceApp001.Spec.GetSources() assert.Len(t, sources, 2) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ @@ -789,7 +796,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { repoServerClient.On("GetAppDetails", context.TODO(), mock.MatchedBy(func(req *apiclient.RepoServerAppDetailsQuery) bool { return req.Source.RepoURL == url1 })).Return(&expectedResp1, nil) appLister, projLister := newAppAndProjLister(defaultProj, multiSourceApp002) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) sources := multiSourceApp002.Spec.GetSources() assert.Len(t, sources, 2) @@ -821,7 +828,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { db.On("GetRepository", context.TODO(), url, "mismatch").Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj, guestbookApp) - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: guestbookApp.Spec.GetSourcePtrByIndex(0), AppName: "guestbook", @@ -842,7 +849,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { differentSource := guestbookApp.Spec.Source.DeepCopy() differentSource.Helm.ValueFiles = []string{"/etc/passwd"} - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: differentSource, AppName: "guestbook", @@ -868,7 +875,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { previousSource := guestbookApp.Status.History[0].Source.DeepCopy() previousSource.TargetRevision = guestbookApp.Status.History[0].Revision - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: previousSource, AppName: "guestbook", @@ -897,7 +904,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { differentSource := multiSourceApp001.Spec.Sources[0].DeepCopy() differentSource.Helm.ValueFiles = []string{"/etc/passwd"} - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: differentSource, AppName: multiSourceApp001AppName, @@ -925,7 +932,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { previousSource := multiSourceApp001.Status.History[0].Sources[0].DeepCopy() previousSource.TargetRevision = multiSourceApp001.Status.History[0].Revisions[0] - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: previousSource, AppName: multiSourceApp001AppName, @@ -1119,3 +1126,35 @@ func TestGetRepository(t *testing.T) { }) } } + +func TestDeleteRepository(t *testing.T) { + repositories := map[string]string{ + "valid": "https://bitbucket.org/workspace/repo.git", + // Check a wrongly formatter repo as well, see https://github.com/argoproj/argo-cd/issues/20921 + "invalid": "git clone https://bitbucket.org/workspace/repo.git", + } + + kubeclientset := fake.NewSimpleClientset(&argocdCM, &argocdSecret) + settingsMgr := settings.NewSettingsManager(context.Background(), kubeclientset, testNamespace) + + for name, repo := range repositories { + t.Run(name, func(t *testing.T) { + repoServerClient := mocks.RepoServerServiceClient{} + repoServerClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) + + repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} + enforcer := newEnforcer(kubeclientset) + + db := &dbmocks.ArgoDB{} + db.On("DeleteRepository", context.TODO(), repo, "default").Return(nil) + db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{{Repo: repo, Project: "default"}}, nil) + db.On("GetRepository", context.TODO(), repo, "default").Return(&appsv1.Repository{Repo: repo, Project: "default"}, nil) + appLister, projLister := newAppAndProjLister(defaultProj) + + s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr, false) + resp, err := s.DeleteRepository(context.TODO(), &repository.RepoQuery{Repo: repo, AppProject: "default"}) + require.NoError(t, err) + assert.Equal(t, repositorypkg.RepoResponse{}, *resp) + }) + } +} diff --git a/server/server.go b/server/server.go index 6625461dfab03..29c7da2ab1552 100644 --- a/server/server.go +++ b/server/server.go @@ -13,13 +13,17 @@ import ( "net/url" "os" "os/exec" + "os/signal" "path" "path/filepath" "reflect" "regexp" go_runtime "runtime" + "runtime/debug" "strings" gosync "sync" + "sync/atomic" + "syscall" "time" // nolint:staticcheck @@ -149,7 +153,7 @@ var backoff = wait.Backoff{ } var ( - clientConstraint = fmt.Sprintf(">= %s", common.MinClientVersion) + clientConstraint = ">= " + common.MinClientVersion baseHRefRegex = regexp.MustCompile(``) // limits number of concurrent login requests to prevent password brute forcing. If set to 0 then no limit is enforced. maxConcurrentLoginRequestsCount = 50 @@ -187,17 +191,20 @@ type ArgoCDServer struct { db db.ArgoDB // stopCh is the channel which when closed, will shutdown the Argo CD server - stopCh chan struct{} - userStateStorage util_session.UserStateStorage - indexDataInit gosync.Once - indexData []byte - indexDataErr error - staticAssets http.FileSystem - apiFactory api.Factory - secretInformer cache.SharedIndexInformer - configMapInformer cache.SharedIndexInformer - serviceSet *ArgoCDServiceSet - extensionManager *extension.Manager + stopCh chan os.Signal + userStateStorage util_session.UserStateStorage + indexDataInit gosync.Once + indexData []byte + indexDataErr error + staticAssets http.FileSystem + apiFactory api.Factory + secretInformer cache.SharedIndexInformer + configMapInformer cache.SharedIndexInformer + serviceSet *ArgoCDServiceSet + extensionManager *extension.Manager + shutdown func() + terminateRequested atomic.Bool + available atomic.Bool } type ArgoCDServerOpts struct { @@ -230,6 +237,7 @@ type ArgoCDServerOpts struct { EnableProxyExtension bool WebhookParallelism int EnableK8sEvent []string + HydratorEnabled bool } type ApplicationSetOpts struct { @@ -240,6 +248,9 @@ type ApplicationSetOpts struct { EnableScmProviders bool } +// GracefulRestartSignal implements a signal to be used for a graceful restart trigger. +type GracefulRestartSignal struct{} + // HTTPMetricsRegistry exposes operations to update http metrics in the Argo CD // API server. type HTTPMetricsRegistry interface { @@ -252,6 +263,14 @@ type HTTPMetricsRegistry interface { ObserveExtensionRequestDuration(extension string, duration time.Duration) } +// String is a part of os.Signal interface to represent a signal as a string. +func (g GracefulRestartSignal) String() string { + return "GracefulRestartSignal" +} + +// Signal is a part of os.Signal interface doing nothing. +func (g GracefulRestartSignal) Signal() {} + // initializeDefaultProject creates the default project if it does not already exist func initializeDefaultProject(opts ArgoCDServerOpts) error { defaultProj := &v1alpha1.AppProject{ @@ -329,6 +348,9 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts, appsetOpts Applicatio pg := extension.NewDefaultProjectGetter(projLister, dbInstance) ug := extension.NewDefaultUserGetter(policyEnf) em := extension.NewManager(logger, opts.Namespace, sg, ag, pg, enf, ug) + noopShutdown := func() { + log.Error("API Server Shutdown function called but server is not started yet.") + } a := &ArgoCDServer{ ArgoCDServerOpts: opts, @@ -352,6 +374,8 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts, appsetOpts Applicatio secretInformer: secretInformer, configMapInformer: configMapInformer, extensionManager: em, + shutdown: noopShutdown, + stopCh: make(chan os.Signal, 1), } err = a.logInClusterWarnings() @@ -369,6 +393,12 @@ const ( ) func (a *ArgoCDServer) healthCheck(r *http.Request) error { + if a.terminateRequested.Load() { + return errors.New("API Server is terminating and unable to serve requests.") + } + if !a.available.Load() { + return errors.New("API Server is not available. It either hasn't started or is restarting.") + } if val, ok := r.URL.Query()["full"]; ok && len(val) > 0 && val[0] == "true" { argoDB := db.NewDB(a.Namespace, a.settingsMgr, a.KubeClientset) _, err := argoDB.ListClusters(r.Context()) @@ -515,11 +545,19 @@ func (a *ArgoCDServer) Init(ctx context.Context) { // k8s.io/ go-to-protobuf uses protoc-gen-gogo, which comes from gogo/protobuf (a fork of // golang/protobuf). func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) { + defer func() { + if r := recover(); r != nil { + log.WithField("trace", string(debug.Stack())).Error("Recovered from panic: ", r) + a.terminateRequested.Store(true) + a.shutdown() + } + }() + a.userStateStorage.Init(ctx) metricsServ := metrics.NewMetricsServer(a.MetricsHost, a.MetricsPort) if a.RedisClient != nil { - cacheutil.CollectMetrics(a.RedisClient, metricsServ) + cacheutil.CollectMetrics(a.RedisClient, metricsServ, a.userStateStorage.GetLockObject()) } svcSet := newArgoCDServiceSet(a) @@ -601,35 +639,118 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) { log.Fatal("Timed out waiting for project cache to sync") } - a.stopCh = make(chan struct{}) - <-a.stopCh + shutdownFunc := func() { + log.Info("API Server shutdown initiated. Shutting down servers...") + a.available.Store(false) + shutdownCtx, cancel := context.WithTimeout(ctx, 20*time.Second) + defer cancel() + var wg gosync.WaitGroup + + // Shutdown http server + wg.Add(1) + go func() { + defer wg.Done() + err := httpS.Shutdown(shutdownCtx) + if err != nil { + log.Errorf("Error shutting down http server: %s", err) + } + }() + + if a.useTLS() { + // Shutdown https server + wg.Add(1) + go func() { + defer wg.Done() + err := httpsS.Shutdown(shutdownCtx) + if err != nil { + log.Errorf("Error shutting down https server: %s", err) + } + }() + } + + // Shutdown gRPC server + wg.Add(1) + go func() { + defer wg.Done() + grpcS.GracefulStop() + }() + + // Shutdown metrics server + wg.Add(1) + go func() { + defer wg.Done() + err := metricsServ.Shutdown(shutdownCtx) + if err != nil { + log.Errorf("Error shutting down metrics server: %s", err) + } + }() + + if a.useTLS() { + // Shutdown tls server + wg.Add(1) + go func() { + defer wg.Done() + tlsm.Close() + }() + } + + // Shutdown tcp server + wg.Add(1) + go func() { + defer wg.Done() + tcpm.Close() + }() + + c := make(chan struct{}) + // This goroutine will wait for all servers to conclude the shutdown + // process + go func() { + defer close(c) + wg.Wait() + }() + + select { + case <-c: + log.Info("All servers were gracefully shutdown. Exiting...") + case <-shutdownCtx.Done(): + log.Warn("Graceful shutdown timeout. Exiting...") + } + } + a.shutdown = shutdownFunc + signal.Notify(a.stopCh, os.Interrupt, syscall.SIGINT, syscall.SIGTERM) + a.available.Store(true) + + select { + case signal := <-a.stopCh: + log.Infof("API Server received signal: %s", signal.String()) + gracefulRestartSignal := GracefulRestartSignal{} + if signal != gracefulRestartSignal { + a.terminateRequested.Store(true) + } + a.shutdown() + case <-ctx.Done(): + log.Infof("API Server: %s", ctx.Err()) + a.terminateRequested.Store(true) + a.shutdown() + } } func (a *ArgoCDServer) Initialized() bool { return a.projInformer.HasSynced() && a.appInformer.HasSynced() } +// TerminateRequested returns whether a shutdown was initiated by a signal or context cancel +// as opposed to a watch. +func (a *ArgoCDServer) TerminateRequested() bool { + return a.terminateRequested.Load() +} + // checkServeErr checks the error from a .Serve() call to decide if it was a graceful shutdown func (a *ArgoCDServer) checkServeErr(name string, err error) { - if err != nil { - if a.stopCh == nil { - // a nil stopCh indicates a graceful shutdown - log.Infof("graceful shutdown %s: %v", name, err) - } else { - log.Fatalf("%s: %v", name, err) - } + if err != nil && !errors.Is(err, http.ErrServerClosed) { + log.Errorf("Error received from server %s: %v", name, err) } else { - log.Infof("graceful shutdown %s", name) - } -} - -// Shutdown stops the Argo CD server -func (a *ArgoCDServer) Shutdown() { - log.Info("Shut down requested") - stopCh := a.stopCh - a.stopCh = nil - if stopCh != nil { - close(stopCh) + log.Infof("Graceful shutdown of %s initiated", name) } } @@ -734,9 +855,10 @@ func (a *ArgoCDServer) watchSettings() { } } log.Info("shutting down settings watch") - a.Shutdown() a.settingsMgr.Unsubscribe(updateCh) close(updateCh) + // Triggers server restart + a.stopCh <- GracefulRestartSignal{} } func (a *ArgoCDServer) rbacPolicyLoader(ctx context.Context) { @@ -782,19 +904,24 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre ), } sensitiveMethods := map[string]bool{ - "/cluster.ClusterService/Create": true, - "/cluster.ClusterService/Update": true, - "/session.SessionService/Create": true, - "/account.AccountService/UpdatePassword": true, - "/gpgkey.GPGKeyService/CreateGnuPGPublicKey": true, - "/repository.RepositoryService/Create": true, - "/repository.RepositoryService/Update": true, - "/repository.RepositoryService/CreateRepository": true, - "/repository.RepositoryService/UpdateRepository": true, - "/repository.RepositoryService/ValidateAccess": true, - "/repocreds.RepoCredsService/CreateRepositoryCredentials": true, - "/repocreds.RepoCredsService/UpdateRepositoryCredentials": true, - "/application.ApplicationService/PatchResource": true, + "/cluster.ClusterService/Create": true, + "/cluster.ClusterService/Update": true, + "/session.SessionService/Create": true, + "/account.AccountService/UpdatePassword": true, + "/gpgkey.GPGKeyService/CreateGnuPGPublicKey": true, + "/repository.RepositoryService/Create": true, + "/repository.RepositoryService/Update": true, + "/repository.RepositoryService/CreateRepository": true, + "/repository.RepositoryService/UpdateRepository": true, + "/repository.RepositoryService/ValidateAccess": true, + "/repocreds.RepoCredsService/CreateRepositoryCredentials": true, + "/repocreds.RepoCredsService/UpdateRepositoryCredentials": true, + "/repository.RepositoryService/CreateWriteRepository": true, + "/repository.RepositoryService/UpdateWriteRepository": true, + "/repository.RepositoryService/ValidateWriteAccess": true, + "/repocreds.RepoCredsService/CreateWriteRepositoryCredentials": true, + "/repocreds.RepoCredsService/UpdateWriteRepositoryCredentials": true, + "/application.ApplicationService/PatchResource": true, // Remove from logs both because the contents are sensitive and because they may be very large. "/application.ApplicationService/GetManifestsWithFiles": true, } @@ -869,7 +996,7 @@ type ArgoCDServiceSet struct { func newArgoCDServiceSet(a *ArgoCDServer) *ArgoCDServiceSet { kubectl := kubeutil.NewKubectl() clusterService := cluster.NewServer(a.db, a.enf, a.Cache, kubectl) - repoService := repository.NewServer(a.RepoClientset, a.db, a.enf, a.Cache, a.appLister, a.projInformer, a.Namespace, a.settingsMgr) + repoService := repository.NewServer(a.RepoClientset, a.db, a.enf, a.Cache, a.appLister, a.projInformer, a.Namespace, a.settingsMgr, a.HydratorEnabled) repoCredsService := repocreds.NewServer(a.RepoClientset, a.db, a.enf, a.settingsMgr) var loginRateLimiter func() (io.Closer, error) if maxConcurrentLoginRequestsCount > 0 { @@ -921,7 +1048,7 @@ func newArgoCDServiceSet(a *ArgoCDServer) *ArgoCDServiceSet { projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock, a.sessionMgr, a.policyEnforcer, a.projInformer, a.settingsMgr, a.db, a.EnableK8sEvent) appsInAnyNamespaceEnabled := len(a.ArgoCDServerOpts.ApplicationNamespaces) > 0 - settingsService := settings.NewServer(a.settingsMgr, a.RepoClientset, a, a.DisableAuth, appsInAnyNamespaceEnabled) + settingsService := settings.NewServer(a.settingsMgr, a.RepoClientset, a, a.DisableAuth, appsInAnyNamespaceEnabled, a.HydratorEnabled) accountService := account.NewServer(a.sessionMgr, a.settingsMgr, a.enf) notificationService := notification.NewServer(a.apiFactory) @@ -975,7 +1102,7 @@ func (a *ArgoCDServer) translateGrpcCookieHeader(ctx context.Context, w http.Res } func (a *ArgoCDServer) setTokenCookie(token string, w http.ResponseWriter) error { - cookiePath := fmt.Sprintf("path=/%s", strings.TrimRight(strings.TrimLeft(a.ArgoCDServerOpts.BaseHRef, "/"), "/")) + cookiePath := "path=/" + strings.TrimRight(strings.TrimLeft(a.ArgoCDServerOpts.BaseHRef, "/"), "/") flags := []string{cookiePath, "SameSite=lax", "httpOnly"} if !a.Insecure { flags = append(flags, "Secure") @@ -1141,7 +1268,7 @@ func registerExtensions(mux *http.ServeMux, a *ArgoCDServer, metricsReg HTTPMetr extHandler := http.HandlerFunc(a.extensionManager.CallExtension()) authMiddleware := a.sessionMgr.AuthMiddlewareFunc(a.DisableAuth) // auth middleware ensures that requests to all extensions are authenticated first - mux.Handle(fmt.Sprintf("%s/", extension.URLPrefix), authMiddleware(extHandler)) + mux.Handle(extension.URLPrefix+"/", authMiddleware(extHandler)) a.extensionManager.AddMetricsRegistry(metricsReg) diff --git a/server/server_norace_test.go b/server/server_norace_test.go index cd73a54f12c41..5dbebd88c6da7 100644 --- a/server/server_norace_test.go +++ b/server/server_norace_test.go @@ -50,7 +50,7 @@ func TestUserAgent(t *testing.T) { tests := []testData{ { // Reject out-of-date user-agent - userAgent: fmt.Sprintf("%s/0.10.0", common.ArgoCDUserAgentName), + userAgent: common.ArgoCDUserAgentName + "/0.10.0", errorMsg: "unsatisfied client version constraint", }, { diff --git a/server/server_test.go b/server/server_test.go index 1f715d00d4e91..02bab631ef664 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -10,6 +10,8 @@ import ( "os" "path/filepath" "strings" + gosync "sync" + "syscall" "testing" "time" @@ -54,7 +56,7 @@ func fakeServer(t *testing.T) (*FakeArgoCDServer, func()) { t.Helper() cm := test.NewFakeConfigMap() secret := test.NewFakeSecret() - kubeclientset := fake.NewSimpleClientset(cm, secret) + kubeclientset := fake.NewClientset(cm, secret) appClientSet := apps.NewSimpleClientset() redis, closer := test.NewInMemoryRedis() mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} @@ -123,7 +125,7 @@ func TestEnforceProjectToken(t *testing.T) { } cm := test.NewFakeConfigMap() secret := test.NewFakeSecret() - kubeclientset := fake.NewSimpleClientset(cm, secret) + kubeclientset := fake.NewClientset(cm, secret) mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} t.Run("TestEnforceProjectTokenSuccessful", func(t *testing.T) { @@ -202,7 +204,7 @@ func TestEnforceProjectToken(t *testing.T) { } func TestEnforceClaims(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap()) + kubeclientset := fake.NewClientset(test.NewFakeConfigMap()) enf := rbac.NewEnforcer(kubeclientset, test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) _ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV) rbacEnf := rbacpolicy.NewRBACPolicyEnforcer(enf, test.NewFakeProjLister()) @@ -234,7 +236,7 @@ g, bob, role:admin } func TestDefaultRoleWithClaims(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := rbac.NewEnforcer(kubeclientset, test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) _ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV) rbacEnf := rbacpolicy.NewRBACPolicyEnforcer(enf, test.NewFakeProjLister()) @@ -248,7 +250,7 @@ func TestDefaultRoleWithClaims(t *testing.T) { } func TestEnforceNilClaims(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap()) + kubeclientset := fake.NewClientset(test.NewFakeConfigMap()) enf := rbac.NewEnforcer(kubeclientset, test.FakeArgoCDNamespace, common.ArgoCDConfigMapName, nil) _ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV) rbacEnf := rbacpolicy.NewRBACPolicyEnforcer(enf, test.NewFakeProjLister()) @@ -261,7 +263,7 @@ func TestEnforceNilClaims(t *testing.T) { func TestInitializingExistingDefaultProject(t *testing.T) { cm := test.NewFakeConfigMap() secret := test.NewFakeSecret() - kubeclientset := fake.NewSimpleClientset(cm, secret) + kubeclientset := fake.NewClientset(cm, secret) defaultProj := &v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: v1alpha1.DefaultAppProjectName, Namespace: test.FakeArgoCDNamespace}, Spec: v1alpha1.AppProjectSpec{}, @@ -289,7 +291,7 @@ func TestInitializingExistingDefaultProject(t *testing.T) { func TestInitializingNotExistingDefaultProject(t *testing.T) { cm := test.NewFakeConfigMap() secret := test.NewFakeSecret() - kubeclientset := fake.NewSimpleClientset(cm, secret) + kubeclientset := fake.NewClientset(cm, secret) appClientSet := apps.NewSimpleClientset() mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} @@ -341,7 +343,7 @@ func TestEnforceProjectGroups(t *testing.T) { }, } mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} - kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap(), test.NewFakeSecret()) + kubeclientset := fake.NewClientset(test.NewFakeConfigMap(), test.NewFakeSecret()) s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) cancel := test.StartInformer(s.projInformer) defer cancel() @@ -375,7 +377,7 @@ func TestRevokedToken(t *testing.T) { defaultIssuedAt := int64(1) defaultSub := fmt.Sprintf(subFormat, projectName, roleName) defaultPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, defaultObject, defaultEffect) - kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap(), test.NewFakeSecret()) + kubeclientset := fake.NewClientset(test.NewFakeConfigMap(), test.NewFakeSecret()) mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} jwtTokenByRole := make(map[string]v1alpha1.JWTTokens) @@ -419,6 +421,72 @@ func TestCertsAreNotGeneratedInInsecureMode(t *testing.T) { assert.Nil(t, s.settings.Certificate) } +func TestGracefulShutdown(t *testing.T) { + port, err := test.GetFreePort() + require.NoError(t, err) + mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} + kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap(), test.NewFakeSecret()) + redis, redisCloser := test.NewInMemoryRedis() + defer redisCloser() + s := NewServer( + context.Background(), + ArgoCDServerOpts{ + ListenPort: port, + Namespace: test.FakeArgoCDNamespace, + KubeClientset: kubeclientset, + AppClientset: apps.NewSimpleClientset(), + RepoClientset: mockRepoClient, + RedisClient: redis, + }, + ApplicationSetOpts{}, + ) + + projInformerCancel := test.StartInformer(s.projInformer) + defer projInformerCancel() + appInformerCancel := test.StartInformer(s.appInformer) + defer appInformerCancel() + appsetInformerCancel := test.StartInformer(s.appsetInformer) + defer appsetInformerCancel() + + lns, err := s.Listen() + require.NoError(t, err) + + shutdown := false + runCtx, runCancel := context.WithTimeout(context.Background(), 2*time.Second) + defer runCancel() + + err = s.healthCheck(&http.Request{URL: &url.URL{Path: "/healthz", RawQuery: "full=true"}}) + require.Error(t, err, "API Server is not running. It either hasn't started or is restarting.") + + var wg gosync.WaitGroup + wg.Add(1) + go func(shutdown *bool) { + defer wg.Done() + s.Run(runCtx, lns) + *shutdown = true + }(&shutdown) + + for { + if s.available.Load() { + err = s.healthCheck(&http.Request{URL: &url.URL{Path: "/healthz", RawQuery: "full=true"}}) + require.NoError(t, err) + break + } + time.Sleep(10 * time.Millisecond) + } + + s.stopCh <- syscall.SIGINT + + wg.Wait() + + err = s.healthCheck(&http.Request{URL: &url.URL{Path: "/healthz", RawQuery: "full=true"}}) + require.Error(t, err, "API Server is terminating and unable to serve requests.") + + assert.True(t, s.terminateRequested.Load()) + assert.False(t, s.available.Load()) + assert.True(t, shutdown) +} + func TestAuthenticate(t *testing.T) { type testData struct { test string @@ -835,7 +903,7 @@ func TestAuthenticate_3rd_party_JWTs(t *testing.T) { argocd, oidcURL := getTestServer(t, testDataCopy.anonymousEnabled, true, testDataCopy.useDex, settings_util.OIDCConfig{}) if testDataCopy.useDex { - testDataCopy.claims.Issuer = fmt.Sprintf("%s/api/dex", oidcURL) + testDataCopy.claims.Issuer = oidcURL + "/api/dex" } else { testDataCopy.claims.Issuer = oidcURL } @@ -935,7 +1003,7 @@ func TestAuthenticate_no_SSO(t *testing.T) { ctx := context.Background() //nolint:ineffassign,staticcheck argocd, dexURL := getTestServer(t, testDataCopy.anonymousEnabled, false, true, settings_util.OIDCConfig{}) - token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{Issuer: fmt.Sprintf("%s/api/dex", dexURL)}) + token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{Issuer: dexURL + "/api/dex"}) tokenString, err := token.SignedString([]byte("key")) require.NoError(t, err) ctx = metadata.NewIncomingContext(context.Background(), metadata.Pairs(apiclient.MetaDataTokenKey, tokenString)) @@ -1392,7 +1460,7 @@ func TestCacheControlHeaders(t *testing.T) { handler := argocd.newStaticAssetsHandler() rr := httptest.NewRecorder() - req := httptest.NewRequest("", fmt.Sprintf("/%s", testCase.filename), nil) + req := httptest.NewRequest("", "/"+testCase.filename, nil) fp := filepath.Join(argocd.TmpAssetsDir, testCase.filename) diff --git a/server/settings/settings.go b/server/settings/settings.go index a598b5284f743..919ca89cc3f58 100644 --- a/server/settings/settings.go +++ b/server/settings/settings.go @@ -24,6 +24,7 @@ type Server struct { authenticator Authenticator disableAuth bool appsInAnyNamespaceEnabled bool + hydratorEnabled bool } type Authenticator interface { @@ -31,8 +32,8 @@ type Authenticator interface { } // NewServer returns a new instance of the Settings service -func NewServer(mgr *settings.SettingsManager, repoClient apiclient.Clientset, authenticator Authenticator, disableAuth, appsInAnyNamespaceEnabled bool) *Server { - return &Server{mgr: mgr, repoClient: repoClient, authenticator: authenticator, disableAuth: disableAuth, appsInAnyNamespaceEnabled: appsInAnyNamespaceEnabled} +func NewServer(mgr *settings.SettingsManager, repoClient apiclient.Clientset, authenticator Authenticator, disableAuth, appsInAnyNamespaceEnabled bool, hydratorEnabled bool) *Server { + return &Server{mgr: mgr, repoClient: repoClient, authenticator: authenticator, disableAuth: disableAuth, appsInAnyNamespaceEnabled: appsInAnyNamespaceEnabled, hydratorEnabled: hydratorEnabled} } // Get returns Argo CD settings @@ -90,6 +91,7 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin set := settingspkg.Settings{ URL: argoCDSettings.URL, + AdditionalURLs: argoCDSettings.AdditionalURLs, AppLabelKey: appInstanceLabelKey, ResourceOverrides: overrides, StatusBadgeEnabled: argoCDSettings.StatusBadgeEnabled, @@ -113,6 +115,7 @@ func (s *Server) Get(ctx context.Context, q *settingspkg.SettingsQuery) (*settin ExecEnabled: argoCDSettings.ExecEnabled, AppsInAnyNamespaceEnabled: s.appsInAnyNamespaceEnabled, ImpersonationEnabled: argoCDSettings.ImpersonationEnabled, + HydratorEnabled: s.hydratorEnabled, } if sessionmgr.LoggedIn(ctx) || s.disableAuth { diff --git a/server/settings/settings.proto b/server/settings/settings.proto index 943aea41cd207..c4e8f746d1584 100644 --- a/server/settings/settings.proto +++ b/server/settings/settings.proto @@ -44,6 +44,8 @@ message Settings { bool appsInAnyNamespaceEnabled = 24; bool impersonationEnabled = 25; string installationID = 26; + repeated string additionalUrls = 27 [(gogoproto.customname) = "AdditionalURLs"]; + bool hydratorEnabled = 28; } message GoogleAnalyticsConfig { diff --git a/test/container/Dockerfile b/test/container/Dockerfile index cb01e50e0952b..f1293c9da5fee 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/redis:7.4.1@sha256:a06cea905344470eb49c972f3d030e22f28f632c1b4f43bbe4a26a4329dd6be5 as redis +FROM docker.io/library/redis:7.4.1@sha256:ea96c435dc17b011f54c6a883c3c45e7726242b075de61c6fe40a10ae6ae0f83 as redis # There are libraries we will want to copy from here in the final stage of the # build, but the COPY directive does not have a way to determine system @@ -8,11 +8,11 @@ RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version FROM docker.io/library/node:22.9.0@sha256:69e667a79aa41ec0db50bc452a60e705ca16f35285eaf037ebe627a65a5cdf52 as node -FROM docker.io/library/golang:1.23.3@sha256:d56c3e08fe5b27729ee3834854ae8f7015af48fd651cd25d1e3bcf3c19830174 as golang +FROM docker.io/library/golang:1.23.4@sha256:70031844b8c225351d0bb63e2c383f80db85d92ba894e3da7e13bcf80efa9a37 as golang -FROM docker.io/library/registry:2.8@sha256:ac0192b549007e22998eb74e8d8488dcfe70f1489520c3b144a6047ac5efbe90 as registry +FROM docker.io/library/registry:2.8@sha256:543dade69668e02e5768d7ea2b0aa4fae6aa7384c9a5a8dbecc2be5136079ddb as registry -FROM docker.io/bitnami/kubectl:1.31@sha256:4d757d958f7f9c232a9aa4a1c8cc94fa2aa7a7a253869d7dce09b4dc58a3fbd6 as kubectl +FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 as kubectl FROM docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 diff --git a/test/container/Procfile b/test/container/Procfile index 4cebac203f76d..5048fff289ed7 100644 --- a/test/container/Procfile +++ b/test/container/Procfile @@ -3,6 +3,7 @@ api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run dex: sh -c "test $ARGOCD_IN_CI = true && exit 0; ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/cmd gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:v2.41.1 serve /dex.yaml" redis: sh -c "/usr/local/bin/redis-server --save "" --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}" repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_BINARY_NAME=argocd-repo-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379}" +commit-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_BINARY_NAME=argocd-commit-server $COMMAND --loglevel debug --port ${ARGOCD_E2E_COMMITSERVER_PORT:-8086}" ui: sh -c "test $ARGOCD_IN_CI = true && exit 0; cd ui && ARGOCD_E2E_YARN_HOST=0.0.0.0 ${ARGOCD_E2E_YARN_CMD:-yarn} start" reaper: ./test/container/reaper.sh sshd: sudo sh -c "test $ARGOCD_E2E_TEST = true && /usr/sbin/sshd -p 2222 -D -e" diff --git a/test/e2e/accounts_test.go b/test/e2e/accounts_test.go index 7f3f056a952c9..dd56837dacd22 100644 --- a/test/e2e/accounts_test.go +++ b/test/e2e/accounts_test.go @@ -120,9 +120,9 @@ func TestCreateAndUseAccountCLI(t *testing.T) { assert.Equal(t, `NAME ENABLED CAPABILITIES admin true login`, output) - SetAccounts(map[string][]string{ + errors.CheckError(SetAccounts(map[string][]string{ "test": {"login", "apiKey"}, - }) + })) output, err = RunCli("account", "list") errors.CheckError(err) diff --git a/test/e2e/app_deletion_test.go b/test/e2e/app_deletion_test.go index bb8704a0ca07c..c0332eb017f98 100644 --- a/test/e2e/app_deletion_test.go +++ b/test/e2e/app_deletion_test.go @@ -9,6 +9,7 @@ import ( . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" + "github.com/argoproj/argo-cd/v2/util/errors" ) // when a app gets stuck in sync, and we try to delete it, it won't delete, instead we must then terminate it @@ -16,11 +17,11 @@ import ( func TestDeletingAppStuckInSync(t *testing.T) { Given(t). And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + errors.CheckError(SetResourceOverrides(map[string]ResourceOverride{ "ConfigMap": { HealthLua: `return { status = obj.annotations and obj.annotations['health'] or 'Progressing' }`, }, - }) + })) }). Async(true). Path("hook-custom-health"). diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go index 9eb28233c4f8f..217d7e8559e57 100644 --- a/test/e2e/app_management_ns_test.go +++ b/test/e2e/app_management_ns_test.go @@ -346,7 +346,7 @@ func TestNamespacedAppCreationWithoutForceUpdate(t *testing.T) { }). When(). IgnoreErrors(). - CreateApp(). + CreateApp("--dest-server", KubernetesInternalAPIServerAddr). Then(). Expect(Error("", "existing application spec is different, use upsert flag to force update")) } @@ -852,14 +852,14 @@ func TestNamespacedKnownTypesInCRDDiffing(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). When(). And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + CheckError(SetResourceOverrides(map[string]ResourceOverride{ "argoproj.io/Dummy": { KnownTypeFields: []KnownTypeField{{ Field: "spec", Type: "core/v1/ResourceList", }}, }, - }) + })) }). Refresh(RefreshTypeNormal). Then(). @@ -967,7 +967,7 @@ func TestNamespacedSyncResourceByLabel(t *testing.T) { Sync(). Then(). And(func(app *Application) { - _, _ = RunCli("app", "sync", ctx.AppQualifiedName(), "--label", fmt.Sprintf("app.kubernetes.io/instance=%s", app.Name)) + _, _ = RunCli("app", "sync", ctx.AppQualifiedName(), "--label", "app.kubernetes.io/instance="+app.Name) }). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { @@ -1116,7 +1116,7 @@ func assertNSResourceActions(t *testing.T, appName string, successful bool) { _, err = logs.Recv() assertError(err, "EOF") - expectedError := fmt.Sprintf("Deployment apps guestbook-ui not found as part of application %s", appName) + expectedError := "Deployment apps guestbook-ui not found as part of application " + appName _, err = cdClient.ListResourceEvents(context.Background(), &applicationpkg.ApplicationResourceEventsQuery{ Name: &appName, @@ -1251,7 +1251,7 @@ func TestNamespacedPermissionWithScopedRepo(t *testing.T) { When(). Create() - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(RepoURL(RepoURLTypeFile)). Project(projName). @@ -1291,7 +1291,7 @@ func TestNamespacedPermissionDeniedWithScopedRepo(t *testing.T) { When(). Create() - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(RepoURL(RepoURLTypeFile)). Create() @@ -1696,7 +1696,6 @@ func TestNamespacedCreateAppWithNoNameSpaceForGlobalResource(t *testing.T) { CreateWithNoNameSpace(). Then(). And(func(app *Application) { - time.Sleep(500 * time.Millisecond) app, err := AppClientset.ArgoprojV1alpha1().Applications(AppNamespace()).Get(context.Background(), app.Name, metav1.GetOptions{}) require.NoError(t, err) assert.Empty(t, app.Status.Conditions) @@ -2233,14 +2232,14 @@ definitions: SetTrackingMethod("annotation"). Path("crd-subresource"). And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + CheckError(SetResourceOverrides(map[string]ResourceOverride{ "argoproj.io/StatusSubResource": { Actions: actions, }, "argoproj.io/NonStatusSubResource": { Actions: actions, }, - }) + })) }). When().CreateApp().Sync().Then(). Expect(OperationPhaseIs(OperationSucceeded)).Expect(SyncStatusIs(SyncStatusCodeSynced)). @@ -2321,14 +2320,14 @@ func TestNamespacedAppWaitOperationInProgress(t *testing.T) { SetAppNamespace(AppNamespace()). SetTrackingMethod("annotation"). And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + CheckError(SetResourceOverrides(map[string]ResourceOverride{ "batch/Job": { HealthLua: `return { status = 'Running' }`, }, "apps/Deployment": { HealthLua: `return { status = 'Suspended' }`, }, - }) + })) }). Async(true). Path("hook-and-deployment"). @@ -2439,14 +2438,14 @@ func TestNamespacedDisableManifestGeneration(t *testing.T) { }). When(). And(func() { - time.Sleep(3 * time.Second) - SetEnableManifestGeneration(map[ApplicationSourceType]bool{ + CheckError(SetEnableManifestGeneration(map[ApplicationSourceType]bool{ ApplicationSourceTypeKustomize: false, - }) + })) }). Refresh(RefreshTypeHard). Then(). And(func(app *Application) { + // Wait for refresh to complete time.Sleep(1 * time.Second) }). And(func(app *Application) { diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index 113d18b5969b7..db4272b823bc0 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -195,7 +195,7 @@ func TestGetLogsAllowSwitchOff(t *testing.T) { }, }, "app-creator") - Given(t). + GivenWithSameState(t). Path("guestbook-logs"). When(). CreateApp(). @@ -449,7 +449,7 @@ func TestAppCreationWithoutForceUpdate(t *testing.T) { }). When(). IgnoreErrors(). - CreateApp(). + CreateApp("--dest-server", KubernetesInternalAPIServerAddr). Then(). Expect(Error("", "existing application spec is different, use upsert flag to force update")) } @@ -998,14 +998,14 @@ func TestKnownTypesInCRDDiffing(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). When(). And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + CheckError(SetResourceOverrides(map[string]ResourceOverride{ "argoproj.io/Dummy": { KnownTypeFields: []KnownTypeField{{ Field: "spec", Type: "core/v1/ResourceList", }}, }, - }) + })) }). Refresh(RefreshTypeNormal). Then(). @@ -1319,7 +1319,7 @@ func TestSyncResourceByLabel(t *testing.T) { Sync(). Then(). And(func(app *Application) { - _, _ = RunCli("app", "sync", app.Name, "--label", fmt.Sprintf("app.kubernetes.io/instance=%s", app.Name)) + _, _ = RunCli("app", "sync", app.Name, "--label", "app.kubernetes.io/instance="+app.Name) }). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { @@ -1473,7 +1473,7 @@ func assertResourceActions(t *testing.T, appName string, successful bool) { _, err = logs.Recv() assertError(err, "EOF") - expectedError := fmt.Sprintf("Deployment apps guestbook-ui not found as part of application %s", appName) + expectedError := "Deployment apps guestbook-ui not found as part of application " + appName _, err = cdClient.ListResourceEvents(context.Background(), &applicationpkg.ApplicationResourceEventsQuery{ Name: &appName, @@ -1519,7 +1519,7 @@ func TestPermissions(t *testing.T) { appCtx := Given(t) projName := "argo-project" projActions := projectFixture. - Given(t). + GivenWithSameState(t). Name(projName). When(). Create() @@ -1603,7 +1603,7 @@ func TestPermissionWithScopedRepo(t *testing.T) { Create(). AddSource("*") - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(RepoURL(RepoURLTypeFile)). Project(projName). @@ -1640,7 +1640,7 @@ func TestPermissionDeniedWithScopedRepo(t *testing.T) { When(). Create() - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(RepoURL(RepoURLTypeFile)). Create() @@ -1666,7 +1666,7 @@ func TestPermissionDeniedWithNegatedNamespace(t *testing.T) { When(). Create() - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(RepoURL(RepoURLTypeFile)). Project(projName). @@ -1693,7 +1693,7 @@ func TestPermissionDeniedWithNegatedServer(t *testing.T) { When(). Create() - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(RepoURL(RepoURLTypeFile)). Project(projName). @@ -2107,7 +2107,6 @@ func TestCreateAppWithNoNameSpaceForGlobalResource(t *testing.T) { CreateWithNoNameSpace(). Then(). And(func(app *Application) { - time.Sleep(500 * time.Millisecond) app, err := AppClientset.ArgoprojV1alpha1().Applications(TestNamespace()).Get(context.Background(), app.Name, metav1.GetOptions{}) require.NoError(t, err) assert.Empty(t, app.Status.Conditions) @@ -2361,14 +2360,14 @@ definitions: Given(t). Path("crd-subresource"). And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + CheckError(SetResourceOverrides(map[string]ResourceOverride{ "argoproj.io/StatusSubResource": { Actions: actions, }, "argoproj.io/NonStatusSubResource": { Actions: actions, }, - }) + })) }). When().CreateApp().Sync().Then(). Expect(OperationPhaseIs(OperationSucceeded)).Expect(SyncStatusIs(SyncStatusCodeSynced)). @@ -2446,14 +2445,14 @@ func TestAppWaitOperationInProgress(t *testing.T) { ctx := Given(t) ctx. And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + CheckError(SetResourceOverrides(map[string]ResourceOverride{ "batch/Job": { HealthLua: `return { status = 'Running' }`, }, "apps/Deployment": { HealthLua: `return { status = 'Suspended' }`, }, - }) + })) }). Async(true). Path("hook-and-deployment"). @@ -2555,13 +2554,14 @@ func TestDisableManifestGeneration(t *testing.T) { }). When(). And(func() { - SetEnableManifestGeneration(map[ApplicationSourceType]bool{ + CheckError(SetEnableManifestGeneration(map[ApplicationSourceType]bool{ ApplicationSourceTypeKustomize: false, - }) + })) }). Refresh(RefreshTypeHard). Then(). And(func(app *Application) { + // Wait for refresh to complete time.Sleep(1 * time.Second) }). And(func(app *Application) { @@ -2758,7 +2758,7 @@ func TestSwitchTrackingLabel(t *testing.T) { func TestAnnotationTrackingExtraResources(t *testing.T) { ctx := Given(t) - SetTrackingMethod(string(argo.TrackingMethodAnnotation)) + CheckError(SetTrackingMethod(string(argo.TrackingMethodAnnotation))) ctx. Path("deployment"). When(). diff --git a/test/e2e/app_namespaces_test.go b/test/e2e/app_namespaces_test.go index 20e878a4685f1..d8195850f7727 100644 --- a/test/e2e/app_namespaces_test.go +++ b/test/e2e/app_namespaces_test.go @@ -77,11 +77,11 @@ func TestForbiddenNamespace(t *testing.T) { func TestDeletingNamespacedAppStuckInSync(t *testing.T) { ctx := Given(t) ctx.And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + CheckError(SetResourceOverrides(map[string]ResourceOverride{ "ConfigMap": { HealthLua: `return { status = obj.annotations and obj.annotations['health'] or 'Progressing' }`, }, - }) + })) }). Async(true). SetAppNamespace(AppNamespace()). diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go index 7022618f2b256..247fc3af2d40a 100644 --- a/test/e2e/applicationset_test.go +++ b/test/e2e/applicationset_test.go @@ -1405,7 +1405,6 @@ func TestSimpleGitDirectoryGeneratorGPGEnabledUnsignedCommits(t *testing.T) { } project := "gpg" - fixture.EnsureCleanState(t) Given(t). Project(project). When(). @@ -1724,7 +1723,6 @@ func TestSimpleGitFilesGeneratorGPGEnabledUnsignedCommits(t *testing.T) { generateExpectedApp("engineering-prod-guestbook"), } - fixture.EnsureCleanState(t) Given(t). Project(project). When(). @@ -1826,7 +1824,6 @@ func TestSimpleGitFilesGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) { generateExpectedApp("engineering-prod-guestbook"), } - fixture.EnsureCleanState(t) Given(t). Project(project). Path(guestbookPath). @@ -2036,12 +2033,12 @@ func TestSimpleGitFilesPreserveResourcesOnDeletion(t *testing.T) { When(). Delete(). And(func() { - t.Log("Waiting 30 seconds to give the cluster a chance to delete the pods.") - // Wait 30 seconds to give the cluster a chance to deletes the pods, if it is going to do so. + t.Log("Waiting 15 seconds to give the cluster a chance to delete the pods.") + // Wait 15 seconds to give the cluster a chance to deletes the pods, if it is going to do so. // It should NOT delete the pods; to do so would be an ApplicationSet bug, and // that is what we are testing here. - time.Sleep(30 * time.Second) - // The pod should continue to exist after 30 seconds. + time.Sleep(15 * time.Second) + // The pod should continue to exist after 15 seconds. }).Then().Expect(Pod(func(p corev1.Pod) bool { return strings.Contains(p.Name, "guestbook-ui") })) } @@ -2097,12 +2094,12 @@ func TestSimpleGitFilesPreserveResourcesOnDeletionGoTemplate(t *testing.T) { When(). Delete(). And(func() { - t.Log("Waiting 30 seconds to give the cluster a chance to delete the pods.") - // Wait 30 seconds to give the cluster a chance to deletes the pods, if it is going to do so. + t.Log("Waiting 15 seconds to give the cluster a chance to delete the pods.") + // Wait 15 seconds to give the cluster a chance to deletes the pods, if it is going to do so. // It should NOT delete the pods; to do so would be an ApplicationSet bug, and // that is what we are testing here. - time.Sleep(30 * time.Second) - // The pod should continue to exist after 30 seconds. + time.Sleep(15 * time.Second) + // The pod should continue to exist after 15 seconds. }).Then().Expect(Pod(func(p corev1.Pod) bool { return strings.Contains(p.Name, "guestbook-ui") })) } diff --git a/test/e2e/cluster_test.go b/test/e2e/cluster_test.go index db287e83c7737..a79772614580f 100644 --- a/test/e2e/cluster_test.go +++ b/test/e2e/cluster_test.go @@ -37,7 +37,7 @@ https://kubernetes.default.svc in-cluster %v Successful `, GetVe When(). CreateApp() - tries := 5 + tries := 25 for i := 0; i <= tries; i += 1 { clusterFixture.GivenWithSameState(t). When(). @@ -50,7 +50,7 @@ https://kubernetes.default.svc in-cluster %v Successful `, GetVe break } else if i < tries { // We retry with a simple backoff - time.Sleep(time.Duration(i+1) * time.Second) + time.Sleep(time.Duration(i+1) * 100 * time.Millisecond) } } assert.Equal(t, expected, last) @@ -213,7 +213,7 @@ func TestClusterURLInRestAPI(t *testing.T) { clusterURL := url.QueryEscape(KubernetesInternalAPIServerAddr) var cluster Cluster - err := DoHttpJsonRequest("GET", fmt.Sprintf("/api/v1/clusters/%s", clusterURL), &cluster) + err := DoHttpJsonRequest("GET", "/api/v1/clusters/"+clusterURL, &cluster) require.NoError(t, err) assert.Equal(t, "in-cluster", cluster.Name) diff --git a/test/e2e/custom_tool_test.go b/test/e2e/custom_tool_test.go index 955a37f975c1b..f9bfc014bb847 100644 --- a/test/e2e/custom_tool_test.go +++ b/test/e2e/custom_tool_test.go @@ -26,7 +26,7 @@ func TestCustomToolWithGitCreds(t *testing.T) { ctx. And(func() { go startCMPServer(t, "./testdata/cmp-gitcreds") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). CustomCACertAdded(). @@ -54,7 +54,7 @@ func TestCustomToolWithGitCredsTemplate(t *testing.T) { ctx. And(func() { go startCMPServer(t, "./testdata/cmp-gitcredstemplate") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). CustomCACertAdded(). @@ -95,7 +95,7 @@ func TestCustomToolWithSSHGitCreds(t *testing.T) { ctx. And(func() { go startCMPServer(t, "./testdata/cmp-gitsshcreds") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). // add the private repo with ssh credentials @@ -129,7 +129,7 @@ func TestCustomToolWithSSHGitCredsDisabled(t *testing.T) { ctx. And(func() { go startCMPServer(t, "./testdata/cmp-gitsshcreds-disable-provide") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). CustomCACertAdded(). @@ -153,7 +153,7 @@ func TestCustomToolWithEnv(t *testing.T) { ctx. And(func() { go startCMPServer(t, "./testdata/cmp-fileName") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). // does not matter what the path is @@ -172,9 +172,6 @@ func TestCustomToolWithEnv(t *testing.T) { Expect(OperationPhaseIs(OperationSucceeded)). Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(HealthIs(health.HealthStatusHealthy)). - And(func(app *Application) { - time.Sleep(1 * time.Second) - }). And(func(app *Application) { output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.Bar}") require.NoError(t, err) @@ -214,7 +211,7 @@ func TestCustomToolSyncAndDiffLocal(t *testing.T) { ctx. And(func() { go startCMPServer(t, "./testdata/cmp-kustomize") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). // does not matter what the path is @@ -226,9 +223,6 @@ func TestCustomToolSyncAndDiffLocal(t *testing.T) { Expect(OperationPhaseIs(OperationSucceeded)). Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(HealthIs(health.HealthStatusHealthy)). - And(func(app *Application) { - time.Sleep(1 * time.Second) - }). And(func(app *Application) { FailOnErr(RunCli("app", "sync", ctx.AppName(), "--local", appPath, "--local-repo-root", testdataPath)) }). @@ -257,7 +251,7 @@ func TestCMPDiscoverWithFileName(t *testing.T) { Given(t). And(func() { go startCMPServer(t, "./testdata/cmp-fileName") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path(pluginName + "/subdir"). @@ -275,7 +269,7 @@ func TestCMPDiscoverWithFindGlob(t *testing.T) { Given(t). And(func() { go startCMPServer(t, "./testdata/cmp-find-glob") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook"). @@ -293,7 +287,7 @@ func TestCMPDiscoverWithPluginName(t *testing.T) { Given(t). And(func() { go startCMPServer(t, "./testdata/cmp-find-glob") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook"). @@ -316,7 +310,7 @@ func TestCMPDiscoverWithFindCommandWithEnv(t *testing.T) { ctx. And(func() { go startCMPServer(t, "./testdata/cmp-find-command") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path(pluginName). @@ -327,9 +321,6 @@ func TestCMPDiscoverWithFindCommandWithEnv(t *testing.T) { Expect(OperationPhaseIs(OperationSucceeded)). Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(HealthIs(health.HealthStatusHealthy)). - And(func(app *Application) { - time.Sleep(1 * time.Second) - }). And(func(app *Application) { output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.Bar}") require.NoError(t, err) @@ -359,7 +350,7 @@ func TestPruneResourceFromCMP(t *testing.T) { Given(t). And(func() { go startCMPServer(t, "./testdata/cmp-find-glob") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook"). @@ -382,7 +373,7 @@ func TestPreserveFileModeForCMP(t *testing.T) { Given(t). And(func() { go startCMPServer(t, "./testdata/cmp-preserve-file-mode") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("cmp-preserve-file-mode"). @@ -402,7 +393,7 @@ func TestCMPWithSymlinkPartialFiles(t *testing.T) { Given(t, WithTestData("testdata2")). And(func() { go startCMPServer(t, "./testdata2/cmp-symlink") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook-partial-symlink-files"). @@ -419,7 +410,7 @@ func TestCMPWithSymlinkFiles(t *testing.T) { Given(t, WithTestData("testdata2")). And(func() { go startCMPServer(t, "./testdata2/cmp-symlink") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook-symlink-files"). @@ -436,7 +427,7 @@ func TestCMPWithSymlinkFolder(t *testing.T) { Given(t, WithTestData("testdata2")). And(func() { go startCMPServer(t, "./testdata2/cmp-symlink") - time.Sleep(1 * time.Second) + time.Sleep(100 * time.Millisecond) t.Setenv("ARGOCD_BINARY_NAME", "argocd") }). Path("guestbook-symlink-folder"). diff --git a/test/e2e/deployment_test.go b/test/e2e/deployment_test.go index ccc3af69a0c87..49ae9ad402968 100644 --- a/test/e2e/deployment_test.go +++ b/test/e2e/deployment_test.go @@ -13,11 +13,13 @@ import ( corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/tools/clientcmd" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/clusterauth" + "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/gitops-engine/pkg/health" . "github.com/argoproj/gitops-engine/pkg/sync/common" @@ -52,7 +54,7 @@ func TestDeployment(t *testing.T) { func TestDeploymentWithAnnotationTrackingMode(t *testing.T) { ctx := Given(t) - SetTrackingMethod(string(argo.TrackingMethodAnnotation)) + errors.CheckError(SetTrackingMethod(string(argo.TrackingMethodAnnotation))) ctx. Path("deployment"). When(). @@ -75,7 +77,7 @@ func TestDeploymentWithAnnotationTrackingMode(t *testing.T) { func TestDeploymentWithLabelTrackingMode(t *testing.T) { ctx := Given(t) - SetTrackingMethod(string(argo.TrackingMethodLabel)) + errors.CheckError(SetTrackingMethod(string(argo.TrackingMethodLabel))) ctx. Path("deployment"). When(). @@ -309,10 +311,19 @@ func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecre _, err = KubeClientset.RbacV1().RoleBindings(roleBinding.Namespace).Create(context.Background(), &roleBinding, metav1.CreateOptions{}) require.NoError(t, err) - // Retrieve the bearer token from the ServiceAccount - token, err := clusterauth.GetServiceAccountBearerToken(KubeClientset, ns.Name, serviceAccountName, time.Second*60) - require.NoError(t, err) - assert.NotEmpty(t, token) + var token string + + // Attempting to patch the ServiceAccount can intermittently fail with 'failed to patch serviceaccount "(...)" with bearer token secret: Operation cannot be fulfilled on serviceaccounts "(...)": the object has been modified; please apply your changes to the latest version and try again' + // We thus keep trying for up to 20 seconds. + waitErr := wait.PollUntilContextTimeout(context.Background(), 1*time.Second, 20*time.Second, true, func(context.Context) (done bool, err error) { + // Retrieve the bearer token from the ServiceAccount + token, err = clusterauth.GetServiceAccountBearerToken(KubeClientset, ns.Name, serviceAccountName, time.Second*60) + + // Success is no error and a real token, otherwise keep trying + return (err == nil && token != ""), nil + }) + require.NoError(t, waitErr) + require.NotEmpty(t, token) // In order to test a cluster-scoped Argo CD Cluster Secret, we may optionally grant the ServiceAccount read-all permissions at cluster scope. if clusterScopedSecrets { diff --git a/test/e2e/fixture/account/actions.go b/test/e2e/fixture/account/actions.go index f5708c5606a41..41b6b2a63bbd3 100644 --- a/test/e2e/fixture/account/actions.go +++ b/test/e2e/fixture/account/actions.go @@ -2,6 +2,7 @@ package project import ( "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + "github.com/argoproj/argo-cd/v2/util/errors" ) // this implements the "when" part of given/when/then @@ -46,25 +47,25 @@ func (a *Actions) prepareSetPasswordArgs(account string) []string { } func (a *Actions) Create() *Actions { - fixture.SetAccounts(map[string][]string{ + errors.CheckError(fixture.SetAccounts(map[string][]string{ a.context.name: {"login"}, - }) + })) _, _ = fixture.RunCli(a.prepareSetPasswordArgs(a.context.name)...) return a } func (a *Actions) SetPermissions(permissions []fixture.ACL, roleName string) *Actions { - fixture.SetPermissions(permissions, a.context.name, roleName) + errors.CheckError(fixture.SetPermissions(permissions, a.context.name, roleName)) return a } func (a *Actions) SetParamInSettingConfigMap(key, value string) *Actions { - fixture.SetParamInSettingConfigMap(key, value) + errors.CheckError(fixture.SetParamInSettingConfigMap(key, value)) return a } func (a *Actions) Login() *Actions { - fixture.LoginAs(a.context.name) + errors.CheckError(fixture.LoginAs(a.context.name)) return a } diff --git a/test/e2e/fixture/account/context.go b/test/e2e/fixture/account/context.go index 6007392da6022..8013030a951bf 100644 --- a/test/e2e/fixture/account/context.go +++ b/test/e2e/fixture/account/context.go @@ -2,7 +2,6 @@ package project import ( "testing" - "time" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "github.com/argoproj/argo-cd/v2/util/env" @@ -46,7 +45,5 @@ func (c *Context) And(block func()) *Context { } func (c *Context) When() *Actions { - // in case any settings have changed, pause for 1s, not great, but fine - time.Sleep(1 * time.Second) return &Actions{context: c} } diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go index ca33ae151eb85..9a61f81b5f613 100644 --- a/test/e2e/fixture/app/actions.go +++ b/test/e2e/fixture/app/actions.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "os" + "slices" "strconv" log "github.com/sirupsen/logrus" @@ -223,10 +224,15 @@ func (a *Actions) prepareCreateAppArgs(args []string) []string { a.context.t.Helper() args = append([]string{ "app", "create", a.context.AppQualifiedName(), - "--repo", fixture.RepoURL(a.context.repoURLType), }, args...) - if a.context.destName != "" { + if a.context.drySourceRevision != "" || a.context.drySourcePath != "" || a.context.syncSourcePath != "" || a.context.syncSourceBranch != "" || a.context.hydrateToBranch != "" { + args = append(args, "--dry-source-repo", fixture.RepoURL(a.context.repoURLType)) + } else { + args = append(args, "--repo", fixture.RepoURL(a.context.repoURLType)) + } + + if a.context.destName != "" && a.context.isDestServerInferred && !slices.Contains(args, "--dest-server") { args = append(args, "--dest-name", a.context.destName) } else { args = append(args, "--dest-server", a.context.destServer) @@ -235,6 +241,26 @@ func (a *Actions) prepareCreateAppArgs(args []string) []string { args = append(args, "--path", a.context.path) } + if a.context.drySourceRevision != "" { + args = append(args, "--dry-source-revision", a.context.drySourceRevision) + } + + if a.context.drySourcePath != "" { + args = append(args, "--dry-source-path", a.context.drySourcePath) + } + + if a.context.syncSourceBranch != "" { + args = append(args, "--sync-source-branch", a.context.syncSourceBranch) + } + + if a.context.syncSourcePath != "" { + args = append(args, "--sync-source-path", a.context.syncSourcePath) + } + + if a.context.hydrateToBranch != "" { + args = append(args, "--hydrate-to-branch", a.context.hydrateToBranch) + } + if a.context.chart != "" { args = append(args, "--helm-chart", a.context.chart) } @@ -270,6 +296,9 @@ func (a *Actions) prepareCreateAppArgs(args []string) []string { if a.context.helmSkipCrds { args = append(args, "--helm-skip-crds") } + if a.context.helmSkipSchemaValidation { + args = append(args, "--helm-skip-schema-validation") + } if a.context.helmSkipTests { args = append(args, "--helm-skip-tests") } @@ -426,13 +455,13 @@ func (a *Actions) Delete(cascade bool) *Actions { func (a *Actions) DeleteBySelector(selector string) *Actions { a.context.t.Helper() - a.runCli("app", "delete", fmt.Sprintf("--selector=%s", selector), "--yes") + a.runCli("app", "delete", "--selector="+selector, "--yes") return a } func (a *Actions) DeleteBySelectorWithWait(selector string) *Actions { a.context.t.Helper() - a.runCli("app", "delete", fmt.Sprintf("--selector=%s", selector), "--yes", "--wait") + a.runCli("app", "delete", "--selector="+selector, "--yes", "--wait") return a } @@ -448,7 +477,7 @@ func (a *Actions) Wait(args ...string) *Actions { } func (a *Actions) SetParamInSettingConfigMap(key, value string) *Actions { - fixture.SetParamInSettingConfigMap(key, value) + errors.CheckError(fixture.SetParamInSettingConfigMap(key, value)) return a } @@ -477,16 +506,16 @@ func (a *Actions) verifyAction() { } func (a *Actions) SetTrackingMethod(trackingMethod string) *Actions { - fixture.SetTrackingMethod(trackingMethod) + errors.CheckError(fixture.SetTrackingMethod(trackingMethod)) return a } func (a *Actions) SetInstallationID(installationID string) *Actions { - fixture.SetInstallationID(installationID) + errors.CheckError(fixture.SetInstallationID(installationID)) return a } func (a *Actions) SetTrackingLabel(trackingLabel string) *Actions { - fixture.SetTrackingLabel(trackingLabel) + errors.CheckError(fixture.SetTrackingLabel(trackingLabel)) return a } diff --git a/test/e2e/fixture/app/consequences.go b/test/e2e/fixture/app/consequences.go index ff64dee0de4b8..0aaed8500855b 100644 --- a/test/e2e/fixture/app/consequences.go +++ b/test/e2e/fixture/app/consequences.go @@ -25,8 +25,22 @@ func (c *Consequences) Expect(e Expectation) *Consequences { c.context.t.Helper() var message string var state state + sleepIntervals := []time.Duration{ + 10 * time.Millisecond, + 20 * time.Millisecond, + 50 * time.Millisecond, + 100 * time.Millisecond, + 200 * time.Millisecond, + 300 * time.Millisecond, + 500 * time.Millisecond, + 1 * time.Second, + } + sleepIntervalsIdx := -1 timeout := time.Duration(c.timeout) * time.Second - for start := time.Now(); time.Since(start) < timeout; time.Sleep(3 * time.Second) { + for start := time.Now(); time.Since(start) < timeout; time.Sleep(sleepIntervals[sleepIntervalsIdx]) { + if sleepIntervalsIdx < len(sleepIntervals)-1 { + sleepIntervalsIdx++ + } state, message = e(c) switch state { case succeeded: diff --git a/test/e2e/fixture/app/context.go b/test/e2e/fixture/app/context.go index 7755a733c8898..b013f7fbd4bde 100644 --- a/test/e2e/fixture/app/context.go +++ b/test/e2e/fixture/app/context.go @@ -11,41 +11,49 @@ import ( "github.com/argoproj/argo-cd/v2/test/e2e/fixture/repos" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/env" + "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/settings" ) -// this implements the "given" part of given/when/then +// Context implements the "given" part of given/when/then type Context struct { t *testing.T path string chart string repoURLType fixture.RepoURLType // seconds - timeout int - name string - appNamespace string - destServer string - destName string - env string - parameters []string - namePrefix string - nameSuffix string - resource string - prune bool - configManagementPlugin string - async bool - localPath string - project string - revision string - force bool - applyOutOfSyncOnly bool - directoryRecurse bool - replace bool - helmPassCredentials bool - helmSkipCrds bool - helmSkipTests bool - trackingMethod v1alpha1.TrackingMethod - sources []v1alpha1.ApplicationSource + timeout int + name string + appNamespace string + destServer string + destName string + isDestServerInferred bool + env string + parameters []string + namePrefix string + nameSuffix string + resource string + prune bool + configManagementPlugin string + async bool + localPath string + project string + revision string + force bool + applyOutOfSyncOnly bool + directoryRecurse bool + replace bool + helmPassCredentials bool + helmSkipCrds bool + helmSkipSchemaValidation bool + helmSkipTests bool + trackingMethod v1alpha1.TrackingMethod + sources []v1alpha1.ApplicationSource + drySourceRevision string + drySourcePath string + syncSourceBranch string + syncSourcePath string + hydrateToBranch string } type ContextArgs struct { @@ -67,12 +75,13 @@ func GivenWithNamespace(t *testing.T, namespace string) *Context { func GivenWithSameState(t *testing.T) *Context { t.Helper() - // ARGOCE_E2E_DEFAULT_TIMEOUT can be used to override the default timeout + // ARGOCD_E2E_DEFAULT_TIMEOUT can be used to override the default timeout // for any context. timeout := env.ParseNumFromEnv("ARGOCD_E2E_DEFAULT_TIMEOUT", 20, 0, 180) return &Context{ t: t, destServer: v1alpha1.KubernetesInternalAPIServerAddr, + destName: "in-cluster", repoURLType: fixture.RepoURLTypeFile, name: fixture.Name(), timeout: timeout, @@ -104,7 +113,7 @@ func (c *Context) AppNamespace() string { func (c *Context) SetAppNamespace(namespace string) *Context { c.appNamespace = namespace - // fixture.SetParamInSettingConfigMap("application.resourceTrackingMethod", "annotation") + // errors.CheckError(fixture.SetParamInSettingConfigMap("application.resourceTrackingMethod", "annotation")) return c } @@ -211,7 +220,7 @@ func (c *Context) SSHCredentialsAdded() *Context { } func (c *Context) ProjectSpec(spec v1alpha1.AppProjectSpec) *Context { - fixture.SetProjectSpec(c.project, spec) + errors.CheckError(fixture.SetProjectSpec(c.project, spec)) return c } @@ -239,6 +248,31 @@ func (c *Context) Path(path string) *Context { return c } +func (c *Context) DrySourceRevision(revision string) *Context { + c.drySourceRevision = revision + return c +} + +func (c *Context) DrySourcePath(path string) *Context { + c.drySourcePath = path + return c +} + +func (c *Context) SyncSourceBranch(branch string) *Context { + c.syncSourceBranch = branch + return c +} + +func (c *Context) SyncSourcePath(path string) *Context { + c.syncSourcePath = path + return c +} + +func (c *Context) HydrateToBranch(branch string) *Context { + c.hydrateToBranch = branch + return c +} + func (c *Context) Recurse() *Context { c.directoryRecurse = true return c @@ -261,11 +295,13 @@ func (c *Context) Timeout(timeout int) *Context { func (c *Context) DestServer(destServer string) *Context { c.destServer = destServer + c.isDestServerInferred = false return c } func (c *Context) DestName(destName string) *Context { c.destName = destName + c.isDestServerInferred = true return c } @@ -296,12 +332,12 @@ func (c *Context) NameSuffix(nameSuffix string) *Context { } func (c *Context) ResourceOverrides(overrides map[string]v1alpha1.ResourceOverride) *Context { - fixture.SetResourceOverrides(overrides) + errors.CheckError(fixture.SetResourceOverrides(overrides)) return c } func (c *Context) ResourceFilter(filter settings.ResourcesFilter) *Context { - fixture.SetResourceFilter(filter) + errors.CheckError(fixture.SetResourceFilter(filter)) return c } @@ -311,8 +347,6 @@ func (c *Context) And(block func()) *Context { } func (c *Context) When() *Actions { - // in case any settings have changed, pause for 1s, not great, but fine - time.Sleep(1 * time.Second) return &Actions{context: c} } @@ -361,18 +395,23 @@ func (c *Context) HelmSkipCrds() *Context { return c } +func (c *Context) HelmSkipSchemaValidation() *Context { + c.helmSkipSchemaValidation = true + return c +} + func (c *Context) HelmSkipTests() *Context { c.helmSkipTests = true return c } func (c *Context) SetTrackingMethod(trackingMethod string) *Context { - fixture.SetTrackingMethod(trackingMethod) + errors.CheckError(fixture.SetTrackingMethod(trackingMethod)) return c } func (c *Context) SetInstallationID(installationID string) *Context { - fixture.SetTrackingMethod(installationID) + errors.CheckError(fixture.SetInstallationID(installationID)) return c } diff --git a/test/e2e/fixture/app/expectation.go b/test/e2e/fixture/app/expectation.go index b5e83a664085c..06b547aade3fd 100644 --- a/test/e2e/fixture/app/expectation.go +++ b/test/e2e/fixture/app/expectation.go @@ -112,7 +112,7 @@ func Namespace(name string, block func(app *Application, ns *v1.Namespace)) Expe return func(c *Consequences) (state, string) { ns, err := namespace(name) if err != nil { - return failed, fmt.Sprintf("namespace not found %s", err.Error()) + return failed, "namespace not found " + err.Error() } block(c.app(), ns) @@ -288,7 +288,7 @@ func NoNamespace(name string) Expectation { return succeeded, "namespace not found" } - return failed, fmt.Sprintf("found namespace %s", name) + return failed, "found namespace " + name } } diff --git a/test/e2e/fixture/applicationsets/actions.go b/test/e2e/fixture/applicationsets/actions.go index 1a5b214f75482..27adae8497d75 100644 --- a/test/e2e/fixture/applicationsets/actions.go +++ b/test/e2e/fixture/applicationsets/actions.go @@ -455,7 +455,21 @@ func (a *Actions) Update(toUpdate func(*v1alpha1.ApplicationSet)) *Actions { var mostRecentError error - for start := time.Now(); time.Since(start) < timeout; time.Sleep(3 * time.Second) { + sleepIntervals := []time.Duration{ + 10 * time.Millisecond, + 20 * time.Millisecond, + 50 * time.Millisecond, + 100 * time.Millisecond, + 200 * time.Millisecond, + 300 * time.Millisecond, + 500 * time.Millisecond, + 1 * time.Second, + } + sleepIntervalsIdx := -1 + for start := time.Now(); time.Since(start) < timeout; time.Sleep(sleepIntervals[sleepIntervalsIdx]) { + if sleepIntervalsIdx < len(sleepIntervals)-1 { + sleepIntervalsIdx++ + } appSet, err := a.get() mostRecentError = err if err == nil { diff --git a/test/e2e/fixture/applicationsets/consequences.go b/test/e2e/fixture/applicationsets/consequences.go index 3da461c1c9e5e..a8a9dc8dd34a7 100644 --- a/test/e2e/fixture/applicationsets/consequences.go +++ b/test/e2e/fixture/applicationsets/consequences.go @@ -31,7 +31,21 @@ func (c *Consequences) ExpectWithDuration(e Expectation, timeout time.Duration) c.context.t.Helper() var message string var state state - for start := time.Now(); time.Since(start) < timeout; time.Sleep(3 * time.Second) { + sleepIntervals := []time.Duration{ + 10 * time.Millisecond, + 20 * time.Millisecond, + 50 * time.Millisecond, + 100 * time.Millisecond, + 200 * time.Millisecond, + 300 * time.Millisecond, + 500 * time.Millisecond, + 1 * time.Second, + } + sleepIntervalsIdx := -1 + for start := time.Now(); time.Since(start) < timeout; time.Sleep(sleepIntervals[sleepIntervalsIdx]) { + if sleepIntervalsIdx < len(sleepIntervals)-1 { + sleepIntervalsIdx++ + } state, message = e(c) switch state { case succeeded: diff --git a/test/e2e/fixture/applicationsets/context.go b/test/e2e/fixture/applicationsets/context.go index 83894f732504b..a08e11c91cb32 100644 --- a/test/e2e/fixture/applicationsets/context.go +++ b/test/e2e/fixture/applicationsets/context.go @@ -27,8 +27,6 @@ func Given(t *testing.T) *Context { } func (c *Context) When() *Actions { - // in case any settings have changed, pause for 1s, not great, but fine - time.Sleep(1 * time.Second) return &Actions{context: c} } diff --git a/test/e2e/fixture/applicationsets/utils/fixture.go b/test/e2e/fixture/applicationsets/utils/fixture.go index bd8d035018d71..571e8148a2979 100644 --- a/test/e2e/fixture/applicationsets/utils/fixture.go +++ b/test/e2e/fixture/applicationsets/utils/fixture.go @@ -14,6 +14,7 @@ import ( log "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/equality" + apierr "k8s.io/apimachinery/pkg/api/errors" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" @@ -113,33 +114,48 @@ func EnsureCleanState(t *testing.T) { policy := v1.DeletePropagationForeground - // Delete the applicationset-e2e namespace, if it exists - err := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), ApplicationsResourcesNamespace, v1.DeleteOptions{PropagationPolicy: &policy}) - if err != nil && !strings.Contains(err.Error(), "not found") { // 'not found' error is expected - CheckError(err) - } - - // Delete the argocd-e2e-external namespace, if it exists - err2 := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), string(ArgoCDExternalNamespace), v1.DeleteOptions{PropagationPolicy: &policy}) - if err2 != nil && !strings.Contains(err2.Error(), "not found") { // 'not found' error is expected - CheckError(err2) - } - - // Delete the argocd-e2e-external namespace, if it exists - err3 := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), string(ArgoCDExternalNamespace2), v1.DeleteOptions{PropagationPolicy: &policy}) - if err3 != nil && !strings.Contains(err3.Error(), "not found") { // 'not found' error is expected - CheckError(err3) - } - - // delete resources - // kubectl delete applicationsets --all - CheckError(fixtureClient.AppSetClientset.DeleteCollection(context.Background(), v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{})) - // kubectl delete apps --all - CheckError(fixtureClient.AppClientset.ArgoprojV1alpha1().Applications(TestNamespace()).DeleteCollection(context.Background(), v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{})) - - // kubectl delete secrets -l e2e.argoproj.io=true - CheckError(fixtureClient.KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection(context.Background(), - v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{LabelSelector: TestingLabel + "=true"})) + fixture.RunFunctionsInParallelAndCheckErrors(t, []func() error{ + func() error { + // Delete the applicationset-e2e namespace, if it exists + err := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), ApplicationsResourcesNamespace, v1.DeleteOptions{PropagationPolicy: &policy}) + if err != nil && !apierr.IsNotFound(err) { // 'not found' error is expected + return err + } + return nil + }, + func() error { + // Delete the argocd-e2e-external namespace, if it exists + err := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), string(ArgoCDExternalNamespace), v1.DeleteOptions{PropagationPolicy: &policy}) + if err != nil && !apierr.IsNotFound(err) { // 'not found' error is expected + return err + } + return nil + }, + func() error { + // Delete the argocd-e2e-external namespace, if it exists + err := fixtureClient.KubeClientset.CoreV1().Namespaces().Delete(context.Background(), string(ArgoCDExternalNamespace2), v1.DeleteOptions{PropagationPolicy: &policy}) + if err != nil && !apierr.IsNotFound(err) { // 'not found' error is expected + return err + } + return nil + }, + // delete resources + func() error { + // kubectl delete applicationsets --all + return fixtureClient.AppSetClientset.DeleteCollection(context.Background(), v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{}) + }, + func() error { + // kubectl delete apps --all + return fixtureClient.AppClientset.ArgoprojV1alpha1().Applications(TestNamespace()).DeleteCollection(context.Background(), v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{}) + }, + func() error { + // kubectl delete secrets -l e2e.argoproj.io=true + return fixtureClient.KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection( + context.Background(), + v1.DeleteOptions{PropagationPolicy: &policy}, + v1.ListOptions{LabelSelector: TestingLabel + "=true"}) + }, + }) // First we wait up to 30 seconds for all the ApplicationSets to delete, but we don't fail if they don't. // Why? We want to give Argo CD time to delete the Application's child resources, before we remove the finalizers below. @@ -157,7 +173,7 @@ func EnsureCleanState(t *testing.T) { }, time.Now().Add(30*time.Second)) // Remove finalizers from Argo CD Application resources in the namespace - err = waitForSuccess(func() error { + err := waitForSuccess(func() error { appList, err := fixtureClient.AppClientset.ArgoprojV1alpha1().Applications(TestNamespace()).List(context.Background(), v1.ListOptions{}) if err != nil { return err @@ -183,7 +199,7 @@ func EnsureCleanState(t *testing.T) { FailOnErr(Run("", "mkdir", "-p", TmpDir)) // We can switch user and as result in previous state we will have non-admin user, this case should be reset - fixture.LoginAs("admin") + CheckError(fixture.LoginAs("admin")) log.WithFields(log.Fields{"duration": time.Since(start), "name": t.Name(), "id": id, "username": "admin", "password": "password"}).Info("clean state") } @@ -260,7 +276,7 @@ func cleanUpNamespace(fixtureClient *E2EFixtureK8sClient, namespace string) erro msg = fmt.Sprintf("namespace '%s' still exists, after delete", namespace) } - if msg == "" && err != nil && strings.Contains(err.Error(), "not found") { + if msg == "" && err != nil && apierr.IsNotFound(err) { // Success is an error containing 'applicationset-e2e' not found. return nil } @@ -278,6 +294,18 @@ func cleanUpNamespace(fixtureClient *E2EFixtureK8sClient, namespace string) erro func waitForSuccess(condition func() error, expireTime time.Time) error { var mostRecentError error + sleepIntervals := []time.Duration{ + 10 * time.Millisecond, + 20 * time.Millisecond, + 50 * time.Millisecond, + 100 * time.Millisecond, + 200 * time.Millisecond, + 300 * time.Millisecond, + 500 * time.Millisecond, + 1 * time.Second, + } + sleepIntervalsIdx := -1 + for { if time.Now().After(expireTime) { break @@ -293,8 +321,11 @@ func waitForSuccess(condition func() error, expireTime time.Time) error { break } - // Wait 0.5 seconds on fail - time.Sleep(500 * time.Millisecond) + // Wait on fail + if sleepIntervalsIdx < len(sleepIntervals)-1 { + sleepIntervalsIdx++ + } + time.Sleep(sleepIntervals[sleepIntervalsIdx]) } return mostRecentError } diff --git a/test/e2e/fixture/cluster/context.go b/test/e2e/fixture/cluster/context.go index 9024b2d828a23..7ac01134f2f4b 100644 --- a/test/e2e/fixture/cluster/context.go +++ b/test/e2e/fixture/cluster/context.go @@ -2,7 +2,6 @@ package cluster import ( "testing" - "time" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "github.com/argoproj/argo-cd/v2/util/env" @@ -60,8 +59,6 @@ func (c *Context) And(block func()) *Context { } func (c *Context) When() *Actions { - // in case any settings have changed, pause for 1s, not great, but fine - time.Sleep(1 * time.Second) return &Actions{context: c} } diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index f2f366c201240..d26d2e73b7a35 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -8,12 +8,12 @@ import ( "os" "path" "path/filepath" + "reflect" "strconv" "strings" "testing" "time" - "github.com/argoproj/pkg/errors" jsonpatch "github.com/evanphx/json-patch" log "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" @@ -206,7 +206,7 @@ func init() { plainText = !tlsTestResult.TLS - LoginAs(adminUsername) + CheckError(LoginAs(adminUsername)) log.WithFields(log.Fields{"apiServerAddress": apiServerAddress}).Info("initialized") @@ -236,13 +236,25 @@ func init() { } } -func loginAs(username, password string) { +func loginAs(username, password string) error { closer, client, err := ArgoCDClientset.NewSessionClient() - CheckError(err) + if err != nil { + return err + } defer io.Close(closer) + userInfoResponse, err := client.GetUserInfo(context.Background(), &sessionpkg.GetUserInfoRequest{}) + if err != nil { + return err + } + if userInfoResponse.Username == username && userInfoResponse.LoggedIn { + return nil + } + sessionResponse, err := client.Create(context.Background(), &sessionpkg.SessionCreateRequest{Username: username, Password: password}) - CheckError(err) + if err != nil { + return err + } token = sessionResponse.Token ArgoCDClientset, err = apiclient.NewClient(&apiclient.ClientOptions{ @@ -256,15 +268,15 @@ func loginAs(username, password string) { RepoServerName: argoCDRepoServerName, AppControllerName: argoCDAppControllerName, }) - CheckError(err) + return err } -func LoginAs(username string) { +func LoginAs(username string) error { password := DefaultTestUserPassword if username == "admin" { password = AdminPassword } - loginAs(username, password) + return loginAs(username, password) } func Name() string { @@ -330,7 +342,7 @@ func RepoURL(urlType RepoURLType) string { case RepoURLTypeHelmOCI: return HelmOCIRegistryURL default: - return GetEnvWithDefault(EnvRepoURLDefault, fmt.Sprintf("file://%s", repoDirectory())) + return GetEnvWithDefault(EnvRepoURLDefault, "file://"+repoDirectory()) } } @@ -344,7 +356,7 @@ func DeploymentNamespace() string { // creates a secret for the current test, this currently can only create a single secret func CreateSecret(username, password string) string { - secretName := fmt.Sprintf("argocd-e2e-%s", name) + secretName := "argocd-e2e-" + name FailOnErr(Run("", "kubectl", "create", "secret", "generic", secretName, "--from-literal=username="+username, "--from-literal=password="+password, @@ -354,43 +366,63 @@ func CreateSecret(username, password string) string { } // Convenience wrapper for updating argocd-cm -func updateSettingConfigMap(updater func(cm *corev1.ConfigMap) error) { - updateGenericConfigMap(common.ArgoCDConfigMapName, updater) +func updateSettingConfigMap(updater func(cm *corev1.ConfigMap) error) error { + return updateGenericConfigMap(common.ArgoCDConfigMapName, updater) } // Convenience wrapper for updating argocd-notifications-cm -func updateNotificationsConfigMap(updater func(cm *corev1.ConfigMap) error) { - updateGenericConfigMap(common.ArgoCDNotificationsConfigMapName, updater) +func updateNotificationsConfigMap(updater func(cm *corev1.ConfigMap) error) error { + return updateGenericConfigMap(common.ArgoCDNotificationsConfigMapName, updater) } // Convenience wrapper for updating argocd-cm-rbac -func updateRBACConfigMap(updater func(cm *corev1.ConfigMap) error) { - updateGenericConfigMap(common.ArgoCDRBACConfigMapName, updater) +func updateRBACConfigMap(updater func(cm *corev1.ConfigMap) error) error { + return updateGenericConfigMap(common.ArgoCDRBACConfigMapName, updater) +} + +func configMapsEquivalent(a *corev1.ConfigMap, b *corev1.ConfigMap) bool { + return reflect.DeepEqual(a.Immutable, b.Immutable) && + reflect.DeepEqual(a.TypeMeta, b.TypeMeta) && + reflect.DeepEqual(a.ObjectMeta, b.ObjectMeta) && + // Covers cases when one map is nil and another is empty map + (len(a.Data) == 0 && len(b.Data) == 0 || reflect.DeepEqual(a.Data, b.Data)) && + (len(a.BinaryData) == 0 && len(b.BinaryData) == 0 || reflect.DeepEqual(a.BinaryData, b.BinaryData)) } // Updates a given config map in argocd-e2e namespace -func updateGenericConfigMap(name string, updater func(cm *corev1.ConfigMap) error) { +func updateGenericConfigMap(name string, updater func(cm *corev1.ConfigMap) error) error { cm, err := KubeClientset.CoreV1().ConfigMaps(TestNamespace()).Get(context.Background(), name, v1.GetOptions{}) - errors.CheckError(err) + if err != nil { + return err + } + oldCm := cm.DeepCopy() if cm.Data == nil { cm.Data = make(map[string]string) } - errors.CheckError(updater(cm)) - _, err = KubeClientset.CoreV1().ConfigMaps(TestNamespace()).Update(context.Background(), cm, v1.UpdateOptions{}) - errors.CheckError(err) + err = updater(cm) + if err != nil { + return err + } + if !configMapsEquivalent(cm, oldCm) { + _, err = KubeClientset.CoreV1().ConfigMaps(TestNamespace()).Update(context.Background(), cm, v1.UpdateOptions{}) + if err != nil { + return err + } + } + return nil } -func SetEnableManifestGeneration(val map[v1alpha1.ApplicationSourceType]bool) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetEnableManifestGeneration(val map[v1alpha1.ApplicationSourceType]bool) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { for k, v := range val { - cm.Data[fmt.Sprintf("%s.enable", strings.ToLower(string(k)))] = strconv.FormatBool(v) + cm.Data[strings.ToLower(string(k))+".enable"] = strconv.FormatBool(v) } return nil }) } -func SetResourceOverrides(overrides map[string]v1alpha1.ResourceOverride) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetResourceOverrides(overrides map[string]v1alpha1.ResourceOverride) error { + err := updateSettingConfigMap(func(cm *corev1.ConfigMap) error { if len(overrides) > 0 { yamlBytes, err := yaml.Marshal(overrides) if err != nil { @@ -402,33 +434,36 @@ func SetResourceOverrides(overrides map[string]v1alpha1.ResourceOverride) { } return nil }) + if err != nil { + return err + } - SetResourceOverridesSplitKeys(overrides) + return SetResourceOverridesSplitKeys(overrides) } -func SetInstallationID(installationID string) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetInstallationID(installationID string) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { cm.Data["installationID"] = installationID return nil }) } -func SetTrackingMethod(trackingMethod string) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetTrackingMethod(trackingMethod string) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { cm.Data["application.resourceTrackingMethod"] = trackingMethod return nil }) } -func SetTrackingLabel(trackingLabel string) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetTrackingLabel(trackingLabel string) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { cm.Data["application.instanceLabelKey"] = trackingLabel return nil }) } -func SetResourceOverridesSplitKeys(overrides map[string]v1alpha1.ResourceOverride) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetResourceOverridesSplitKeys(overrides map[string]v1alpha1.ResourceOverride) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { for k, v := range overrides { if v.HealthLua != "" { cm.Data[getResourceOverrideSplitKey(k, "health")] = v.HealthLua @@ -467,17 +502,17 @@ func getResourceOverrideSplitKey(key string, customizeType string) string { return fmt.Sprintf("resource.customizations.%s.%s", customizeType, groupKind) } -func SetAccounts(accounts map[string][]string) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetAccounts(accounts map[string][]string) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { for k, v := range accounts { - cm.Data[fmt.Sprintf("accounts.%s", k)] = strings.Join(v, ",") + cm.Data["accounts."+k] = strings.Join(v, ",") } return nil }) } -func SetPermissions(permissions []ACL, username string, roleName string) { - updateRBACConfigMap(func(cm *corev1.ConfigMap) error { +func SetPermissions(permissions []ACL, username string, roleName string) error { + return updateRBACConfigMap(func(cm *corev1.ConfigMap) error { var aclstr string for _, permission := range permissions { @@ -491,8 +526,8 @@ func SetPermissions(permissions []ACL, username string, roleName string) { }) } -func SetResourceFilter(filters settings.ResourcesFilter) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetResourceFilter(filters settings.ResourcesFilter) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { exclusions, err := yaml.Marshal(filters.ResourceExclusions) if err != nil { return err @@ -507,8 +542,8 @@ func SetResourceFilter(filters settings.ResourcesFilter) { }) } -func SetHelmRepos(repos ...settings.HelmRepoCredentials) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetHelmRepos(repos ...settings.HelmRepoCredentials) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { yamlBytes, err := yaml.Marshal(repos) if err != nil { return err @@ -518,8 +553,8 @@ func SetHelmRepos(repos ...settings.HelmRepoCredentials) { }) } -func SetRepos(repos ...settings.RepositoryCredentials) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetRepos(repos ...settings.RepositoryCredentials) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { yamlBytes, err := yaml.Marshal(repos) if err != nil { return err @@ -529,23 +564,25 @@ func SetRepos(repos ...settings.RepositoryCredentials) { }) } -func SetProjectSpec(project string, spec v1alpha1.AppProjectSpec) { +func SetProjectSpec(project string, spec v1alpha1.AppProjectSpec) error { proj, err := AppClientset.ArgoprojV1alpha1().AppProjects(TestNamespace()).Get(context.Background(), project, v1.GetOptions{}) - errors.CheckError(err) + if err != nil { + return err + } proj.Spec = spec _, err = AppClientset.ArgoprojV1alpha1().AppProjects(TestNamespace()).Update(context.Background(), proj, v1.UpdateOptions{}) - errors.CheckError(err) + return err } -func SetParamInSettingConfigMap(key, value string) { - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { +func SetParamInSettingConfigMap(key, value string) error { + return updateSettingConfigMap(func(cm *corev1.ConfigMap) error { cm.Data[key] = value return nil }) } -func SetParamInNotificationsConfigMap(key, value string) { - updateNotificationsConfigMap(func(cm *corev1.ConfigMap) error { +func SetParamInNotificationsConfigMap(key, value string) error { + return updateNotificationsConfigMap(func(cm *corev1.ConfigMap) error { cm.Data[key] = value return nil }) @@ -584,158 +621,365 @@ func EnsureCleanState(t *testing.T, opts ...TestOption) { }) start := time.Now() - policy := v1.DeletePropagationBackground - // delete resources - // kubectl delete apps --all - CheckError(AppClientset.ArgoprojV1alpha1().Applications(TestNamespace()).DeleteCollection(context.Background(), v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{})) - CheckError(AppClientset.ArgoprojV1alpha1().Applications(AppNamespace()).DeleteCollection(context.Background(), v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{})) - // kubectl delete appprojects --field-selector metadata.name!=default - CheckError(AppClientset.ArgoprojV1alpha1().AppProjects(TestNamespace()).DeleteCollection(context.Background(), - v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{FieldSelector: "metadata.name!=default"})) - // kubectl delete secrets -l argocd.argoproj.io/secret-type=repo-config - CheckError(KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection(context.Background(), - v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{LabelSelector: common.LabelKeySecretType + "=" + common.LabelValueSecretTypeRepository})) - // kubectl delete secrets -l argocd.argoproj.io/secret-type=repo-creds - CheckError(KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection(context.Background(), - v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{LabelSelector: common.LabelKeySecretType + "=" + common.LabelValueSecretTypeRepoCreds})) - // kubectl delete secrets -l argocd.argoproj.io/secret-type=cluster - CheckError(KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection(context.Background(), - v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{LabelSelector: common.LabelKeySecretType + "=" + common.LabelValueSecretTypeCluster})) - // kubectl delete secrets -l e2e.argoproj.io=true - CheckError(KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection(context.Background(), - v1.DeleteOptions{PropagationPolicy: &policy}, v1.ListOptions{LabelSelector: TestingLabel + "=true"})) - - FailOnErr(Run("", "kubectl", "delete", "ns", "-l", TestingLabel+"=true", "--field-selector", "status.phase=Active", "--wait=false")) - FailOnErr(Run("", "kubectl", "delete", "crd", "-l", TestingLabel+"=true", "--wait=false")) - FailOnErr(Run("", "kubectl", "delete", "clusterroles", "-l", TestingLabel+"=true", "--wait=false")) - - // reset settings - updateSettingConfigMap(func(cm *corev1.ConfigMap) error { - cm.Data = map[string]string{} - return nil - }) - updateNotificationsConfigMap(func(cm *corev1.ConfigMap) error { - cm.Data = map[string]string{} - return nil - }) - - // reset rbac - updateRBACConfigMap(func(cm *corev1.ConfigMap) error { - cm.Data = map[string]string{} - return nil + RunFunctionsInParallelAndCheckErrors(t, []func() error{ + func() error { + // kubectl delete apps ... + return AppClientset.ArgoprojV1alpha1().Applications(TestNamespace()).DeleteCollection( + context.Background(), + v1.DeleteOptions{PropagationPolicy: &policy}, + v1.ListOptions{}) + }, + func() error { + // kubectl delete apps ... + return AppClientset.ArgoprojV1alpha1().Applications(AppNamespace()).DeleteCollection( + context.Background(), + v1.DeleteOptions{PropagationPolicy: &policy}, + v1.ListOptions{}) + }, + func() error { + // kubectl delete appprojects --field-selector metadata.name!=default + return AppClientset.ArgoprojV1alpha1().AppProjects(TestNamespace()).DeleteCollection( + context.Background(), + v1.DeleteOptions{PropagationPolicy: &policy}, + v1.ListOptions{FieldSelector: "metadata.name!=default"}) + }, + func() error { + // kubectl delete secrets -l argocd.argoproj.io/secret-type=repo-config + return KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection( + context.Background(), + v1.DeleteOptions{PropagationPolicy: &policy}, + v1.ListOptions{LabelSelector: common.LabelKeySecretType + "=" + common.LabelValueSecretTypeRepository}) + }, + func() error { + // kubectl delete secrets -l argocd.argoproj.io/secret-type=repo-creds + return KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection( + context.Background(), + v1.DeleteOptions{PropagationPolicy: &policy}, + v1.ListOptions{LabelSelector: common.LabelKeySecretType + "=" + common.LabelValueSecretTypeRepoCreds}) + }, + func() error { + // kubectl delete secrets -l argocd.argoproj.io/secret-type=cluster + return KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection( + context.Background(), + v1.DeleteOptions{PropagationPolicy: &policy}, + v1.ListOptions{LabelSelector: common.LabelKeySecretType + "=" + common.LabelValueSecretTypeCluster}) + }, + func() error { + // kubectl delete secrets -l e2e.argoproj.io=true + return KubeClientset.CoreV1().Secrets(TestNamespace()).DeleteCollection( + context.Background(), + v1.DeleteOptions{PropagationPolicy: &policy}, + v1.ListOptions{LabelSelector: TestingLabel + "=true"}) + }, }) - // We can switch user and as result in previous state we will have non-admin user, this case should be reset - LoginAs(adminUsername) - - // reset gpg-keys config map - updateGenericConfigMap(common.ArgoCDGPGKeysConfigMapName, func(cm *corev1.ConfigMap) error { - cm.Data = map[string]string{} - return nil - }) + RunFunctionsInParallelAndCheckErrors(t, []func() error{ + func() error { + // delete old namespaces which were created by tests + namespaces, err := KubeClientset.CoreV1().Namespaces().List( + context.Background(), + v1.ListOptions{ + LabelSelector: TestingLabel + "=true", + FieldSelector: "status.phase=Active", + }, + ) + if err != nil { + return err + } + if len(namespaces.Items) > 0 { + args := []string{"delete", "ns", "--wait=false"} + for _, namespace := range namespaces.Items { + args = append(args, namespace.Name) + } + _, err := Run("", "kubectl", args...) + if err != nil { + return err + } + } - SetProjectSpec("default", v1alpha1.AppProjectSpec{ - OrphanedResources: nil, - SourceRepos: []string{"*"}, - Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "*"}}, - ClusterResourceWhitelist: []v1.GroupKind{{Group: "*", Kind: "*"}}, - SourceNamespaces: []string{AppNamespace()}, - }) + namespaces, err = KubeClientset.CoreV1().Namespaces().List(context.Background(), v1.ListOptions{}) + if err != nil { + return err + } + testNamespaceNames := []string{} + for _, namespace := range namespaces.Items { + if strings.HasPrefix(namespace.Name, E2ETestPrefix) { + testNamespaceNames = append(testNamespaceNames, namespace.Name) + } + } + if len(testNamespaceNames) > 0 { + args := []string{"delete", "ns"} + args = append(args, testNamespaceNames...) + _, err := Run("", "kubectl", args...) + if err != nil { + return err + } + } + return nil + }, + func() error { + // delete old CRDs which were created by tests, doesn't seem to have kube api to get items + _, err := Run("", "kubectl", "delete", "crd", "-l", TestingLabel+"=true", "--wait=false") + return err + }, + func() error { + // delete old ClusterRoles which were created by tests + clusterRoles, err := KubeClientset.RbacV1().ClusterRoles().List( + context.Background(), + v1.ListOptions{ + LabelSelector: fmt.Sprintf("%s=%s", TestingLabel, "true"), + }, + ) + if err != nil { + return err + } + if len(clusterRoles.Items) > 0 { + args := []string{"delete", "clusterrole", "--wait=false"} + for _, clusterRole := range clusterRoles.Items { + args = append(args, clusterRole.Name) + } + _, err := Run("", "kubectl", args...) + if err != nil { + return err + } + } - // Create separate project for testing gpg signature verification - FailOnErr(RunCli("proj", "create", "gpg")) - SetProjectSpec("gpg", v1alpha1.AppProjectSpec{ - OrphanedResources: nil, - SourceRepos: []string{"*"}, - Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "*"}}, - ClusterResourceWhitelist: []v1.GroupKind{{Group: "*", Kind: "*"}}, - SignatureKeys: []v1alpha1.SignatureKey{{KeyID: GpgGoodKeyID}}, - SourceNamespaces: []string{AppNamespace()}, + clusterRoles, err = KubeClientset.RbacV1().ClusterRoles().List(context.Background(), v1.ListOptions{}) + if err != nil { + return err + } + testClusterRoleNames := []string{} + for _, clusterRole := range clusterRoles.Items { + if strings.HasPrefix(clusterRole.Name, E2ETestPrefix) { + testClusterRoleNames = append(testClusterRoleNames, clusterRole.Name) + } + } + if len(testClusterRoleNames) > 0 { + args := []string{"delete", "clusterrole"} + args = append(args, testClusterRoleNames...) + _, err := Run("", "kubectl", args...) + if err != nil { + return err + } + } + return nil + }, + func() error { + // delete old ClusterRoleBindings which were created by tests + clusterRoleBindings, err := KubeClientset.RbacV1().ClusterRoleBindings().List(context.Background(), v1.ListOptions{}) + if err != nil { + return err + } + testClusterRoleBindingNames := []string{} + for _, clusterRoleBinding := range clusterRoleBindings.Items { + if strings.HasPrefix(clusterRoleBinding.Name, E2ETestPrefix) { + testClusterRoleBindingNames = append(testClusterRoleBindingNames, clusterRoleBinding.Name) + } + } + if len(testClusterRoleBindingNames) > 0 { + args := []string{"delete", "clusterrolebinding"} + args = append(args, testClusterRoleBindingNames...) + _, err := Run("", "kubectl", args...) + if err != nil { + return err + } + } + return nil + }, + func() error { + err := updateSettingConfigMap(func(cm *corev1.ConfigMap) error { + cm.Data = map[string]string{} + return nil + }) + if err != nil { + return err + } + err = updateNotificationsConfigMap(func(cm *corev1.ConfigMap) error { + cm.Data = map[string]string{} + return nil + }) + if err != nil { + return err + } + err = updateRBACConfigMap(func(cm *corev1.ConfigMap) error { + cm.Data = map[string]string{} + return nil + }) + if err != nil { + return err + } + return updateGenericConfigMap(common.ArgoCDGPGKeysConfigMapName, func(cm *corev1.ConfigMap) error { + cm.Data = map[string]string{} + return nil + }) + }, + func() error { + // We can switch user and as result in previous state we will have non-admin user, this case should be reset + return LoginAs(adminUsername) + }, }) - // Recreate temp dir - CheckError(os.RemoveAll(TmpDir)) - FailOnErr(Run("", "mkdir", "-p", TmpDir)) - - // random id - unique across test runs - randString, err := rand.String(5) - CheckError(err) - postFix := "-" + strings.ToLower(randString) - id = t.Name() + postFix - name = DnsFriendly(t.Name(), "") - deploymentNamespace = DnsFriendly(fmt.Sprintf("argocd-e2e-%s", t.Name()), postFix) - - // create TLS and SSH certificate directories - if IsLocal() { - FailOnErr(Run("", "mkdir", "-p", TmpDir+"/app/config/tls")) - FailOnErr(Run("", "mkdir", "-p", TmpDir+"/app/config/ssh")) - } - - // For signing during the tests - FailOnErr(Run("", "mkdir", "-p", TmpDir+"/gpg")) - FailOnErr(Run("", "chmod", "0700", TmpDir+"/gpg")) - prevGnuPGHome := os.Getenv("GNUPGHOME") - os.Setenv("GNUPGHOME", TmpDir+"/gpg") - // nolint:errcheck - Run("", "pkill", "-9", "gpg-agent") - FailOnErr(Run("", "gpg", "--import", "../fixture/gpg/signingkey.asc")) - os.Setenv("GNUPGHOME", prevGnuPGHome) - - // recreate GPG directories - if IsLocal() { - FailOnErr(Run("", "mkdir", "-p", TmpDir+"/app/config/gpg/source")) - FailOnErr(Run("", "mkdir", "-p", TmpDir+"/app/config/gpg/keys")) - FailOnErr(Run("", "chmod", "0700", TmpDir+"/app/config/gpg/keys")) - FailOnErr(Run("", "mkdir", "-p", TmpDir+PluginSockFilePath)) - FailOnErr(Run("", "chmod", "0700", TmpDir+PluginSockFilePath)) - } + RunFunctionsInParallelAndCheckErrors(t, []func() error{ + func() error { + err := SetProjectSpec("default", v1alpha1.AppProjectSpec{ + OrphanedResources: nil, + SourceRepos: []string{"*"}, + Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "*"}}, + ClusterResourceWhitelist: []v1.GroupKind{{Group: "*", Kind: "*"}}, + SourceNamespaces: []string{AppNamespace()}, + }) + if err != nil { + return err + } - // set-up tmp repo, must have unique name - FailOnErr(Run("", "cp", "-Rf", opt.testdata, repoDirectory())) - FailOnErr(Run(repoDirectory(), "chmod", "777", ".")) - FailOnErr(Run(repoDirectory(), "git", "init", "-b", "master")) - FailOnErr(Run(repoDirectory(), "git", "add", ".")) - FailOnErr(Run(repoDirectory(), "git", "commit", "-q", "-m", "initial commit")) + // Create separate project for testing gpg signature verification + _, err = AppClientset.ArgoprojV1alpha1().AppProjects(TestNamespace()).Create( + context.Background(), + &v1alpha1.AppProject{ + ObjectMeta: v1.ObjectMeta{ + Name: "gpg", + }, + Spec: v1alpha1.AppProjectSpec{ + OrphanedResources: nil, + SourceRepos: []string{"*"}, + Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "*"}}, + ClusterResourceWhitelist: []v1.GroupKind{{Group: "*", Kind: "*"}}, + SignatureKeys: []v1alpha1.SignatureKey{{KeyID: GpgGoodKeyID}}, + SourceNamespaces: []string{AppNamespace()}, + }, + }, + v1.CreateOptions{}, + ) + return err + }, + func() error { + err := os.RemoveAll(TmpDir) + if err != nil { + return err + } + _, err = Run("", "mkdir", "-p", TmpDir) + if err != nil { + return err + } - if IsRemote() { - FailOnErr(Run(repoDirectory(), "git", "remote", "add", "origin", os.Getenv("ARGOCD_E2E_GIT_SERVICE"))) - FailOnErr(Run(repoDirectory(), "git", "push", "origin", "master", "-f")) - } + // create TLS and SSH certificate directories + if IsLocal() { + _, err = Run("", "mkdir", "-p", TmpDir+"/app/config/tls") + if err != nil { + return err + } + _, err = Run("", "mkdir", "-p", TmpDir+"/app/config/ssh") + if err != nil { + return err + } + } - // create namespace - FailOnErr(Run("", "kubectl", "create", "ns", DeploymentNamespace())) - FailOnErr(Run("", "kubectl", "label", "ns", DeploymentNamespace(), TestingLabel+"=true")) + // For signing during the tests + _, err = Run("", "mkdir", "-p", TmpDir+"/gpg") + if err != nil { + return err + } + _, err = Run("", "chmod", "0700", TmpDir+"/gpg") + if err != nil { + return err + } + prevGnuPGHome := os.Getenv("GNUPGHOME") + os.Setenv("GNUPGHOME", TmpDir+"/gpg") + // nolint:errcheck + Run("", "pkill", "-9", "gpg-agent") + _, err = Run("", "gpg", "--import", "../fixture/gpg/signingkey.asc") + if err != nil { + return err + } + os.Setenv("GNUPGHOME", prevGnuPGHome) - // delete old namespaces used by E2E tests - namespaces, err := KubeClientset.CoreV1().Namespaces().List(context.Background(), v1.ListOptions{}) - CheckError(err) - for _, namespace := range namespaces.Items { - if strings.HasPrefix(namespace.Name, E2ETestPrefix) { - FailOnErr(Run("", "kubectl", "delete", "ns", namespace.Name)) - } - } + // recreate GPG directories + if IsLocal() { + _, err = Run("", "mkdir", "-p", TmpDir+"/app/config/gpg/source") + if err != nil { + return err + } + _, err = Run("", "mkdir", "-p", TmpDir+"/app/config/gpg/keys") + if err != nil { + return err + } + _, err = Run("", "chmod", "0700", TmpDir+"/app/config/gpg/keys") + if err != nil { + return err + } + _, err = Run("", "mkdir", "-p", TmpDir+PluginSockFilePath) + if err != nil { + return err + } + _, err = Run("", "chmod", "0700", TmpDir+PluginSockFilePath) + if err != nil { + return err + } + } - // delete old ClusterRoles that begin with "e2e-test-" prefix (E2ETestPrefix), which were created by tests - clusterRoles, err := KubeClientset.RbacV1().ClusterRoles().List(context.Background(), v1.ListOptions{}) - CheckError(err) - for _, clusterRole := range clusterRoles.Items { - if strings.HasPrefix(clusterRole.Name, E2ETestPrefix) { - FailOnErr(Run("", "kubectl", "delete", "clusterrole", clusterRole.Name)) - } - } + // set-up tmp repo, must have unique name + _, err = Run("", "cp", "-Rf", opt.testdata, repoDirectory()) + if err != nil { + return err + } + _, err = Run(repoDirectory(), "chmod", "777", ".") + if err != nil { + return err + } + _, err = Run(repoDirectory(), "git", "init", "-b", "master") + if err != nil { + return err + } + _, err = Run(repoDirectory(), "git", "add", ".") + if err != nil { + return err + } + _, err = Run(repoDirectory(), "git", "commit", "-q", "-m", "initial commit") + if err != nil { + return err + } - // delete old ClusterRoleBindings that begin with "e2e-test-prefix", which were created by E2E tests - clusterRoleBindings, err := KubeClientset.RbacV1().ClusterRoleBindings().List(context.Background(), v1.ListOptions{}) - CheckError(err) - for _, clusterRoleBinding := range clusterRoleBindings.Items { - if strings.HasPrefix(clusterRoleBinding.Name, E2ETestPrefix) { - FailOnErr(Run("", "kubectl", "delete", "clusterrolebinding", clusterRoleBinding.Name)) - } - } + if IsRemote() { + _, err = Run(repoDirectory(), "git", "remote", "add", "origin", os.Getenv("ARGOCD_E2E_GIT_SERVICE")) + if err != nil { + return err + } + _, err = Run(repoDirectory(), "git", "push", "origin", "master", "-f") + if err != nil { + return err + } + } + return nil + }, + func() error { + // random id - unique across test runs + randString, err := rand.String(5) + if err != nil { + return err + } + postFix := "-" + strings.ToLower(randString) + id = t.Name() + postFix + name = DnsFriendly(t.Name(), "") + deploymentNamespace = DnsFriendly("argocd-e2e-"+t.Name(), postFix) + // create namespace + _, err = Run("", "kubectl", "create", "ns", DeploymentNamespace()) + if err != nil { + return err + } + _, err = Run("", "kubectl", "label", "ns", DeploymentNamespace(), TestingLabel+"=true") + return err + }, + }) - log.WithFields(log.Fields{"duration": time.Since(start), "name": t.Name(), "id": id, "username": "admin", "password": "password"}).Info("clean state") + log.WithFields(log.Fields{ + "duration": time.Since(start), + "name": t.Name(), + "id": id, + "username": "admin", + "password": "password", + }).Info("clean state") } func RunCliWithRetry(maxRetries int, args ...string) (string, error) { @@ -843,7 +1087,7 @@ func AddSignedFile(path, contents string) { os.Setenv("GNUPGHOME", TmpDir+"/gpg") FailOnErr(Run(repoDirectory(), "git", "diff")) FailOnErr(Run(repoDirectory(), "git", "add", ".")) - FailOnErr(Run(repoDirectory(), "git", "-c", fmt.Sprintf("user.signingkey=%s", GpgGoodKeyID), "commit", "-S", "-am", "add file")) + FailOnErr(Run(repoDirectory(), "git", "-c", "user.signingkey="+GpgGoodKeyID, "commit", "-S", "-am", "add file")) os.Setenv("GNUPGHOME", prevGnuPGHome) if IsRemote() { FailOnErr(Run(repoDirectory(), "git", "push", "-f", "origin", "master")) @@ -854,7 +1098,7 @@ func AddSignedTag(name string) { prevGnuPGHome := os.Getenv("GNUPGHOME") os.Setenv("GNUPGHOME", TmpDir+"/gpg") defer os.Setenv("GNUPGHOME", prevGnuPGHome) - FailOnErr(Run(repoDirectory(), "git", "-c", fmt.Sprintf("user.signingkey=%s", GpgGoodKeyID), "tag", "-sm", "add signed tag", name)) + FailOnErr(Run(repoDirectory(), "git", "-c", "user.signingkey="+GpgGoodKeyID, "tag", "-sm", "add signed tag", name)) if IsRemote() { FailOnErr(Run(repoDirectory(), "git", "push", "--tags", "-f", "origin", "master")) } @@ -952,7 +1196,7 @@ func RestartRepoServer() { FailOnErr(Run("", "kubectl", "rollout", "-n", TestNamespace(), "restart", "deployment", workload)) FailOnErr(Run("", "kubectl", "rollout", "-n", TestNamespace(), "status", "deployment", workload)) // wait longer to avoid error on s390x - time.Sleep(10 * time.Second) + time.Sleep(5 * time.Second) } } @@ -1025,7 +1269,7 @@ func RecordTestRun(t *testing.T) { t.Fatalf("could not close record file %s: %v", rf, err) } }() - if _, err := f.WriteString(fmt.Sprintf("%s\n", t.Name())); err != nil { + if _, err := f.WriteString(t.Name() + "\n"); err != nil { t.Fatalf("could not write to %s: %v", rf, err) } } diff --git a/test/e2e/fixture/gpgkeys/gpgkeys.go b/test/e2e/fixture/gpgkeys/gpgkeys.go index 0751f67ad2cec..28c49fdd74053 100644 --- a/test/e2e/fixture/gpgkeys/gpgkeys.go +++ b/test/e2e/fixture/gpgkeys/gpgkeys.go @@ -11,7 +11,7 @@ import ( // Add GPG public key via API and create appropriate file where the ConfigMap mount would de it as well func AddGPGPublicKey() { - keyPath, err := filepath.Abs(fmt.Sprintf("../fixture/gpg/%s", fixture.GpgGoodKeyID)) + keyPath, err := filepath.Abs("../fixture/gpg/" + fixture.GpgGoodKeyID) errors.CheckError(err) args := []string{"gpg", "add", "--from", keyPath} errors.FailOnErr(fixture.RunCli(args...)) diff --git a/test/e2e/fixture/notification/actions.go b/test/e2e/fixture/notification/actions.go index 622032441ee75..1012368ceeede 100644 --- a/test/e2e/fixture/notification/actions.go +++ b/test/e2e/fixture/notification/actions.go @@ -1,9 +1,8 @@ package notification import ( - "time" - "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + "github.com/argoproj/argo-cd/v2/util/errors" ) // this implements the "when" part of given/when/then @@ -17,14 +16,12 @@ type Actions struct { } func (a *Actions) SetParamInNotificationConfigMap(key, value string) *Actions { - fixture.SetParamInNotificationsConfigMap(key, value) + errors.CheckError(fixture.SetParamInNotificationsConfigMap(key, value)) return a } func (a *Actions) Then() *Consequences { a.context.t.Helper() - // in case any settings have changed, pause for 1s, not great, but fine - time.Sleep(1 * time.Second) return &Consequences{a.context, a} } diff --git a/test/e2e/fixture/project/context.go b/test/e2e/fixture/project/context.go index 55f8d36199112..8ab0a929f7ed0 100644 --- a/test/e2e/fixture/project/context.go +++ b/test/e2e/fixture/project/context.go @@ -2,7 +2,6 @@ package project import ( "testing" - "time" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "github.com/argoproj/argo-cd/v2/util/env" @@ -63,7 +62,5 @@ func (c *Context) And(block func()) *Context { } func (c *Context) When() *Actions { - // in case any settings have changed, pause for 1s, not great, but fine - time.Sleep(1 * time.Second) return &Actions{context: c} } diff --git a/test/e2e/fixture/repos/context.go b/test/e2e/fixture/repos/context.go index 4df9c1e4bb594..0adea442fe9e5 100644 --- a/test/e2e/fixture/repos/context.go +++ b/test/e2e/fixture/repos/context.go @@ -2,7 +2,6 @@ package repos import ( "testing" - "time" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "github.com/argoproj/argo-cd/v2/util/env" @@ -19,11 +18,16 @@ type Context struct { project string } -func Given(t *testing.T, sameState bool) *Context { +func Given(t *testing.T) *Context { + t.Helper() + fixture.EnsureCleanState(t) + return GivenWithSameState(t) +} + +// GivenWithSameState skips cleaning state. Use this when you've already ensured you have a clean +// state in your test setup don't want to waste time by doing so again. +func GivenWithSameState(t *testing.T) *Context { t.Helper() - if !sameState { - fixture.EnsureCleanState(t) - } // ARGOCE_E2E_DEFAULT_TIMEOUT can be used to override the default timeout // for any context. timeout := env.ParseNumFromEnv("ARGOCD_E2E_DEFAULT_TIMEOUT", 10, 0, 180) @@ -50,8 +54,6 @@ func (c *Context) And(block func()) *Context { } func (c *Context) When() *Actions { - // in case any settings have changed, pause for 1s, not great, but fine - time.Sleep(1 * time.Second) return &Actions{context: c} } diff --git a/test/e2e/fixture/repos/repos.go b/test/e2e/fixture/repos/repos.go index e64f6e20fe8fa..0a647a1ffe6d8 100644 --- a/test/e2e/fixture/repos/repos.go +++ b/test/e2e/fixture/repos/repos.go @@ -160,7 +160,7 @@ func PushChartToOCIRegistry(chartPathName, chartName, chartVersion string) { errors.CheckError(err1) defer func() { _ = os.RemoveAll(tempDest) }() - chartAbsPath, err2 := filepath.Abs(fmt.Sprintf("./testdata/%s", chartPathName)) + chartAbsPath, err2 := filepath.Abs("./testdata/" + chartPathName) errors.CheckError(err2) _ = os.Setenv("HELM_EXPERIMENTAL_OCI", "1") @@ -172,6 +172,6 @@ func PushChartToOCIRegistry(chartPathName, chartName, chartVersion string) { "helm", "push", fmt.Sprintf("%s/%s-%s.tgz", tempDest, chartName, chartVersion), - fmt.Sprintf("oci://%s", fixture.HelmOCIRegistryURL), + "oci://"+fixture.HelmOCIRegistryURL, )) } diff --git a/test/e2e/fixture/util.go b/test/e2e/fixture/util.go index f9ed39f15b3e9..0669440f681d5 100644 --- a/test/e2e/fixture/util.go +++ b/test/e2e/fixture/util.go @@ -3,6 +3,11 @@ package fixture import ( "regexp" "strings" + "testing" + + "github.com/argoproj/argo-cd/v2/util/errors" + + "golang.org/x/sync/errgroup" ) var ( @@ -21,3 +26,12 @@ func DnsFriendly(str string, postfix string) string { } return str + postfix } + +func RunFunctionsInParallelAndCheckErrors(t *testing.T, functions []func() error) { + t.Helper() + var eg errgroup.Group + for _, function := range functions { + eg.Go(function) + } + errors.CheckError(eg.Wait()) +} diff --git a/test/e2e/graceful_restart_test.go b/test/e2e/graceful_restart_test.go new file mode 100644 index 0000000000000..6f5c6960a4f1d --- /dev/null +++ b/test/e2e/graceful_restart_test.go @@ -0,0 +1,58 @@ +package e2e + +import ( + "context" + "net/http" + "strings" + "testing" + "time" + + "github.com/stretchr/testify/require" + + "github.com/argoproj/argo-cd/v2/pkg/apiclient/settings" + "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" + "github.com/argoproj/argo-cd/v2/util/errors" +) + +func checkHealth(t *testing.T, requireHealthy bool) { + t.Helper() + resp, err := DoHttpRequest("GET", "/healthz?full=true", "") + if requireHealthy { + require.NoError(t, err) + require.Equal(t, http.StatusOK, resp.StatusCode) + } else { + if err != nil { + if !strings.Contains(err.Error(), "connection refused") && !strings.Contains(err.Error(), "connection reset by peer") { + require.NoErrorf(t, err, "If an error returned, it must be about connection refused or reset by peer") + } + } else { + require.Contains(t, []int{http.StatusOK, http.StatusServiceUnavailable}, resp.StatusCode) + } + } +} + +func TestAPIServerGracefulRestart(t *testing.T) { + EnsureCleanState(t) + + // Should be healthy. + checkHealth(t, true) + // Should trigger API server restart. + errors.CheckError(fixture.SetParamInSettingConfigMap("url", "http://test-api-server-graceful-restart")) + + // Wait for ~5 seconds + for i := 0; i < 50; i++ { + checkHealth(t, false) + time.Sleep(100 * time.Millisecond) + } + // One final time, should be healthy, or restart is considered too slow for tests + checkHealth(t, true) + closer, settingsClient, err := ArgoCDClientset.NewSettingsClient() + if closer != nil { + defer closer.Close() + } + require.NoError(t, err) + settings, err := settingsClient.Get(context.Background(), &settings.SettingsQuery{}) + require.NoError(t, err) + require.Equal(t, "http://test-api-server-graceful-restart", settings.URL) +} diff --git a/test/e2e/helm_test.go b/test/e2e/helm_test.go index d0b3443000a95..858626b4246ac 100644 --- a/test/e2e/helm_test.go +++ b/test/e2e/helm_test.go @@ -511,22 +511,22 @@ func testHelmWithDependencies(t *testing.T, chartPath string, legacyRepo bool) { ctx.And(func() { FailOnErr(fixture.Run("", "kubectl", "create", "secret", "generic", "helm-repo", "-n", fixture.TestNamespace(), - fmt.Sprintf("--from-file=certSecret=%s", repos.CertPath), - fmt.Sprintf("--from-file=keySecret=%s", repos.CertKeyPath), - fmt.Sprintf("--from-literal=username=%s", GitUsername), - fmt.Sprintf("--from-literal=password=%s", GitPassword), + "--from-file=certSecret="+repos.CertPath, + "--from-file=keySecret="+repos.CertKeyPath, + "--from-literal=username="+GitUsername, + "--from-literal=password="+GitPassword, )) FailOnErr(fixture.KubeClientset.CoreV1().Secrets(fixture.TestNamespace()).Patch(context.Background(), "helm-repo", types.MergePatchType, []byte(`{"metadata": { "labels": {"e2e.argoproj.io": "true"} }}`), metav1.PatchOptions{})) - fixture.SetHelmRepos(settings.HelmRepoCredentials{ + CheckError(fixture.SetHelmRepos(settings.HelmRepoCredentials{ URL: RepoURL(RepoURLTypeHelm), Name: "custom-repo", KeySecret: &v1.SecretKeySelector{LocalObjectReference: v1.LocalObjectReference{Name: "helm-repo"}, Key: "keySecret"}, CertSecret: &v1.SecretKeySelector{LocalObjectReference: v1.LocalObjectReference{Name: "helm-repo"}, Key: "certSecret"}, UsernameSecret: &v1.SecretKeySelector{LocalObjectReference: v1.LocalObjectReference{Name: "helm-repo"}, Key: "username"}, PasswordSecret: &v1.SecretKeySelector{LocalObjectReference: v1.LocalObjectReference{Name: "helm-repo"}, Key: "password"}, - }) + })) }) } else { ctx = ctx.HelmRepoAdded("custom-repo") diff --git a/test/e2e/hook_test.go b/test/e2e/hook_test.go index f69fc18defcc5..a538566986213 100644 --- a/test/e2e/hook_test.go +++ b/test/e2e/hook_test.go @@ -335,7 +335,7 @@ func TestHookBeforeHookCreation(t *testing.T) { CheckError(err) assert.NotEmpty(t, creationTimestamp1) // pause to ensure that timestamp will change - time.Sleep(2 * time.Second) + time.Sleep(1 * time.Second) }). When(). Sync(). diff --git a/test/e2e/hydrator_test.go b/test/e2e/hydrator_test.go new file mode 100644 index 0000000000000..0d36aa240ad29 --- /dev/null +++ b/test/e2e/hydrator_test.go @@ -0,0 +1,102 @@ +package e2e + +import ( + "testing" + + . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" + + . "github.com/argoproj/gitops-engine/pkg/sync/common" +) + +func TestSimpleHydrator(t *testing.T) { + Given(t). + DrySourcePath("guestbook"). + DrySourceRevision("HEAD"). + SyncSourcePath("guestbook"). + SyncSourceBranch("env/test"). + When(). + CreateApp(). + Refresh(RefreshTypeNormal). + Wait("--hydrated"). + Sync(). + Then(). + Expect(OperationPhaseIs(OperationSucceeded)). + Expect(SyncStatusIs(SyncStatusCodeSynced)) +} + +func TestHydrateTo(t *testing.T) { + Given(t). + DrySourcePath("guestbook"). + DrySourceRevision("HEAD"). + SyncSourcePath("guestbook"). + SyncSourceBranch("env/test"). + HydrateToBranch("env/test-next"). + When(). + CreateApp(). + Refresh(RefreshTypeNormal). + Wait("--hydrated"). + Then(). + Given(). + // Async so we don't fail immediately on the error + Async(true). + When(). + Sync(). + Wait("--operation"). + Then(). + // Fails because we hydrated to env/test-next but not to env/test. + Expect(OperationPhaseIs(OperationError)). + When(). + // Will now hydrate to the sync source branch. + AppSet("--hydrate-to-branch", ""). + Refresh(RefreshTypeNormal). + Wait("--hydrated"). + Sync(). + Wait("--operation"). + Then(). + Expect(OperationPhaseIs(OperationSucceeded)). + Expect(SyncStatusIs(SyncStatusCodeSynced)) +} + +func TestAddingApp(t *testing.T) { + // Make sure that if we add another app targeting the same sync branch, it hydrates correctly. + Given(t). + Name("test-adding-app-1"). + DrySourcePath("guestbook"). + DrySourceRevision("HEAD"). + SyncSourcePath("guestbook-1"). + SyncSourceBranch("env/test"). + When(). + CreateApp(). + Refresh(RefreshTypeNormal). + Wait("--hydrated"). + Sync(). + Then(). + Expect(OperationPhaseIs(OperationSucceeded)). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Given(). + Name("test-adding-app-2"). + DrySourcePath("guestbook"). + DrySourceRevision("HEAD"). + SyncSourcePath("guestbook-2"). + SyncSourceBranch("env/test"). + When(). + CreateApp(). + Refresh(RefreshTypeNormal). + Wait("--hydrated"). + Sync(). + Then(). + Expect(OperationPhaseIs(OperationSucceeded)). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + // Clean up the apps manually since we used custom names. + When(). + Delete(true). + Then(). + Expect(DoesNotExist()). + Given(). + Name("test-adding-app-1"). + When(). + Delete(true). + Then(). + Expect(DoesNotExist()) +} diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index 62cd7fef56e04..d023155785114 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:768e5c6f5cb6db0794eec98dc7a967f40631746c32232b78a3105fb946f3ab83 +FROM docker.io/library/busybox@sha256:2919d0172f7524b2d8df9e50066a682669e6d170ac0f6a49676d54358fe970b5 CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index 4222577fa3fc0..95688aaa59394 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -520,7 +520,7 @@ func TestGetVirtualProjectNoMatch(t *testing.T) { projectName := "proj-" + fixture.Name() _, err = fixture.RunCli("proj", "create", projectName, "--description", "Test description", - "-d", fmt.Sprintf("%s,*", v1alpha1.KubernetesInternalAPIServerAddr), + "-d", v1alpha1.KubernetesInternalAPIServerAddr+",*", "-s", "*", "--orphaned-resources") require.NoError(t, err) @@ -533,10 +533,6 @@ func TestGetVirtualProjectNoMatch(t *testing.T) { "--path", guestbookPath, "--project", proj.Name, "--dest-server", v1alpha1.KubernetesInternalAPIServerAddr, "--dest-namespace", fixture.DeploymentNamespace()) require.NoError(t, err) - // Waiting for the app to be successfully created. - // Else the sync would fail to retrieve the app resources. - time.Sleep(time.Second * 2) - // App trying to sync a resource which is not blacked listed anywhere _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", "apps:Deployment:guestbook-ui", "--timeout", strconv.Itoa(10)) require.NoError(t, err) @@ -555,7 +551,7 @@ func TestGetVirtualProjectMatch(t *testing.T) { projectName := "proj-" + fixture.Name() _, err = fixture.RunCli("proj", "create", projectName, "--description", "Test description", - "-d", fmt.Sprintf("%s,*", v1alpha1.KubernetesInternalAPIServerAddr), + "-d", v1alpha1.KubernetesInternalAPIServerAddr+",*", "-s", "*", "--orphaned-resources") require.NoError(t, err) @@ -573,10 +569,6 @@ func TestGetVirtualProjectMatch(t *testing.T) { "--path", guestbookPath, "--project", proj.Name, "--dest-server", v1alpha1.KubernetesInternalAPIServerAddr, "--dest-namespace", fixture.DeploymentNamespace()) require.NoError(t, err) - // Waiting for the app to be successfully created. - // Else the sync would fail to retrieve the app resources. - time.Sleep(time.Second * 2) - // App trying to sync a resource which is not blacked listed anywhere _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", "apps:Deployment:guestbook-ui", "--timeout", strconv.Itoa(10)) require.ErrorContains(t, err, "blocked by sync window") diff --git a/test/e2e/repo_management_test.go b/test/e2e/repo_management_test.go index c49eb2eeba794..97627d84f31d8 100644 --- a/test/e2e/repo_management_test.go +++ b/test/e2e/repo_management_test.go @@ -89,7 +89,7 @@ func TestGetRepoWithInheritedCreds(t *testing.T) { func TestUpsertExistingRepo(t *testing.T) { app.Given(t).And(func() { - fixture.SetRepos(settings.RepositoryCredentials{URL: fixture.RepoURL(fixture.RepoURLTypeFile)}) + CheckError(fixture.SetRepos(settings.RepositoryCredentials{URL: fixture.RepoURL(fixture.RepoURLTypeFile)})) repoUrl := fixture.RepoURL(fixture.RepoURLTypeFile) _, err := fixture.RunCli("repo", "add", repoUrl) require.NoError(t, err) diff --git a/test/e2e/scoped_repository_test.go b/test/e2e/scoped_repository_test.go index 8578f2fa90932..0075b6bd1b40a 100644 --- a/test/e2e/scoped_repository_test.go +++ b/test/e2e/scoped_repository_test.go @@ -23,7 +23,7 @@ func TestCreateRepositoryWithProject(t *testing.T) { Then() path := "https://github.com/argoproj/argo-cd.git" - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(path). Project("argo-project"). @@ -48,7 +48,7 @@ func TestCreateRepositoryNonAdminUserPermissionDenied(t *testing.T) { Login() path := "https://github.com/argoproj/argo-cd.git" - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(path). Project("argo-project"). @@ -75,7 +75,7 @@ func TestCreateRepositoryNonAdminUserWithWrongProject(t *testing.T) { }, "org-admin") path := "https://github.com/argoproj/argo-cd.git" - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(path). Project("argo-project"). @@ -112,7 +112,7 @@ func TestDeleteRepositoryRbacAllowed(t *testing.T) { }, "org-admin") path := "https://github.com/argoproj/argo-cd.git" - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(path). Project("argo-project"). @@ -155,7 +155,7 @@ func TestDeleteRepositoryRbacDenied(t *testing.T) { }, "org-admin") path := "https://github.com/argoproj/argo-cd.git" - repoFixture.Given(t, true). + repoFixture.GivenWithSameState(t). When(). Path(path). Project("argo-project"). @@ -176,7 +176,7 @@ func TestDeleteRepositoryRbacDenied(t *testing.T) { func TestDeleteRepository(t *testing.T) { path := "https://github.com/argoproj/argo-cd.git" - repoFixture.Given(t, false). + repoFixture.Given(t). When(). Path(path). Project("argo-project"). @@ -195,7 +195,7 @@ func TestDeleteRepository(t *testing.T) { func TestListRepoCLIOutput(t *testing.T) { path := "https://github.com/argoproj/argo-cd.git" - repoFixture.Given(t, false). + repoFixture.Given(t). When(). Path(path). Project("argo-project"). @@ -215,7 +215,7 @@ git https://github.com/argoproj/argo-cd.git false false false fal func TestGetRepoCLIOutput(t *testing.T) { path := "https://github.com/argoproj/argo-cd.git" - repoFixture.Given(t, false). + repoFixture.Given(t). When(). Path(path). Project("argo-project"). diff --git a/test/e2e/selective_sync_test.go b/test/e2e/selective_sync_test.go index 2f7704aa6b2ea..5cbf44643a37b 100644 --- a/test/e2e/selective_sync_test.go +++ b/test/e2e/selective_sync_test.go @@ -116,5 +116,5 @@ func getNewNamespace(t *testing.T) string { require.NoError(t, err) postFix := "-" + strings.ToLower(randStr) name := fixture.DnsFriendly(t.Name(), "") - return fixture.DnsFriendly(fmt.Sprintf("argocd-e2e-%s", name), postFix) + return fixture.DnsFriendly("argocd-e2e-"+name, postFix) } diff --git a/test/e2e/sync_options_test.go b/test/e2e/sync_options_test.go index b5dc685e76c13..fae78ed616328 100644 --- a/test/e2e/sync_options_test.go +++ b/test/e2e/sync_options_test.go @@ -53,11 +53,11 @@ func TestSyncWithStatusIgnored(t *testing.T) { Path(guestbookPath). When(). And(func() { - fixture.SetResourceOverrides(map[string]ResourceOverride{ + errors.CheckError(fixture.SetResourceOverrides(map[string]ResourceOverride{ "/": { IgnoreDifferences: OverrideIgnoreDiff{JSONPointers: []string{"/status"}}, }, - }) + })) }). CreateFromFile(func(app *Application) { app.Spec.SyncPolicy = &SyncPolicy{Automated: &SyncPolicyAutomated{SelfHeal: true}} diff --git a/test/e2e/sync_waves_test.go b/test/e2e/sync_waves_test.go index 8d0ee14e487d1..8beda162e5708 100644 --- a/test/e2e/sync_waves_test.go +++ b/test/e2e/sync_waves_test.go @@ -6,6 +6,7 @@ import ( . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" + "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/gitops-engine/pkg/health" . "github.com/argoproj/gitops-engine/pkg/sync/common" @@ -20,11 +21,11 @@ func TestFixingDegradedApp(t *testing.T) { IgnoreErrors(). CreateApp(). And(func() { - SetResourceOverrides(map[string]ResourceOverride{ + errors.CheckError(SetResourceOverrides(map[string]ResourceOverride{ "ConfigMap": { HealthLua: `return { status = obj.metadata.annotations and obj.metadata.annotations['health'] or 'Degraded' }`, }, - }) + })) }). Sync(). Then(). diff --git a/test/e2e/testdata/helm-repo/local/index.yaml b/test/e2e/testdata/helm-repo/local/index.yaml index 172cc0614966e..6e1a61435e61d 100644 --- a/test/e2e/testdata/helm-repo/local/index.yaml +++ b/test/e2e/testdata/helm-repo/local/index.yaml @@ -5,3 +5,4 @@ entries: urls: - http://127.0.0.1:9080/argo-e2e/testdata.git/helm-repo/helm-1.0.0.tgz version: 1.0.0 + name: helm diff --git a/test/e2e/testdata/helm-repo/local2/index.yaml b/test/e2e/testdata/helm-repo/local2/index.yaml index d41211cf0f660..711e1c5adf659 100644 --- a/test/e2e/testdata/helm-repo/local2/index.yaml +++ b/test/e2e/testdata/helm-repo/local2/index.yaml @@ -5,4 +5,5 @@ entries: urls: - http://127.0.0.1:9080/argo-e2e/testdata.git/helm-repo/helm-1.0.0.tgz version: 1.0.0 + name: helm diff --git a/test/e2e/testdata/helm-repo/remote/index.yaml b/test/e2e/testdata/helm-repo/remote/index.yaml index 2ce1fd789ff91..e43aec67572b0 100644 --- a/test/e2e/testdata/helm-repo/remote/index.yaml +++ b/test/e2e/testdata/helm-repo/remote/index.yaml @@ -5,3 +5,4 @@ entries: urls: - http://argocd-e2e-server:9080/helm-repo/helm-1.0.0.tgz version: 1.0.0 + name: helm \ No newline at end of file diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index d1bed0ae1a323..062550e78000e 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 -FROM docker.io/library/golang:1.23.3@sha256:d56c3e08fe5b27729ee3834854ae8f7015af48fd651cd25d1e3bcf3c19830174 AS go +FROM docker.io/library/golang:1.23.4@sha256:81e1da9b9604cdee2bc226e90e15f9d51ae6a8cd2271dc341c42ca0926c3b83f AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest diff --git a/ui-test/.env b/ui-test/.env index 9e4c5b3d72259..4c2aa2475a363 100644 --- a/ui-test/.env +++ b/ui-test/.env @@ -21,6 +21,15 @@ IS_HEADLESS=true # URL of the ArgoCD UI to test against ARGOCD_URL=http://localhost:4000 # +# argocd app definition namespace +ARGOCD_NAMESPACE=argocd-e2e +# +# argocd credentials (if any) +#ARGOCD_AUTH_USERNAME=admin +# +# argocd credentials (if any) +#ARGOCD_AUTH_PASSWORD=password +# # Git repository where applications reside GIT_REPO=https://github.com/argoproj/argocd-example-apps # diff --git a/ui-test/package.json b/ui-test/package.json index 64dc92eb28e48..44612099be8c6 100644 --- a/ui-test/package.json +++ b/ui-test/package.json @@ -14,19 +14,19 @@ "dependencies": { "@types/selenium-webdriver": "^4.1.27", "assert": "^2.1.0", - "chromedriver": "^131.0.1", - "selenium-webdriver": "^4.26.0" + "chromedriver": "^131.0.4", + "selenium-webdriver": "^4.27.0" }, "devDependencies": { - "@types/mocha": "^10.0.9", - "@types/node": "^22.8.7", - "dotenv": "^16.4.5", - "mocha": "^10.7.3", + "@types/mocha": "^10.0.10", + "@types/node": "^22.10.2", + "dotenv": "^16.4.7", + "mocha": "^11.0.1", "prettier": "^2.8.8", "tslint": "^6.1.3", "tslint-config-prettier": "^1.18.0", "tslint-plugin-prettier": "^2.0.1", - "typescript": "^5.6.3", + "typescript": "^5.7.2", "yarn": "^1.22.22" } } diff --git a/ui-test/src/Configuration.ts b/ui-test/src/Configuration.ts index 33323433f1559..74fdd20f75096 100644 --- a/ui-test/src/Configuration.ts +++ b/ui-test/src/Configuration.ts @@ -1,4 +1,4 @@ -require('dotenv').config({path: __dirname + '/.env'}); +require('dotenv').config({path: __dirname + '/../.env'}); export default class Configuration { // Test specific @@ -6,6 +6,9 @@ export default class Configuration { public static readonly TEST_TIMEOUT: string | undefined = process.env.TEST_TIMEOUT; // ArgoCD UI specific. These are for single application-based tests, so one can quickly create an app based on the environment variables public static readonly ARGOCD_URL: string = process.env.ARGOCD_URL ? process.env.ARGOCD_URL : ''; + public static readonly ARGOCD_NAMESPACE: string = process.env.ARGOCD_NAMESPACE || 'argocd'; + public static readonly ARGOCD_AUTH_USERNAME: string = process.env.ARGOCD_AUTH_USERNAME || ''; + public static readonly ARGOCD_AUTH_PASSWORD: string = process.env.ARGOCD_AUTH_PASSWORD || ''; public static readonly APP_NAME: string = process.env.APP_NAME ? process.env.APP_NAME : ''; public static readonly APP_PROJECT: string = process.env.APP_PROJECT ? process.env.APP_PROJECT : ''; public static readonly GIT_REPO: string = process.env.GIT_REPO ? process.env.GIT_REPO : ''; diff --git a/ui-test/src/Constants.ts b/ui-test/src/Constants.ts index 89c1155774b22..f3f12dce52d4d 100644 --- a/ui-test/src/Constants.ts +++ b/ui-test/src/Constants.ts @@ -1,4 +1,4 @@ export const TEST_TIMEOUT: number = 60000; -export const TEST_SLIDING_PANEL_TIMEOUT: number = 6000; +export const TEST_SLIDING_PANEL_TIMEOUT: number = 10000; export const TEST_IS_NOT_VISIBLE_TIMEOUT: number = 5000; export const ENABLE_CONSOLE_LOG: boolean = true; diff --git a/ui-test/src/UiTestUtilities.ts b/ui-test/src/UiTestUtilities.ts index d66eaaed4cac7..ac38790ca1e4e 100644 --- a/ui-test/src/UiTestUtilities.ts +++ b/ui-test/src/UiTestUtilities.ts @@ -80,7 +80,7 @@ export default class UiTestUtilities { timeout = parseInt(Configuration.TEST_TIMEOUT, 10); } const element = await driver.wait(until.elementLocated(locator), timeout); - var isDisplayed = await element.isDisplayed(); + const isDisplayed = await element.isDisplayed(); if (isDisplayed) { await driver.wait(until.elementIsVisible(element), timeout); } diff --git a/ui-test/src/applications-list/applications-list.ts b/ui-test/src/applications-list/applications-list.ts index 3aa5e42ab2c8d..ae76b9d80c045 100644 --- a/ui-test/src/applications-list/applications-list.ts +++ b/ui-test/src/applications-list/applications-list.ts @@ -5,6 +5,7 @@ import {Base} from '../base'; import {ApplicationCreatePanel} from '../application-create-panel/application-create-panel'; import {ApplicationsSyncPanel, SYNC_PANEL_SYNCHRONIZE_BUTTON} from '../applications-sync-panel/applications-sync-panel'; import {PopupManager} from '../popup/popup-manager'; +import Configuration from '../Configuration'; const NEW_APP_BUTTON: By = By.xpath('.//button[@qe-id="applications-list-button-new-app"]'); // Uncomment to use: @@ -155,45 +156,39 @@ export class ApplicationsList extends Base { // Locators - // By.css('#app .applications-tiles .applications-list-" + appName + "''); + // By.css('#app .applications-tiles .applications-list-argocd_" + appName + "''); + + private getApplicationTileSelector(appName: string): string { + return './/div[contains(@class,"qe-applications-list-' + Configuration.ARGOCD_NAMESPACE + '_' + appName + '")]'; + } private getApplicationTileLocator(appName: string): By { - return By.xpath('.//div[contains(@class,"qe-applications-list-"' + appName + ')'); + return By.xpath(this.getApplicationTileSelector(appName)); } private getSyncButtonLocatorForApp(appName: string): By { - return By.xpath('.//div[contains(@class, "qe-applications-list-' + appName + '")]//div[@class="row"]//ancestor::a[@qe-id="applications-tiles-button-sync"]'); + return By.xpath(this.getApplicationTileSelector(appName) + '//div[@class="row"]//ancestor::a[@qe-id="applications-tiles-button-sync"]'); } private getDeleteButtonLocatorForApp(appName: string): By { - return By.xpath('.//div[contains(@class, "qe-applications-list-' + appName + '")]//div[@class="row"]//ancestor::a[@qe-id="applications-tiles-button-delete"]'); + return By.xpath(this.getApplicationTileSelector(appName) + '//div[@class="row"]//ancestor::a[@qe-id="applications-tiles-button-delete"]'); } private getRefreshButtonLocatorForApp(appName: string): By { - return By.xpath('.//div[contains(@class, "qe-applications-list-' + appName + '")]//div[@class="row"]//ancestor::a[@qe-id="applications-tiles-button-refresh"]'); + return By.xpath(this.getApplicationTileSelector(appName) + '//div[@class="row"]//ancestor::a[@qe-id="applications-tiles-button-refresh"]'); } private getApplicationHealthTitle(appName: string): By { - return By.xpath( - './/div[contains(@class, "qe-applications-list-' + - appName + - '")]//div[@class="row"]//div[@qe-id="applications-tiles-health-status"]//i[@qe-id="utils-health-status-title"]' - ); + return By.xpath(this.getApplicationTileSelector(appName) + '//div[@class="row"]//div[@qe-id="applications-tiles-health-status"]//i[@qe-id="utils-health-status-title"]'); } private getApplicationSyncTitle(appName: string): By { - return By.xpath( - './/div[contains(@class, "qe-applications-list-' + - appName + - '")]//div[@class="row"]//div[@qe-id="applications-tiles-health-status"]//i[@qe-id="utils-sync-status-title"]' - ); + return By.xpath(this.getApplicationTileSelector(appName) + '//div[@class="row"]//div[@qe-id="applications-tiles-health-status"]//i[@qe-id="utils-sync-status-title"]'); } private getApplicationOperationsTitle(appName: string): By { return By.xpath( - './/div[contains(@class, "qe-applications-list-' + - appName + - '")]//div[@class="row"]//div[@qe-id="applications-tiles-health-status"]//i[@qe-id="utils-operations-status-title"]' + this.getApplicationTileSelector(appName) + '//div[@class="row"]//div[@qe-id="applications-tiles-health-status"]//i[@qe-id="utils-operations-status-title"]' ); } } diff --git a/ui-test/src/auth/login-page.ts b/ui-test/src/auth/login-page.ts new file mode 100644 index 0000000000000..29ff205cfa374 --- /dev/null +++ b/ui-test/src/auth/login-page.ts @@ -0,0 +1,28 @@ +import {By, WebDriver} from 'selenium-webdriver'; +import {Base} from '../base'; +import Configuration from '../Configuration'; +import UiTestUtilities from '../UiTestUtilities'; + +const LOGIN_FORM: By = By.css('#app .login__box form'); +const LOGIN_FORM_INPUT: By = By.css('input.argo-field'); +const LOGIN_FORM_BUTTON: By = By.css('button.argo-button'); + +export class AuthLoginPage extends Base { + public constructor(driver: WebDriver) { + super(driver); + } + + /** + * Fill login form and submit it + */ + public async loginWithCredentials() { + const loginForm = await UiTestUtilities.findUiElement(this.driver, LOGIN_FORM); + const inputs = await loginForm.findElements(LOGIN_FORM_INPUT); + const submitButton = await loginForm.findElement(LOGIN_FORM_BUTTON); + + await inputs[0].sendKeys(Configuration.ARGOCD_AUTH_USERNAME); + await inputs[1].sendKeys(Configuration.ARGOCD_AUTH_PASSWORD); + + await submitButton.click(); + } +} diff --git a/ui-test/src/navigation.ts b/ui-test/src/navigation.ts index 57588b86d464d..8baaff37e4d38 100644 --- a/ui-test/src/navigation.ts +++ b/ui-test/src/navigation.ts @@ -2,18 +2,25 @@ import {By, WebDriver} from 'selenium-webdriver'; import {ApplicationsList} from './applications-list/applications-list'; import UiTestUtilities from './UiTestUtilities'; import {Base} from './base'; +import {AuthLoginPage} from './auth/login-page'; -const NAVBAR_APPLICATIONS_BUTTON: By = By.css('#app .nav-bar .argo-icon-application'); -const NAVBAR_SETTINGS_BUTTON: By = By.css('#app .nav-bar .argo-icon-settings'); -const NAVBAR_USER_INFO_BUTTON: By = By.css('#app .nav-bar .fa-user-circle'); -const NAVBAR_DOCS_BUTTON: By = By.css('#app .nav-bar .argo-icon-docs'); +const NAVBAR_APPLICATIONS_BUTTON: By = By.css('#app .sidebar .argo-icon-application'); +const NAVBAR_SETTINGS_BUTTON: By = By.css('#app .sidebar .argo-icon-settings'); +const NAVBAR_USER_INFO_BUTTON: By = By.css('#app .sidebar .fa-user-circle'); +const NAVBAR_DOCS_BUTTON: By = By.css('#app .sidebar .argo-icon-docs'); export class Navigation extends Base { private applicationsList: ApplicationsList; + private authLoginPage: AuthLoginPage; public constructor(driver: WebDriver) { super(driver); this.applicationsList = new ApplicationsList(this.driver); + this.authLoginPage = new AuthLoginPage(this.driver); + } + + public getLoginPage(): AuthLoginPage { + return this.authLoginPage; } /** diff --git a/ui-test/src/test001.ts b/ui-test/src/test001.ts index 3db3f4d71413f..4c2fa604e3fc3 100644 --- a/ui-test/src/test001.ts +++ b/ui-test/src/test001.ts @@ -19,6 +19,10 @@ import {PopupManager} from './popup/popup-manager'; async function doTest() { const navigation = await UiTestUtilities.init(); try { + if (Configuration.ARGOCD_AUTH_USERNAME !== '') { + await navigation.getLoginPage().loginWithCredentials(); + } + const appsList: ApplicationsList = await navigation.clickApplicationsNavBarButton(); const applicationCreatePanel: ApplicationCreatePanel = await appsList.clickNewAppButton(); diff --git a/ui-test/src/test002.ts b/ui-test/src/test002.ts index 4e1f41fc05de0..f1c9e562250ca 100644 --- a/ui-test/src/test002.ts +++ b/ui-test/src/test002.ts @@ -2,6 +2,7 @@ import UiTestUtilities from './UiTestUtilities'; import {trace} from 'console'; import {ApplicationsList} from './applications-list/applications-list'; import {ApplicationCreatePanel} from './application-create-panel/application-create-panel'; +import Configuration from './Configuration'; /** * Test to demo how to visit each page via the navigation bar on the left. @@ -10,11 +11,17 @@ import {ApplicationCreatePanel} from './application-create-panel/application-cre async function doTest() { const navigation = await UiTestUtilities.init(); try { + if (Configuration.ARGOCD_AUTH_USERNAME !== '') { + await navigation.getLoginPage().loginWithCredentials(); + } + await navigation.clickDocsNavBarButton(); await navigation.clickUserInfoNavBarButton(); await navigation.clickSettingsNavBarButton(); const appsList: ApplicationsList = await navigation.clickApplicationsNavBarButton(); const applicationCreatePanel: ApplicationCreatePanel = await appsList.clickNewAppButton(); + // wait slide effect + await navigation.sleep(500); await applicationCreatePanel.clickCancelButton(); await UiTestUtilities.log('Test passed'); } catch (e) { diff --git a/ui-test/yarn.lock b/ui-test/yarn.lock index b9b2659dd9534..0a38218816a27 100644 --- a/ui-test/yarn.lock +++ b/ui-test/yarn.lock @@ -28,6 +28,23 @@ resolved "https://registry.yarnpkg.com/@bazel/runfiles/-/runfiles-6.3.1.tgz#3f8824b2d82853377799d42354b4df78ab0ace0b" integrity sha512-1uLNT5NZsUVIGS4syuHwTzZ8HycMPyr6POA3FCE4GbMtc4rhoJk8aZKtNIRthJYfL+iioppi+rTfH3olMPr9nA== +"@isaacs/cliui@^8.0.2": + version "8.0.2" + resolved "https://registry.yarnpkg.com/@isaacs/cliui/-/cliui-8.0.2.tgz#b37667b7bc181c168782259bab42474fbf52b550" + integrity sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA== + dependencies: + string-width "^5.1.2" + string-width-cjs "npm:string-width@^4.2.0" + strip-ansi "^7.0.1" + strip-ansi-cjs "npm:strip-ansi@^6.0.1" + wrap-ansi "^8.1.0" + wrap-ansi-cjs "npm:wrap-ansi@^7.0.0" + +"@pkgjs/parseargs@^0.11.0": + version "0.11.0" + resolved "https://registry.yarnpkg.com/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#a77ea742fab25775145434eb1d2328cf5013ac33" + integrity sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg== + "@testim/chrome-version@^1.1.4": version "1.1.4" resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.1.4.tgz#86e04e677cd6c05fa230dd15ac223fa72d1d7090" @@ -38,17 +55,17 @@ resolved "https://registry.yarnpkg.com/@tootallnate/quickjs-emscripten/-/quickjs-emscripten-0.23.0.tgz#db4ecfd499a9765ab24002c3b696d02e6d32a12c" integrity sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA== -"@types/mocha@^10.0.9": - version "10.0.9" - resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-10.0.9.tgz#101e9da88d2c02e5ac8952982c23b224524d662a" - integrity sha512-sicdRoWtYevwxjOHNMPTl3vSfJM6oyW8o1wXeI7uww6b6xHg8eBznQDNSGBCDJmsE8UMxP05JgZRtsKbTqt//Q== +"@types/mocha@^10.0.10": + version "10.0.10" + resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-10.0.10.tgz#91f62905e8d23cbd66225312f239454a23bebfa0" + integrity sha512-xPyYSz1cMPnJQhl0CLMH68j3gprKZaTjG3s5Vi+fDgx+uhG9NOXwbVt52eFS8ECyXhyKcjDLCBEqBExKuiZb7Q== -"@types/node@*", "@types/node@^22.8.7": - version "22.8.7" - resolved "https://registry.yarnpkg.com/@types/node/-/node-22.8.7.tgz#04ab7a073d95b4a6ee899f235d43f3c320a976f4" - integrity sha512-LidcG+2UeYIWcMuMUpBKOnryBWG/rnmOHQR5apjn8myTQcx3rinFRn7DcIFhMnS0PPFSC6OafdIKEad0lj6U0Q== +"@types/node@*", "@types/node@^22.10.2": + version "22.10.2" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.10.2.tgz#a485426e6d1fdafc7b0d4c7b24e2c78182ddabb9" + integrity sha512-Xxr6BBRCAOQixvonOye19wnzyDiUtTeqldOOmj3CkeblonbccA12PFwlufvRdrpjXxqnmUaeiU5EOA+7s5diUQ== dependencies: - undici-types "~6.19.8" + undici-types "~6.20.0" "@types/selenium-webdriver@^4.1.27": version "4.1.27" @@ -89,6 +106,11 @@ ansi-regex@^5.0.1: resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== +ansi-regex@^6.0.1: + version "6.1.0" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-6.1.0.tgz#95ec409c69619d6cb1b8b34f14b660ef28ebd654" + integrity sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA== + ansi-styles@^3.2.1: version "3.2.1" resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz" @@ -103,6 +125,11 @@ ansi-styles@^4.0.0, ansi-styles@^4.1.0: dependencies: color-convert "^2.0.1" +ansi-styles@^6.1.0: + version "6.2.1" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-6.2.1.tgz#0e62320cf99c21afff3b3012192546aacbfb05c5" + integrity sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug== + anymatch@~3.1.2: version "3.1.3" resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-3.1.3.tgz#790c58b19ba1720a84205b57c618d5ad8524973e" @@ -267,10 +294,10 @@ chokidar@^3.5.3: optionalDependencies: fsevents "~2.3.2" -chromedriver@^131.0.1: - version "131.0.1" - resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-131.0.1.tgz#bfbf47f6c2ad7a65c154ff47d321bd8c33b52a77" - integrity sha512-LHRh+oaNU1WowJjAkWsviN8pTzQYJDbv/FvJyrQ7XhjKdIzVh/s3GV1iU7IjMTsxIQnBsTjx+9jWjzCWIXC7ug== +chromedriver@^131.0.4: + version "131.0.4" + resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-131.0.4.tgz#55b161c3be229fb2f71be6e24ad174aa1e6f18a8" + integrity sha512-JgIkept8YrnqT05ldLaOzxxEJDUV1t3PFIIMO/gQz9AbnpZx7Pl1zq6tQTTz2HoY5T2JKZ5kyiEWwc48g4fJ5w== dependencies: "@testim/chrome-version" "^1.1.4" axios "^1.7.4" @@ -340,6 +367,15 @@ core-util-is@~1.0.0: resolved "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz" integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac= +cross-spawn@^7.0.0: + version "7.0.6" + resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f" + integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA== + dependencies: + path-key "^3.1.0" + shebang-command "^2.0.0" + which "^2.0.1" + data-uri-to-buffer@^6.0.2: version "6.0.2" resolved "https://registry.yarnpkg.com/data-uri-to-buffer/-/data-uri-to-buffer-6.0.2.tgz#8a58bb67384b261a38ef18bea1810cb01badd28b" @@ -418,16 +454,26 @@ diff@^5.2.0: resolved "https://registry.yarnpkg.com/diff/-/diff-5.2.0.tgz#26ded047cd1179b78b9537d5ef725503ce1ae531" integrity sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A== -dotenv@^16.4.5: - version "16.4.5" - resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.4.5.tgz#cdd3b3b604cb327e286b4762e13502f717cb099f" - integrity sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg== +dotenv@^16.4.7: + version "16.4.7" + resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.4.7.tgz#0e20c5b82950140aa99be360a8a5f52335f53c26" + integrity sha512-47qPchRCykZC03FhkYAhrvwU4xDBFIj1QPqaarj6mdM/hgUzfPHcpkHJOn3mJAufFeeAxAzeGsr5X0M4k6fLZQ== + +eastasianwidth@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb" + integrity sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA== emoji-regex@^8.0.0: version "8.0.0" resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A== +emoji-regex@^9.2.2: + version "9.2.2" + resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72" + integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== + end-of-stream@^1.1.0: version "1.4.4" resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.4.tgz#5ae64a5f45057baf3626ec14da0ca5e4b2431eb0" @@ -576,6 +622,14 @@ foreach@^2.0.5: resolved "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz" integrity sha1-C+4AUBiusmDQo6865ljdATbsG5k= +foreground-child@^3.1.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/foreground-child/-/foreground-child-3.3.0.tgz#0ac8644c06e431439f8561db8ecf29a7b5519c77" + integrity sha512-Ld2g8rrAyMYFXBhEqMz8ZAHBi4J4uS1i/CxGMDnjyFWddMXLVcDp051DZfu+t7+ab7Wv6SMqpWmyFIj5UbfFvg== + dependencies: + cross-spawn "^7.0.0" + signal-exit "^4.0.1" + form-data@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452" @@ -654,6 +708,18 @@ glob-parent@~5.1.2: dependencies: is-glob "^4.0.1" +glob@^10.4.5: + version "10.4.5" + resolved "https://registry.yarnpkg.com/glob/-/glob-10.4.5.tgz#f4d9f0b90ffdbab09c9d77f5f29b4262517b0956" + integrity sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg== + dependencies: + foreground-child "^3.1.0" + jackspeak "^3.1.2" + minimatch "^9.0.4" + minipass "^7.1.2" + package-json-from-dist "^1.0.0" + path-scurry "^1.11.1" + glob@^7.1.1: version "7.2.0" resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.0.tgz#d15535af7732e02e948f4c41628bd910293f6023" @@ -666,17 +732,6 @@ glob@^7.1.1: once "^1.3.0" path-is-absolute "^1.0.0" -glob@^8.1.0: - version "8.1.0" - resolved "https://registry.yarnpkg.com/glob/-/glob-8.1.0.tgz#d388f656593ef708ee3e34640fdfb99a9fd1c33e" - integrity sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ== - dependencies: - fs.realpath "^1.0.0" - inflight "^1.0.4" - inherits "2" - minimatch "^5.0.1" - once "^1.3.0" - gopd@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.0.1.tgz#29ff76de69dac7489b7c0918a5788e56477c332c" @@ -919,6 +974,20 @@ isarray@~1.0.0: resolved "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz" integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE= +isexe@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" + integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== + +jackspeak@^3.1.2: + version "3.4.3" + resolved "https://registry.yarnpkg.com/jackspeak/-/jackspeak-3.4.3.tgz#8833a9d89ab4acde6188942bd1c53b6390ed5a8a" + integrity sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw== + dependencies: + "@isaacs/cliui" "^8.0.2" + optionalDependencies: + "@pkgjs/parseargs" "^0.11.0" + jest-docblock@^21.0.0: version "21.2.0" resolved "https://registry.npmjs.org/jest-docblock/-/jest-docblock-21.2.0.tgz" @@ -995,6 +1064,11 @@ log-symbols@^4.1.0: chalk "^4.1.0" is-unicode-supported "^0.1.0" +lru-cache@^10.2.0: + version "10.4.3" + resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-10.4.3.tgz#410fc8a17b70e598013df257c2446b7f3383f119" + integrity sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ== + lru-cache@^7.14.1: version "7.18.3" resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-7.18.3.tgz#f793896e0fd0e954a59dfdd82f0773808df6aa89" @@ -1019,18 +1093,30 @@ minimatch@^3.0.4: dependencies: brace-expansion "^1.1.7" -minimatch@^5.0.1, minimatch@^5.1.6: +minimatch@^5.1.6: version "5.1.6" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.1.6.tgz#1cfcb8cf5522ea69952cd2af95ae09477f122a96" integrity sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g== dependencies: brace-expansion "^2.0.1" +minimatch@^9.0.4: + version "9.0.5" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-9.0.5.tgz#d74f9dd6b57d83d8e98cfb82133b03978bc929e5" + integrity sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow== + dependencies: + brace-expansion "^2.0.1" + minimist@^1.2.5: version "1.2.6" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44" integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q== +"minipass@^5.0.0 || ^6.0.2 || ^7.0.0", minipass@^7.1.2: + version "7.1.2" + resolved "https://registry.yarnpkg.com/minipass/-/minipass-7.1.2.tgz#93a9626ce5e5e66bd4db86849e7515e92340a707" + integrity sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw== + mkdirp@^0.5.3: version "0.5.5" resolved "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz" @@ -1038,10 +1124,10 @@ mkdirp@^0.5.3: dependencies: minimist "^1.2.5" -mocha@^10.7.3: - version "10.7.3" - resolved "https://registry.yarnpkg.com/mocha/-/mocha-10.7.3.tgz#ae32003cabbd52b59aece17846056a68eb4b0752" - integrity sha512-uQWxAu44wwiACGqjbPYmjo7Lg8sFrS3dQe7PP2FQI+woptP4vZXSMcfMyFL/e1yFEeEpV4RtyTpZROOKmxis+A== +mocha@^11.0.1: + version "11.0.1" + resolved "https://registry.yarnpkg.com/mocha/-/mocha-11.0.1.tgz#85c1c0e806275fe2479245be4ac4a0d81f533aa8" + integrity sha512-+3GkODfsDG71KSCQhc4IekSW+ItCK/kiez1Z28ksWvYhKXV/syxMlerR/sC7whDp7IyreZ4YxceMLdTs5hQE8A== dependencies: ansi-colors "^4.1.3" browser-stdout "^1.3.1" @@ -1050,7 +1136,7 @@ mocha@^10.7.3: diff "^5.2.0" escape-string-regexp "^4.0.0" find-up "^5.0.0" - glob "^8.1.0" + glob "^10.4.5" he "^1.2.0" js-yaml "^4.1.0" log-symbols "^4.1.0" @@ -1155,6 +1241,11 @@ pac-resolver@^7.0.0: degenerator "^5.0.0" netmask "^2.0.2" +package-json-from-dist@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz#4f1471a010827a86f94cfd9b0727e36d267de505" + integrity sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw== + pako@~1.0.2: version "1.0.11" resolved "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz" @@ -1170,11 +1261,24 @@ path-is-absolute@^1.0.0: resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f" integrity sha1-F0uSaHNVNP+8es5r9TpanhtcX18= +path-key@^3.1.0: + version "3.1.1" + resolved "https://registry.yarnpkg.com/path-key/-/path-key-3.1.1.tgz#581f6ade658cbba65a0d3380de7753295054f375" + integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== + path-parse@^1.0.6: version "1.0.7" resolved "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz" integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== +path-scurry@^1.11.1: + version "1.11.1" + resolved "https://registry.yarnpkg.com/path-scurry/-/path-scurry-1.11.1.tgz#7960a668888594a0720b12a911d1a742ab9f11d2" + integrity sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA== + dependencies: + lru-cache "^10.2.0" + minipass "^5.0.0 || ^6.0.2 || ^7.0.0" + pend@~1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50" @@ -1272,10 +1376,10 @@ safe-buffer@^5.1.0, safe-buffer@~5.1.0, safe-buffer@~5.1.1: resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== -selenium-webdriver@^4.26.0: - version "4.26.0" - resolved "https://registry.yarnpkg.com/selenium-webdriver/-/selenium-webdriver-4.26.0.tgz#23163cdad20388214a4ad17c1f38262a0857c902" - integrity sha512-nA7jMRIPV17mJmAiTDBWN96Sy0Uxrz5CCLb7bLVV6PpL417SyBMPc2Zo/uoREc2EOHlzHwHwAlFtgmSngSY4WQ== +selenium-webdriver@^4.27.0: + version "4.27.0" + resolved "https://registry.yarnpkg.com/selenium-webdriver/-/selenium-webdriver-4.27.0.tgz#f0f26ce453805e7dc77151040442c67e441dbe7a" + integrity sha512-LkTJrNz5socxpPnWPODQ2bQ65eYx9JK+DQMYNihpTjMCqHwgWGYQnQTCAAche2W3ZP87alA+1zYPvgS8tHNzMQ== dependencies: "@bazel/runfiles" "^6.3.1" jszip "^3.10.1" @@ -1311,6 +1415,23 @@ setimmediate@^1.0.5: resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285" integrity sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA== +shebang-command@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-2.0.0.tgz#ccd0af4f8835fbdc265b82461aaf0c36663f34ea" + integrity sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA== + dependencies: + shebang-regex "^3.0.0" + +shebang-regex@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172" + integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== + +signal-exit@^4.0.1: + version "4.1.0" + resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-4.1.0.tgz#952188c1cbd546070e2dd20d0f41c0ae0530cb04" + integrity sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== + smart-buffer@^4.2.0: version "4.2.0" resolved "https://registry.yarnpkg.com/smart-buffer/-/smart-buffer-4.2.0.tgz#6e1d71fa4f18c05f7d0ff216dd16a481d0e8d9ae" @@ -1348,6 +1469,15 @@ sprintf-js@~1.0.2: resolved "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz" integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw= +"string-width-cjs@npm:string-width@^4.2.0": + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + string-width@^4.1.0, string-width@^4.2.0: version "4.2.3" resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" @@ -1357,6 +1487,15 @@ string-width@^4.1.0, string-width@^4.2.0: is-fullwidth-code-point "^3.0.0" strip-ansi "^6.0.1" +string-width@^5.0.1, string-width@^5.1.2: + version "5.1.2" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-5.1.2.tgz#14f8daec6d81e7221d2a357e668cab73bdbca794" + integrity sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA== + dependencies: + eastasianwidth "^0.2.0" + emoji-regex "^9.2.2" + strip-ansi "^7.0.1" + string.prototype.trimend@^1.0.1: version "1.0.3" resolved "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.3.tgz" @@ -1380,6 +1519,13 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" +"strip-ansi-cjs@npm:strip-ansi@^6.0.1": + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" @@ -1387,6 +1533,13 @@ strip-ansi@^6.0.0, strip-ansi@^6.0.1: dependencies: ansi-regex "^5.0.1" +strip-ansi@^7.0.1: + version "7.1.0" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-7.1.0.tgz#d5b6568ca689d8561370b0707685d22434faff45" + integrity sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ== + dependencies: + ansi-regex "^6.0.1" + strip-json-comments@^3.1.1: version "3.1.1" resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006" @@ -1483,15 +1636,15 @@ tsutils@^2.29.0: dependencies: tslib "^1.8.1" -typescript@^5.6.3: - version "5.6.3" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.6.3.tgz#5f3449e31c9d94febb17de03cc081dd56d81db5b" - integrity sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw== +typescript@^5.7.2: + version "5.7.2" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.7.2.tgz#3169cf8c4c8a828cde53ba9ecb3d2b1d5dd67be6" + integrity sha512-i5t66RHxDvVN40HfDd1PsEThGNnlMCMT3jMUuoh9/0TaqWevNontacunWyN02LA9/fIbEWlcHZcgTKb9QoaLfg== -undici-types@~6.19.8: - version "6.19.8" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.19.8.tgz#35111c9d1437ab83a7cdc0abae2f26d88eda0a02" - integrity sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw== +undici-types@~6.20.0: + version "6.20.0" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.20.0.tgz#8171bf22c1f588d1554d55bf204bc624af388433" + integrity sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg== universalify@^2.0.0: version "2.0.1" @@ -1527,11 +1680,27 @@ which-typed-array@^1.1.2: has-symbols "^1.0.1" is-typed-array "^1.1.3" +which@^2.0.1: + version "2.0.2" + resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1" + integrity sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== + dependencies: + isexe "^2.0.0" + workerpool@^6.5.1: version "6.5.1" resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.5.1.tgz#060f73b39d0caf97c6db64da004cd01b4c099544" integrity sha512-Fs4dNYcsdpYSAfVxhnl1L5zTksjvOJxtC5hzMNl+1t9B8hTJTdKDyZ5ju7ztgPy+ft9tBFXoOlDNiOT9WUXZlA== +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + wrap-ansi@^7.0.0: version "7.0.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" @@ -1541,6 +1710,15 @@ wrap-ansi@^7.0.0: string-width "^4.1.0" strip-ansi "^6.0.0" +wrap-ansi@^8.1.0: + version "8.1.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214" + integrity sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ== + dependencies: + ansi-styles "^6.1.0" + string-width "^5.0.1" + strip-ansi "^7.0.1" + wrappy@1: version "1.0.2" resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" diff --git a/ui/jest.config.js b/ui/jest.config.js index 524b493f546fc..a34122d0a46da 100644 --- a/ui/jest.config.js +++ b/ui/jest.config.js @@ -4,11 +4,13 @@ module.exports = { reporters: ['default', 'jest-junit'], collectCoverage: true, transformIgnorePatterns: ['node_modules/(?!(argo-ui)/)'], - globals: { - 'self': {}, - 'ts-jest': { + transform: { + '^.+\\.tsx?$': ['ts-jest', { isolatedModules: true, - }, + }] + }, + globals: { + 'self': {} }, moduleNameMapper: { // https://github.com/facebook/jest/issues/3094 diff --git a/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap b/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap index f580fd6f66b35..81af34d623984 100644 --- a/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap +++ b/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap @@ -290,7 +290,7 @@ exports[`ResourceResultIcon.Hook.Terminating 1`] = ` exports[`ResourceResultIcon.Pruned 1`] = ` = { }, spec: { destination: { - name: '', + name: undefined, namespace: '', - server: '' + server: undefined }, source: { path: '', @@ -108,18 +108,18 @@ export const ApplicationCreatePanel = (props: { }) => { const [yamlMode, setYamlMode] = React.useState(false); const [explicitPathType, setExplicitPathType] = React.useState<{path: string; type: models.AppSourceType}>(null); - const [destFormat, setDestFormat] = React.useState('URL'); const [retry, setRetry] = React.useState(false); const app = deepMerge(DEFAULT_APP, props.app || {}); const debouncedOnAppChanged = debounce(props.onAppChanged, 800); + const [destinationFieldChanges, setDestinationFieldChanges] = React.useState({destFormat: 'URL', destFormatChanged: null}); + const comboSwitchedFromPanel = React.useRef(false); + let destinationComboValue = destinationFieldChanges.destFormat; React.useEffect(() => { - if (app?.spec?.destination?.name && app.spec.destination.name !== '') { - setDestFormat('NAME'); - } else { - setDestFormat('URL'); - } + comboSwitchedFromPanel.current = false; + }, []); + React.useEffect(() => { return () => { debouncedOnAppChanged.cancel(); }; @@ -135,6 +135,41 @@ export const ApplicationCreatePanel = (props: { formApi.setAllValues(appToNormalize); } + const currentName = app.spec.destination.name; + const currentServer = app.spec.destination.server; + if (destinationFieldChanges.destFormatChanged !== null) { + if (destinationComboValue == 'NAME') { + if (currentName === undefined && currentServer !== undefined && comboSwitchedFromPanel.current === false) { + destinationComboValue = 'URL'; + } else { + delete app.spec.destination.server; + if (currentName === undefined) { + app.spec.destination.name = ''; + } + } + } else { + if (currentServer === undefined && currentName !== undefined && comboSwitchedFromPanel.current === false) { + destinationComboValue = 'NAME'; + } else { + delete app.spec.destination.name; + if (currentServer === undefined) { + app.spec.destination.server = ''; + } + } + } + } else { + if (currentName === undefined && currentServer === undefined) { + destinationComboValue = destinationFieldChanges.destFormat; + app.spec.destination.server = ''; + } else { + if (currentName != undefined) { + destinationComboValue = 'NAME'; + } else { + destinationComboValue = 'URL'; + } + } + } + return (

    DESTINATION

    - {(destFormat.toUpperCase() === 'URL' && ( + {(destinationComboValue.toUpperCase() === 'URL' && (
    (

    - {destFormat} + {destinationComboValue}

    )} qeId='application-create-dropdown-destination' items={['URL', 'NAME'].map((type: 'URL' | 'NAME') => ({ title: type, action: () => { - if (destFormat !== type) { - const updatedApp = api.getFormState().values as models.Application; - if (type === 'URL') { - delete updatedApp.spec.destination.name; - } else { - delete updatedApp.spec.destination.server; - } - api.setAllValues(updatedApp); - setDestFormat(type); + if (destinationComboValue !== type) { + destinationComboValue = type; + comboSwitchedFromPanel.current = true; + setDestinationFieldChanges({destFormat: type, destFormatChanged: 'changed'}); } } }))} diff --git a/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx b/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx index 2b25eaead14e4..41fe11fe63ca8 100644 --- a/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx +++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx @@ -120,6 +120,7 @@ export const ApplicationDeploymentHistoryDetails = ({app, info, index}: props) = spec: {...app.spec, source: recentDeployments[index].source} }} details={details} + tempSource={{...recentDeployments[index].source, targetRevision: recentDeployments[index].revision}} />
    )} @@ -188,6 +189,7 @@ export const ApplicationDeploymentHistoryDetails = ({app, info, index}: props) = spec: {...app.spec, source} }} details={details} + tempSource={{...source, targetRevision: recentDeployments[index].revisions[i]}} /> )} diff --git a/ui/src/app/applications/components/application-details/application-details.tsx b/ui/src/app/applications/components/application-details/application-details.tsx index 83a68089f7485..3955f45d6f8fd 100644 --- a/ui/src/app/applications/components/application-details/application-details.tsx +++ b/ui/src/app/applications/components/application-details/application-details.tsx @@ -31,6 +31,7 @@ import {useSidebarTarget} from '../../../sidebar/sidebar'; import './application-details.scss'; import {TopBarActionMenuExt, AppViewExtension, StatusPanelExtension} from '../../../shared/services/extensions-service'; +import {ApplicationHydrateOperationState} from '../application-hydrate-operation-state/application-hydrate-operation-state'; interface ApplicationDetailsState { page: number; @@ -140,6 +141,10 @@ export class ApplicationDetails extends React.Component this.selectNode(appFullName, 0, 'diff')} showOperation={() => this.setOperationStatusVisible(true)} + showHydrateOperation={() => this.setHydrateOperationStatusVisible(true)} showConditions={() => this.setConditionsStatusVisible(true)} showExtension={id => this.setExtensionPanelVisible(id)} showMetadataInfo={revision => this.setState({...this.state, revision})} @@ -881,6 +888,11 @@ export class ApplicationDetails extends React.Component this.setOperationStatusVisible(false)}> {operationState && } + this.setHydrateOperationStatusVisible(false)}> + {hydrateOperationState && } + this.setConditionsStatusVisible(false)}> {conditions && } @@ -938,19 +950,21 @@ export class ApplicationDetails extends React.Component, action: () => this.selectNode(fullName), - disabled: !app.spec.source && (!app.spec.sources || app.spec.sources.length === 0) + disabled: !app.spec.source && (!app.spec.sources || app.spec.sources.length === 0) && !app.spec.sourceHydrator }, { iconClassName: 'fa fa-file-medical', title: , action: () => this.selectNode(fullName, 0, 'diff'), - disabled: app.status.sync.status === appModels.SyncStatuses.Synced || (!app.spec.source && (!app.spec.sources || app.spec.sources.length === 0)) + disabled: + app.status.sync.status === appModels.SyncStatuses.Synced || + (!app.spec.source && (!app.spec.sources || app.spec.sources.length === 0) && !app.spec.sourceHydrator) }, { iconClassName: 'fa fa-sync', title: , action: () => AppUtils.showDeploy('all', null, this.appContext.apis), - disabled: !app.spec.source && (!app.spec.sources || app.spec.sources.length === 0) + disabled: !app.spec.source && (!app.spec.sources || app.spec.sources.length === 0) && !app.spec.sourceHydrator }, ...(app.status?.operationState?.phase === 'Running' && app.status.resources.find(r => r.requiresDeletionConfirmation) ? [ @@ -1157,6 +1171,10 @@ export class ApplicationDetails extends React.Component { }; return ( - + {ResourceFilter({label: 'NAME', prefix: 'name', options: names.map(toOption), field: true})} {ResourceFilter({ label: 'KINDS', diff --git a/ui/src/app/applications/components/application-hydrate-operation-state/application-hydrate-operation-state.scss b/ui/src/app/applications/components/application-hydrate-operation-state/application-hydrate-operation-state.scss new file mode 100644 index 0000000000000..ca6959cf5d0a0 --- /dev/null +++ b/ui/src/app/applications/components/application-hydrate-operation-state/application-hydrate-operation-state.scss @@ -0,0 +1,18 @@ +.application-operation-state { + &__icons_container { + position: absolute; + left: 0; + } + + &__icons_container_padding { + left: 15px; + position: relative; + } + + &__message { + white-space: normal; + line-height: 16px; + display: inline-block; + vertical-align: middle; + } +} diff --git a/ui/src/app/applications/components/application-hydrate-operation-state/application-hydrate-operation-state.tsx b/ui/src/app/applications/components/application-hydrate-operation-state/application-hydrate-operation-state.tsx new file mode 100644 index 0000000000000..4c9171ad17dac --- /dev/null +++ b/ui/src/app/applications/components/application-hydrate-operation-state/application-hydrate-operation-state.tsx @@ -0,0 +1,76 @@ +import {Duration, Ticker} from 'argo-ui'; +import * as moment from 'moment'; +import * as PropTypes from 'prop-types'; +import * as React from 'react'; + +import {Revision, Timestamp} from '../../../shared/components'; +import * as models from '../../../shared/models'; + +import './application-hydrate-operation-state.scss'; + +interface Props { + hydrateOperationState: models.HydrateOperation; +} + +export const ApplicationHydrateOperationState: React.FunctionComponent = ({hydrateOperationState}) => { + const operationAttributes = [ + {title: 'PHASE', value: hydrateOperationState.phase}, + ...(hydrateOperationState.message ? [{title: 'MESSAGE', value: hydrateOperationState.message}] : []), + {title: 'STARTED AT', value: }, + { + title: 'DURATION', + value: ( + + {time => ( + + )} + + ) + } + ]; + + if (hydrateOperationState.finishedAt && hydrateOperationState.phase !== 'Hydrating') { + operationAttributes.push({title: 'FINISHED AT', value: }); + } + operationAttributes.push({ + title: 'DRY REVISION', + value: ( +
    + +
    + ) + }); + if (hydrateOperationState.finishedAt) { + operationAttributes.push({ + title: 'HYDRATED REVISION', + value: ( +
    + +
    + ) + }); + } + return ( +
    +
    +
    + {operationAttributes.map(attr => ( +
    +
    {attr.title}
    +
    {attr.value}
    +
    + ))} +
    +
    +
    + ); +}; + +ApplicationHydrateOperationState.contextTypes = { + apis: PropTypes.object +}; diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.tsx b/ui/src/app/applications/components/application-node-info/application-node-info.tsx index 893172296c4fb..e98a56aaf14b0 100644 --- a/ui/src/app/applications/components/application-node-info/application-node-info.tsx +++ b/ui/src/app/applications/components/application-node-info/application-node-info.tsx @@ -12,6 +12,7 @@ import {ApplicationResourcesDiff} from '../application-resources-diff/applicatio import {ComparisonStatusIcon, formatCreationTimestamp, getPodReadinessGatesState, getPodStateReason, HealthStatusIcon} from '../utils'; import './application-node-info.scss'; import {ReadinessGatesNotPassedWarning} from './readiness-gates-not-passed-warning'; +import Moment from 'react-moment'; const RenderContainerState = (props: {container: any}) => { const state = (props.container.state?.waiting && 'waiting') || (props.container.state?.terminated && 'terminated') || (props.container.state?.running && 'running'); @@ -69,7 +70,13 @@ const RenderContainerState = (props: {container: any}) => { {lastState && ( <> <> - The container last terminated with exit code {lastState?.exitCode} + The container last terminated{' '} + + + {lastState.finishedAt} + {' '} + ago with exit code {lastState?.exitCode} + {lastState?.reason && ' because of '} diff --git a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx index 37c22cfed267c..20c02bbfb04f9 100644 --- a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx +++ b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx @@ -16,6 +16,7 @@ interface Props { operationState: models.OperationState; } const buildResourceUniqueId = (res: Omit) => `${res.group}-${res.kind}-${res.version}-${res.namespace}-${res.name}`; +const FilterableMessageStatuses = ['configured', 'unchanged']; const Filter = (props: {filters: string[]; setFilters: (f: string[]) => void; options: string[]; title: string; style?: React.CSSProperties}) => { const {filters, setFilters, options, title, style} = props; @@ -52,6 +53,8 @@ const Filter = (props: {filters: string[]; setFilters: (f: string[]) => void; op }; export const ApplicationOperationState: React.StatelessComponent = ({application, operationState}, ctx: AppContext) => { + const [messageFilters, setMessageFilters] = React.useState([]); + const operationAttributes = [ {title: 'OPERATION', value: utils.getOperationType(application)}, {title: 'PHASE', value: operationState.phase}, @@ -166,7 +169,7 @@ export const ApplicationOperationState: React.StatelessComponent = ({appl if (combinedHealthSyncResult && combinedHealthSyncResult.length > 0) { filtered = combinedHealthSyncResult.filter(r => { - if (filters.length === 0 && healthFilters.length === 0) { + if (filters.length === 0 && healthFilters.length === 0 && messageFilters.length === 0) { return true; } @@ -179,6 +182,10 @@ export const ApplicationOperationState: React.StatelessComponent = ({appl pass = false; } + if (pass && messageFilters.length !== 0) { + pass = messageFilters.some(filter => r.message?.toLowerCase().includes(filter.toLowerCase())); + } + return pass; }); } @@ -203,6 +210,7 @@ export const ApplicationOperationState: React.StatelessComponent = ({appl +
    diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.scss b/ui/src/app/applications/components/application-status-panel/application-status-panel.scss index e96c29624d5d1..5abceda464f31 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.scss +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.scss @@ -181,6 +181,10 @@ } } + &__hydrator-link { + width: 134px; + } + &__item-name { margin: auto 0; max-width: $row-width; diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx index ee76418546a4e..43789bcd6b976 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx @@ -5,7 +5,15 @@ import {Revision} from '../../../shared/components/revision'; import {Timestamp} from '../../../shared/components/timestamp'; import * as models from '../../../shared/models'; import {services} from '../../../shared/services'; -import {ApplicationSyncWindowStatusIcon, ComparisonStatusIcon, getAppDefaultSource, getAppDefaultSyncRevisionExtra, getAppOperationState} from '../utils'; +import { + ApplicationSyncWindowStatusIcon, + ComparisonStatusIcon, + getAppDefaultSource, + getAppDefaultSyncRevisionExtra, + getAppOperationState, + HydrateOperationPhaseIcon, + hydrationStatusMessage +} from '../utils'; import {getConditionCategory, HealthStatusIcon, OperationState, syncStatusMessage, getAppDefaultSyncRevision, getAppDefaultOperationSyncRevision} from '../utils'; import {RevisionMetadataPanel} from './revision-metadata-panel'; import * as utils from '../utils'; @@ -16,6 +24,7 @@ interface Props { application: models.Application; showDiff?: () => any; showOperation?: () => any; + showHydrateOperation?: () => any; showConditions?: () => any; showExtension?: (id: string) => any; showMetadataInfo?: (revision: string) => any; @@ -46,7 +55,7 @@ const sectionHeader = (info: SectionInfo, onClick?: () => any) => { ); }; -export const ApplicationStatusPanel = ({application, showDiff, showOperation, showConditions, showExtension, showMetadataInfo}: Props) => { +export const ApplicationStatusPanel = ({application, showDiff, showOperation, showHydrateOperation, showConditions, showExtension, showMetadataInfo}: Props) => { const today = new Date(); let daysSinceLastSynchronized = 0; @@ -84,6 +93,40 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
    {application.status.health.message &&
    {application.status.health.message}
    }
    + {application.spec.sourceHydrator && application.status?.sourceHydrator?.currentOperation && ( +
    +
    + {sectionLabel({ + title: 'SOURCE HYDRATOR', + helpContent: 'The source hydrator reads manifests from git, hydrates (renders) them, and pushes them to a different location in git.' + })} +
    + +
    + {application.status.sourceHydrator.currentOperation.phase}{' '} + +
    + {application.status.sourceHydrator.currentOperation.message && ( +
    {application.status.sourceHydrator.currentOperation.message}
    + )} +
    + +
    +
    + )}
    {sectionHeader( @@ -117,7 +160,7 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh diff --git a/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx b/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx index 085958d0f1cf5..1816ae9e86552 100644 --- a/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx @@ -8,7 +8,10 @@ export const RevisionMetadataPanel = (props: {appName: string; appNamespace: str return ; } return ( - services.applications.revisionMetadata(props.appName, props.appNamespace, props.revision, 0, props.versionId)} errorRenderer={() =>
    }> + services.applications.revisionMetadata(props.appName, props.appNamespace, props.revision, 0, props.versionId)} + errorRenderer={() =>
    }> {m => ( ( export const ApplicationsFilter = (props: AppFilterProps) => { return ( - + diff --git a/ui/src/app/applications/components/filter/filter.scss b/ui/src/app/applications/components/filter/filter.scss index 94060b2377b2b..9aa48bb91e06c 100644 --- a/ui/src/app/applications/components/filter/filter.scss +++ b/ui/src/app/applications/components/filter/filter.scss @@ -107,6 +107,15 @@ $slate: #191826; color: $argo-color-gray-6; } + .filters-group__title { + border-bottom: 1px solid; + width: 100%; + text-align: center; + padding: 0 5px; + margin: 0.15em 0; + color: #818d94; + } + .fa-filter { float: left; margin-right: 1em; diff --git a/ui/src/app/applications/components/filter/filter.tsx b/ui/src/app/applications/components/filter/filter.tsx index c0ef2268170c8..67e34e2c9951f 100644 --- a/ui/src/app/applications/components/filter/filter.tsx +++ b/ui/src/app/applications/components/filter/filter.tsx @@ -52,10 +52,18 @@ export const CheckboxRow = (props: {value: boolean; onChange?: (value: boolean) ); }; -export const FiltersGroup = (props: {children?: React.ReactNode; content: React.ReactNode; appliedFilter?: string[]; onClearFilter?: () => void; collapsed?: boolean}) => { +export const FiltersGroup = (props: { + children?: React.ReactNode; + content: React.ReactNode; + appliedFilter?: string[]; + onClearFilter?: () => void; + collapsed?: boolean; + title?: string; +}) => { return ( !props.collapsed && (
    + {props.title &&
    {props.title}
    } {props.appliedFilter?.length > 0 && props.onClearFilter && (
    )} - items={[{title: 'Remove', action: () => this.removeRepoCreds(repo.url)}]} + items={[ + { + title: 'Remove', + action: () => this.removeRepoCreds(repo.url, false) + } + ]} />
    @@ -400,6 +429,129 @@ export class ReposList extends React.Component< }
    + {this.state.authSettings?.hydratorEnabled && ( +
    + services.repos.listWrite()} ref={loader => (this.repoLoader = loader)}> + {(repos: models.Repository[]) => + (repos.length > 0 && ( +
    +
    +
    +
    +
    TYPE
    +
    NAME
    +
    PROJECT
    +
    REPOSITORY
    +
    CONNECTION STATUS
    +
    +
    + {repos.map(repo => ( +
    (this.isRepoUpdatable(repo) ? this.displayEditSliding(repo) : null)}> +
    +
    + +
    +
    write
    +
    + + {repo.name} + +
    +
    + + {repo.project} + +
    +
    + + + + + +
    +
    + {repo.connectionState.status} + ( + + )} + items={[ + { + title: 'Create application', + action: () => + this.appContext.apis.navigation.goto('/applications', { + new: JSON.stringify({spec: {sourceHydrator: {drySource: {repoURL: repo.repo}}}}) + }) + }, + { + title: 'Disconnect', + action: () => this.disconnectRepo(repo.repo, repo.project, true) + } + ]} + /> +
    +
    +
    + ))} +
    + )) || ( + +

    No repositories connected

    +
    Connect your repo to deploy apps.
    +     + ) + } + +
    + )} + {this.state.authSettings?.hydratorEnabled && ( +
    + services.repocreds.listWrite()} ref={loader => (this.credsLoader = loader)}> + {(creds: models.RepoCreds[]) => + creds.length > 0 && ( +
    +
    +
    +
    CREDENTIALS TEMPLATE URL
    +
    CREDS
    +
    +
    + {creds.map(repo => ( +
    +
    +
    + +
    +
    + - + ( + + )} + items={[ + { + title: 'Remove', + action: () => this.removeRepoCreds(repo.url, true) + } + ]} + /> +
    +
    +
    + ))} +
    + ) + } +     +
    + )}
    this.onValidateErrors(values)}> {formApi => (
    - {this.state.method === ConnectionMethod.SSH && ( + {this.state.authSettings?.hydratorEnabled && (
    -

    CONNECT REPO USING SSH

    -
    - -
    +

    SAVE AS WRITE CREDENTIAL (ALPHA)

    +

    + The Source Hydrator is an Alpha feature which enables Applications to push hydrated manifests to git before syncing. To use + the Source Hydrator for a repository, you must save two credentials: a read credential for pulling manifests and a write + credential for pushing hydrated manifests. If you add a write credential for a repository, then{' '} + any Application that can sync from the repo can also push hydrated manifests to that repo. Do not use this + feature until you've read its documentation and understand the security implications. +

    - +
    +
    + )} + {this.state.method === ConnectionMethod.SSH && ( +
    +

    CONNECT REPO USING SSH

    + {formApi.getFormState().values.write === false && ( +
    + +
    + )} + {formApi.getFormState().values.write === false && ( +
    + +
    + )}
    @@ -452,10 +623,12 @@ export class ReposList extends React.Component<
    -
    - - -
    + {formApi.getFormState().values.write === false && ( +
    + + +
    + )}
    @@ -480,15 +653,17 @@ export class ReposList extends React.Component< />
    )} -
    - -
    + {formApi.getFormState().values.write === false && ( +
    + +
    + )}
    @@ -706,11 +881,15 @@ export class ReposList extends React.Component< // Connect a new repository or create a repository credentials for SSH repositories private async connectSSHRepo(params: NewSSHRepoParams) { if (this.credsTemplate) { - this.createSSHCreds({url: params.url, sshPrivateKey: params.sshPrivateKey}); + this.createSSHCreds({url: params.url, sshPrivateKey: params.sshPrivateKey, write: params.write}); } else { this.setState({connecting: true}); try { - await services.repos.createSSH(params); + if (params.write) { + await services.repos.createSSHWrite(params); + } else { + await services.repos.createSSH(params); + } this.repoLoader.reload(); this.showConnectRepo = false; } catch (e) { @@ -736,12 +915,17 @@ export class ReposList extends React.Component< proxy: params.proxy, noProxy: params.noProxy, forceHttpBasicAuth: params.forceHttpBasicAuth, - enableOCI: params.enableOCI + enableOCI: params.enableOCI, + write: params.write }); } else { this.setState({connecting: true}); try { - await services.repos.createHTTPS(params); + if (params.write) { + await services.repos.createHTTPSWrite(params); + } else { + await services.repos.createHTTPS(params); + } this.repoLoader.reload(); this.showConnectRepo = false; } catch (e) { @@ -758,7 +942,11 @@ export class ReposList extends React.Component< // Update an existing repository for HTTPS repositories private async updateHTTPSRepo(params: NewHTTPSRepoParams) { try { - await services.repos.updateHTTPS(params); + if (params.write) { + await services.repos.updateHTTPSWrite(params); + } else { + await services.repos.updateHTTPS(params); + } this.repoLoader.reload(); this.setState({displayEditPanel: false}); this.refreshRepoList(params.url); @@ -784,12 +972,17 @@ export class ReposList extends React.Component< tlsClientCertData: params.tlsClientCertData, tlsClientCertKey: params.tlsClientCertKey, proxy: params.proxy, - noProxy: params.noProxy + noProxy: params.noProxy, + write: params.write }); } else { this.setState({connecting: true}); try { - await services.repos.createGitHubApp(params); + if (params.write) { + await services.repos.createGitHubAppWrite(params); + } else { + await services.repos.createGitHubApp(params); + } this.repoLoader.reload(); this.showConnectRepo = false; } catch (e) { @@ -808,12 +1001,17 @@ export class ReposList extends React.Component< if (this.credsTemplate) { this.createGoogleCloudSourceCreds({ url: params.url, - gcpServiceAccountKey: params.gcpServiceAccountKey + gcpServiceAccountKey: params.gcpServiceAccountKey, + write: params.write }); } else { this.setState({connecting: true}); try { - await services.repos.createGoogleCloudSource(params); + if (params.write) { + await services.repos.createGoogleCloudSourceWrite(params); + } else { + await services.repos.createGoogleCloudSource(params); + } this.repoLoader.reload(); this.showConnectRepo = false; } catch (e) { @@ -829,7 +1027,11 @@ export class ReposList extends React.Component< private async createHTTPSCreds(params: NewHTTPSRepoCredsParams) { try { - await services.repocreds.createHTTPS(params); + if (params.write) { + await services.repocreds.createHTTPSWrite(params); + } else { + await services.repocreds.createHTTPS(params); + } this.credsLoader.reload(); this.showConnectRepo = false; } catch (e) { @@ -842,7 +1044,11 @@ export class ReposList extends React.Component< private async createSSHCreds(params: NewSSHRepoCredsParams) { try { - await services.repocreds.createSSH(params); + if (params.write) { + await services.repocreds.createSSHWrite(params); + } else { + await services.repocreds.createSSH(params); + } this.credsLoader.reload(); this.showConnectRepo = false; } catch (e) { @@ -855,7 +1061,11 @@ export class ReposList extends React.Component< private async createGitHubAppCreds(params: NewGitHubAppRepoCredsParams) { try { - await services.repocreds.createGitHubApp(params); + if (params.write) { + await services.repocreds.createGitHubAppWrite(params); + } else { + await services.repocreds.createGitHubApp(params); + } this.credsLoader.reload(); this.showConnectRepo = false; } catch (e) { @@ -868,7 +1078,11 @@ export class ReposList extends React.Component< private async createGoogleCloudSourceCreds(params: NewGoogleCloudSourceRepoCredsParams) { try { - await services.repocreds.createGoogleCloudSource(params); + if (params.write) { + await services.repocreds.createGoogleCloudSourceWrite(params); + } else { + await services.repocreds.createGoogleCloudSource(params); + } this.credsLoader.reload(); this.showConnectRepo = false; } catch (e) { @@ -880,11 +1094,15 @@ export class ReposList extends React.Component< } // Remove a repository from the configuration - private async disconnectRepo(repo: string, project: string) { + private async disconnectRepo(repo: string, project: string, write: boolean) { const confirmed = await this.appContext.apis.popup.confirm('Disconnect repository', `Are you sure you want to disconnect '${repo}'?`); if (confirmed) { try { - await services.repos.delete(repo, project || ''); + if (write) { + await services.repos.deleteWrite(repo, project || ''); + } else { + await services.repos.delete(repo, project || ''); + } this.repoLoader.reload(); } catch (e) { this.appContext.apis.notifications.show({ @@ -896,11 +1114,15 @@ export class ReposList extends React.Component< } // Remove repository credentials from the configuration - private async removeRepoCreds(url: string) { + private async removeRepoCreds(url: string, write: boolean) { const confirmed = await this.appContext.apis.popup.confirm('Remove repository credentials', `Are you sure you want to remove credentials for URL prefix '${url}'?`); if (confirmed) { try { - await services.repocreds.delete(url); + if (write) { + await services.repocreds.deleteWrite(url); + } else { + await services.repocreds.delete(url); + } this.credsLoader.reload(); } catch (e) { this.appContext.apis.notifications.show({ diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts index 7d77bff2aab76..eb65f370b011f 100644 --- a/ui/src/app/shared/models.ts +++ b/ui/src/app/shared/models.ts @@ -214,6 +214,27 @@ export interface ApplicationSource { name?: string; } +export interface SourceHydrator { + drySource: DrySource; + syncSource: SyncSource; + hydrateTo?: HydrateTo; +} + +export interface DrySource { + repoURL: string; + targetRevision: string; + path: string; +} + +export interface SyncSource { + targetBranch: string; + path: string; +} + +export interface HydrateTo { + targetBranch: string; +} + export interface ApplicationSourceHelm { valueFiles: string[]; values?: string; @@ -285,6 +306,7 @@ export interface ApplicationSpec { project: string; source: ApplicationSource; sources: ApplicationSource[]; + sourceHydrator?: SourceHydrator; destination: ApplicationDestination; syncPolicy?: SyncPolicy; ignoreDifferences?: ResourceIgnoreDifferences[]; @@ -445,8 +467,38 @@ export interface ApplicationStatus { health: HealthStatus; operationState?: OperationState; summary?: ApplicationSummary; + sourceHydrator?: SourceHydratorStatus; } +export interface SourceHydratorStatus { + lastSuccessfulOperation?: SuccessfulHydrateOperation; + currentOperation?: HydrateOperation; +} + +export interface HydrateOperation { + startedAt: models.Time; + finishedAt?: models.Time; + phase: HydrateOperationPhase; + message: string; + drySHA: string; + hydratedSHA: string; + sourceHydrator: SourceHydrator; +} + +export interface SuccessfulHydrateOperation { + drySHA: string; + hydratedSHA: string; + sourceHydrator: SourceHydrator; +} + +export type HydrateOperationPhase = 'Hydrating' | 'Failed' | 'Hydrated'; + +export const HydrateOperationPhases = { + Hydrating: 'Hydrating' as OperationPhase, + Failed: 'Failed' as OperationPhase, + Hydrated: 'Hydrated' as OperationPhase +}; + export interface JwtTokens { items: JwtToken[]; } @@ -504,6 +556,7 @@ export interface AuthSettings { uiBannerPosition: string; execEnabled: boolean; appsInAnyNamespaceEnabled: boolean; + hydratorEnabled: boolean; } export interface UserInfo { diff --git a/ui/src/app/shared/services/repo-service.ts b/ui/src/app/shared/services/repo-service.ts index 48fb8308eab38..f28a0d156d4a3 100644 --- a/ui/src/app/shared/services/repo-service.ts +++ b/ui/src/app/shared/services/repo-service.ts @@ -1,6 +1,62 @@ import * as models from '../models'; import requests from './requests'; +export interface HTTPSQuery { + type: string; + name: string; + url: string; + username: string; + password: string; + tlsClientCertData: string; + tlsClientCertKey: string; + insecure: boolean; + enableLfs: boolean; + proxy: string; + noProxy: string; + project?: string; + forceHttpBasicAuth?: boolean; + enableOCI: boolean; +} + +export interface SSHQuery { + type: string; + name: string; + url: string; + sshPrivateKey: string; + insecure: boolean; + enableLfs: boolean; + proxy: string; + noProxy: string; + project?: string; +} + +export interface GitHubAppQuery { + type: string; + name: string; + url: string; + githubAppPrivateKey: string; + githubAppId: bigint; + githubAppInstallationId: bigint; + githubAppEnterpriseBaseURL: string; + tlsClientCertData: string; + tlsClientCertKey: string; + insecure: boolean; + enableLfs: boolean; + proxy: string; + noProxy: string; + project?: string; +} + +export interface GoogleCloudSourceQuery { + type: string; + name: string; + url: string; + gcpServiceAccountKey: string; + proxy: string; + noProxy: string; + project?: string; +} + export class RepositoriesService { public list(): Promise { return requests @@ -9,6 +65,13 @@ export class RepositoriesService { .then(list => list.items || []); } + public listWrite(): Promise { + return requests + .get(`/write-repositories`) + .then(res => res.body as models.RepositoryList) + .then(list => list.items || []); + } + public listNoCache(): Promise { return requests .get(`/repositories?forceRefresh=true`) @@ -16,186 +79,205 @@ export class RepositoriesService { .then(list => list.items || []); } - public createHTTPS({ - type, - name, - url, - username, - password, - tlsClientCertData, - tlsClientCertKey, - insecure, - enableLfs, - proxy, - noProxy, - project, - forceHttpBasicAuth, - enableOCI - }: { - type: string; - name: string; - url: string; - username: string; - password: string; - tlsClientCertData: string; - tlsClientCertKey: string; - insecure: boolean; - enableLfs: boolean; - proxy: string; - noProxy: string; - project?: string; - forceHttpBasicAuth?: boolean; - enableOCI: boolean; - }): Promise { + public listWriteNoCache(): Promise { + return requests + .get(`/write-repositories?forceRefresh=true`) + .then(res => res.body as models.RepositoryList) + .then(list => list.items || []); + } + + public createHTTPS(q: HTTPSQuery): Promise { return requests .post('/repositories') - .send({type, name, repo: url, username, password, tlsClientCertData, tlsClientCertKey, insecure, enableLfs, proxy, noProxy, project, forceHttpBasicAuth, enableOCI}) + .send({ + type: q.type, + name: q.name, + repo: q.url, + username: q.username, + password: q.password, + tlsClientCertData: q.tlsClientCertData, + tlsClientCertKey: q.tlsClientCertKey, + insecure: q.insecure, + enableLfs: q.enableLfs, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project, + forceHttpBasicAuth: q.forceHttpBasicAuth, + enableOCI: q.enableOCI + }) + .then(res => res.body as models.Repository); + } + + public createHTTPSWrite(q: HTTPSQuery): Promise { + return requests + .post('/write-repositories') + .send({ + type: q.type, + name: q.name, + repo: q.url, + username: q.username, + password: q.password, + tlsClientCertData: q.tlsClientCertData, + tlsClientCertKey: q.tlsClientCertKey, + insecure: q.insecure, + enableLfs: q.enableLfs, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project, + forceHttpBasicAuth: q.forceHttpBasicAuth, + enableOCI: q.enableOCI + }) + .then(res => res.body as models.Repository); + } + + public updateHTTPS(q: HTTPSQuery): Promise { + return requests + .put(`/repositories/${encodeURIComponent(q.url)}`) + .send({ + type: q.type, + name: q.name, + repo: q.url, + username: q.username, + password: q.password, + tlsClientCertData: q.tlsClientCertData, + tlsClientCertKey: q.tlsClientCertKey, + insecure: q.insecure, + enableLfs: q.enableLfs, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project, + forceHttpBasicAuth: q.forceHttpBasicAuth, + enableOCI: q.enableOCI + }) .then(res => res.body as models.Repository); } - public updateHTTPS({ - type, - name, - url, - username, - password, - tlsClientCertData, - tlsClientCertKey, - insecure, - enableLfs, - proxy, - noProxy, - project, - forceHttpBasicAuth, - enableOCI - }: { - type: string; - name: string; - url: string; - username: string; - password: string; - tlsClientCertData: string; - tlsClientCertKey: string; - insecure: boolean; - enableLfs: boolean; - proxy: string; - noProxy: string; - project?: string; - forceHttpBasicAuth?: boolean; - enableOCI: boolean; - }): Promise { - return requests - .put(`/repositories/${encodeURIComponent(url)}`) - .send({type, name, repo: url, username, password, tlsClientCertData, tlsClientCertKey, insecure, enableLfs, proxy, noProxy, project, forceHttpBasicAuth, enableOCI}) + public updateHTTPSWrite(q: HTTPSQuery): Promise { + return requests + .put(`/write-repositories/${encodeURIComponent(q.url)}`) + .send({ + type: q.type, + name: q.name, + repo: q.url, + username: q.username, + password: q.password, + tlsClientCertData: q.tlsClientCertData, + tlsClientCertKey: q.tlsClientCertKey, + insecure: q.insecure, + enableLfs: q.enableLfs, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project, + forceHttpBasicAuth: q.forceHttpBasicAuth, + enableOCI: q.enableOCI + }) .then(res => res.body as models.Repository); } - public createSSH({ - type, - name, - url, - sshPrivateKey, - insecure, - enableLfs, - proxy, - noProxy, - project - }: { - type: string; - name: string; - url: string; - sshPrivateKey: string; - insecure: boolean; - enableLfs: boolean; - proxy: string; - noProxy: string; - project?: string; - }): Promise { + public createSSH(q: SSHQuery): Promise { return requests .post('/repositories') - .send({type, name, repo: url, sshPrivateKey, insecure, enableLfs, proxy, noProxy, project}) + .send({ + type: q.type, + name: q.name, + repo: q.url, + sshPrivateKey: q.sshPrivateKey, + insecure: q.insecure, + enableLfs: q.enableLfs, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project + }) .then(res => res.body as models.Repository); } - public createGitHubApp({ - type, - name, - url, - githubAppPrivateKey, - githubAppId, - githubAppInstallationId, - githubAppEnterpriseBaseURL, - tlsClientCertData, - tlsClientCertKey, - insecure, - enableLfs, - proxy, - noProxy, - project - }: { - type: string; - name: string; - url: string; - githubAppPrivateKey: string; - githubAppId: bigint; - githubAppInstallationId: bigint; - githubAppEnterpriseBaseURL: string; - tlsClientCertData: string; - tlsClientCertKey: string; - insecure: boolean; - enableLfs: boolean; - proxy: string; - noProxy: string; - project?: string; - }): Promise { + public createSSHWrite(q: SSHQuery): Promise { + return requests + .post('/write-repositories') + .send({ + type: q.type, + name: q.name, + repo: q.url, + sshPrivateKey: q.sshPrivateKey, + insecure: q.insecure, + enableLfs: q.enableLfs, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project + }) + .then(res => res.body as models.Repository); + } + + public createGitHubApp(q: GitHubAppQuery): Promise { return requests .post('/repositories') .send({ - type, - name, - repo: url, - githubAppPrivateKey, - githubAppId, - githubAppInstallationId, - githubAppEnterpriseBaseURL, - tlsClientCertData, - tlsClientCertKey, - insecure, - enableLfs, - proxy, - noProxy, - project + type: q.type, + name: q.name, + repo: q.url, + githubAppPrivateKey: q.githubAppPrivateKey, + githubAppId: q.githubAppId, + githubAppInstallationId: q.githubAppInstallationId, + githubAppEnterpriseBaseURL: q.githubAppEnterpriseBaseURL, + tlsClientCertData: q.tlsClientCertData, + tlsClientCertKey: q.tlsClientCertKey, + insecure: q.insecure, + enableLfs: q.enableLfs, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project + }) + .then(res => res.body as models.Repository); + } + + public createGitHubAppWrite(q: GitHubAppQuery): Promise { + return requests + .post('/write-repositories') + .send({ + type: q.type, + name: q.name, + repo: q.url, + githubAppPrivateKey: q.githubAppPrivateKey, + githubAppId: q.githubAppId, + githubAppInstallationId: q.githubAppInstallationId, + githubAppEnterpriseBaseURL: q.githubAppEnterpriseBaseURL, + tlsClientCertData: q.tlsClientCertData, + tlsClientCertKey: q.tlsClientCertKey, + insecure: q.insecure, + enableLfs: q.enableLfs, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project }) .then(res => res.body as models.Repository); } - public createGoogleCloudSource({ - type, - name, - url, - gcpServiceAccountKey, - proxy, - noProxy, - project - }: { - type: string; - name: string; - url: string; - gcpServiceAccountKey: string; - proxy: string; - noProxy: string; - project?: string; - }): Promise { + public createGoogleCloudSource(q: GoogleCloudSourceQuery): Promise { return requests .post('/repositories') .send({ - type, - name, - repo: url, - gcpServiceAccountKey, - proxy, - noProxy, - project + type: q.type, + name: q.name, + repo: q.url, + gcpServiceAccountKey: q.gcpServiceAccountKey, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project + }) + .then(res => res.body as models.Repository); + } + + public createGoogleCloudSourceWrite(q: GoogleCloudSourceQuery): Promise { + return requests + .post('/write-repositories') + .send({ + type: q.type, + name: q.name, + repo: q.url, + gcpServiceAccountKey: q.gcpServiceAccountKey, + proxy: q.proxy, + noProxy: q.noProxy, + project: q.project }) .then(res => res.body as models.Repository); } @@ -207,6 +289,13 @@ export class RepositoriesService { .then(res => res.body as models.Repository); } + public deleteWrite(url: string, project: string): Promise { + return requests + .delete(`/write-repositories/${encodeURIComponent(url)}?appProject=${project}`) + .send() + .then(res => res.body as models.Repository); + } + public async revisions(repo: string): Promise { return requests.get(`/repositories/${encodeURIComponent(repo)}/refs`).then(res => res.body as models.RefsInfo); } diff --git a/ui/src/app/shared/services/repocreds-service.ts b/ui/src/app/shared/services/repocreds-service.ts index b9f5f871eb12b..edac6d171d0fe 100644 --- a/ui/src/app/shared/services/repocreds-service.ts +++ b/ui/src/app/shared/services/repocreds-service.ts @@ -1,6 +1,38 @@ import * as models from '../models'; import requests from './requests'; +export interface HTTPSCreds { + url: string; + username: string; + password: string; + tlsClientCertData: string; + tlsClientCertKey: string; + proxy: string; + noProxy: string; +} + +export interface SSHCreds { + url: string; + sshPrivateKey: string; +} + +export interface GitHubAppCreds { + url: string; + githubAppPrivateKey: string; + githubAppId: bigint; + githubAppInstallationId: bigint; + githubAppEnterpriseBaseURL: string; + tlsClientCertData: string; + tlsClientCertKey: string; + proxy: string; + noProxy: string; +} + +export interface GoogleCloudSourceCreds { + url: string; + gcpServiceAccountKey: string; +} + export class RepoCredsService { public list(): Promise { return requests @@ -9,67 +41,66 @@ export class RepoCredsService { .then(list => list.items || []); } - public createHTTPS({ - url, - username, - password, - tlsClientCertData, - tlsClientCertKey, - proxy, - noProxy - }: { - url: string; - username: string; - password: string; - tlsClientCertData: string; - tlsClientCertKey: string; - proxy: string; - noProxy: string; - }): Promise { + public listWrite(): Promise { + return requests + .get('/write-repocreds') + .then(res => res.body as models.RepoCredsList) + .then(list => list.items || []); + } + + public createHTTPS(creds: HTTPSCreds): Promise { return requests .post('/repocreds') - .send({url, username, password, tlsClientCertData, tlsClientCertKey, proxy, noProxy}) + .send(creds) + .then(res => res.body as models.RepoCreds); + } + + public createHTTPSWrite(creds: HTTPSCreds): Promise { + return requests + .post('/write-repocreds') + .send(creds) .then(res => res.body as models.RepoCreds); } - public createSSH({url, sshPrivateKey}: {url: string; sshPrivateKey: string}): Promise { + public createSSH(creds: SSHCreds): Promise { return requests .post('/repocreds') - .send({url, sshPrivateKey}) + .send(creds) .then(res => res.body as models.RepoCreds); } - public createGitHubApp({ - url, - githubAppPrivateKey, - githubAppId, - githubAppInstallationId, - githubAppEnterpriseBaseURL, - tlsClientCertData, - tlsClientCertKey, - proxy, - noProxy - }: { - url: string; - githubAppPrivateKey: string; - githubAppId: bigint; - githubAppInstallationId: bigint; - githubAppEnterpriseBaseURL: string; - tlsClientCertData: string; - tlsClientCertKey: string; - proxy: string; - noProxy: string; - }): Promise { + public createSSHWrite(creds: SSHCreds): Promise { + return requests + .post('/write-repocreds') + .send(creds) + .then(res => res.body as models.RepoCreds); + } + + public createGitHubApp(creds: GitHubAppCreds): Promise { return requests .post('/repocreds') - .send({url, githubAppPrivateKey, githubAppId, githubAppInstallationId, githubAppEnterpriseBaseURL, tlsClientCertData, tlsClientCertKey, proxy, noProxy}) + .send(creds) .then(res => res.body as models.RepoCreds); } - public createGoogleCloudSource({url, gcpServiceAccountKey}: {url: string; gcpServiceAccountKey: string}): Promise { + public createGitHubAppWrite(creds: GitHubAppCreds): Promise { + return requests + .post('/write-repocreds') + .send(creds) + .then(res => res.body as models.RepoCreds); + } + + public createGoogleCloudSource(creds: GoogleCloudSourceCreds): Promise { return requests .post('/repocreds') - .send({url, gcpServiceAccountKey}) + .send(creds) + .then(res => res.body as models.RepoCreds); + } + + public createGoogleCloudSourceWrite(creds: GoogleCloudSourceCreds): Promise { + return requests + .post('/write-repocreds') + .send(creds) .then(res => res.body as models.RepoCreds); } @@ -79,4 +110,11 @@ export class RepoCredsService { .send() .then(res => res.body as models.RepoCreds); } + + public deleteWrite(url: string): Promise { + return requests + .delete(`/write-repocreds/${encodeURIComponent(url)}`) + .send() + .then(res => res.body as models.RepoCreds); + } } diff --git a/ui/yarn.lock b/ui/yarn.lock index d7a8eeea58442..dc29f24753a2f 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -7185,9 +7185,9 @@ multicast-dns@^6.0.1: thunky "^1.0.2" nanoid@^3.3.7: - version "3.3.7" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.7.tgz#d0c301a691bc8d54efa0a2226ccf3fe2fd656bd8" - integrity sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g== + version "3.3.8" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.8.tgz#b1be3030bee36aaff18bacb375e5cce521684baf" + integrity sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w== natural-compare@^1.4.0: version "1.4.0" diff --git a/util/app/discovery/discovery.go b/util/app/discovery/discovery.go index 580e4cd06935d..9f477e3a35a23 100644 --- a/util/app/discovery/discovery.go +++ b/util/app/discovery/discovery.go @@ -170,6 +170,7 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil cfg, err := cmpClient.CheckPluginConfiguration(ctx, &empty.Empty{}) if err != nil { log.Errorf("error checking plugin configuration %s, %v", fileName, err) + io.Close(conn) return nil, nil, false } @@ -178,6 +179,7 @@ func cmpSupports(ctx context.Context, pluginSockFilePath, appPath, repoPath, fil if namedPlugin { return conn, cmpClient, true } + io.Close(conn) return nil, nil, false } diff --git a/util/argo/argo.go b/util/argo/argo.go index 8fb4eba2f3430..23fac86c6bf0c 100644 --- a/util/argo/argo.go +++ b/util/argo/argo.go @@ -55,7 +55,7 @@ func AugmentSyncMsg(res common.ResourceSyncResult, apiResourceInfoGetter func() default: // Check if the message contains "metadata.annotation: Too long" if strings.Contains(res.Message, "metadata.annotations: Too long: must have at most 262144 bytes") { - res.Message = fmt.Sprintf("%s \n -Additional Info: This error usually means that you are trying to add a large resource on client side. Consider using Server-side apply or syncing with replace enabled. Note: Syncing with Replace enabled is potentially destructive as it may cause resource deletion and re-creation.", res.Message) + res.Message = res.Message + " \n -Additional Info: This error usually means that you are trying to add a large resource on client side. Consider using Server-side apply or syncing with replace enabled. Note: Syncing with Replace enabled is potentially destructive as it may cause resource deletion and re-creation." } } @@ -231,6 +231,7 @@ func RefreshApp(appIf v1alpha1.ApplicationInterface, name string, refreshType ar "metadata": map[string]interface{}{ "annotations": map[string]string{ argoappv1.AnnotationKeyRefresh: string(refreshType), + argoappv1.AnnotationKeyHydrate: "normal", }, }, } @@ -417,6 +418,12 @@ func validateRepo(ctx context.Context, } } + // If using the source hydrator, check the dry source instead of the sync source, since the sync source branch may + // not exist yet. + if app.Spec.SourceHydrator != nil { + sources = []argoappv1.ApplicationSource{app.Spec.SourceHydrator.GetDrySource()} + } + refSources, err := GetRefSources(ctx, sources, app.Spec.Project, db.GetRepository, []string{}, false) if err != nil { return nil, fmt.Errorf("error getting ref sources: %w", err) @@ -485,16 +492,18 @@ func GetRefSources(ctx context.Context, sources argoappv1.ApplicationSources, pr return refSources, nil } -// ValidateDestination sets the 'Server' value of the ApplicationDestination, if it is not set. +// ValidateDestination sets the 'Server' or the `Name` value of the ApplicationDestination, if it is not set. // NOTE: this function WILL write to the object pointed to by the 'dest' parameter. -// // If an ApplicationDestination has a Name field, but has an empty Server (URL) field, // ValidationDestination will look up the cluster by name (to get the server URL), and -// set the corresponding Server field value. +// set the corresponding Server field value. Same goes for the opposite case. // // It also checks: // - If we used both name and server then we return an invalid spec error func ValidateDestination(ctx context.Context, dest *argoappv1.ApplicationDestination, db db.ArgoDB) error { + if dest.IsServerInferred() && dest.IsNameInferred() { + return fmt.Errorf("application destination can't have both name and server inferred: %s %s", dest.Name, dest.Server) + } if dest.Name != "" { if dest.Server == "" { server, err := getDestinationServer(ctx, db, dest.Name) @@ -505,9 +514,20 @@ func ValidateDestination(ctx context.Context, dest *argoappv1.ApplicationDestina return fmt.Errorf("application references destination cluster %s which does not exist", dest.Name) } dest.SetInferredServer(server) - } else if !dest.IsServerInferred() { + } else if !dest.IsServerInferred() && !dest.IsNameInferred() { return fmt.Errorf("application destination can't have both name and server defined: %s %s", dest.Name, dest.Server) } + } else if dest.Server != "" { + if dest.Name == "" { + serverName, err := getDestinationServerName(ctx, db, dest.Server) + if err != nil { + return fmt.Errorf("unable to find destination server: %w", err) + } + if serverName == "" { + return fmt.Errorf("application references destination cluster %s which does not exist", dest.Server) + } + dest.SetInferredName(serverName) + } } return nil } @@ -542,11 +562,46 @@ func validateSourcePermissions(source argoappv1.ApplicationSource, hasMultipleSo return conditions } +func validateSourceHydrator(hydrator *argoappv1.SourceHydrator) []argoappv1.ApplicationCondition { + var conditions []argoappv1.ApplicationCondition + if hydrator.DrySource.RepoURL == "" { + conditions = append(conditions, argoappv1.ApplicationCondition{ + Type: argoappv1.ApplicationConditionInvalidSpecError, + Message: "spec.sourceHydrator.drySource.repoURL is required", + }) + } + if hydrator.SyncSource.TargetBranch == "" { + conditions = append(conditions, argoappv1.ApplicationCondition{ + Type: argoappv1.ApplicationConditionInvalidSpecError, + Message: "spec.sourceHydrator.syncSource.targetBranch is required", + }) + } + if hydrator.HydrateTo != nil && hydrator.HydrateTo.TargetBranch == "" { + conditions = append(conditions, argoappv1.ApplicationCondition{ + Type: argoappv1.ApplicationConditionInvalidSpecError, + Message: "when spec.sourceHydrator.hydrateTo is set, spec.sourceHydrator.hydrateTo.path is required", + }) + } + return conditions +} + // ValidatePermissions ensures that the referenced cluster has been added to Argo CD and the app source repo and destination namespace/cluster are permitted in app project func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, proj *argoappv1.AppProject, db db.ArgoDB) ([]argoappv1.ApplicationCondition, error) { conditions := make([]argoappv1.ApplicationCondition, 0) - if spec.HasMultipleSources() { + if spec.SourceHydrator != nil { + condition := validateSourceHydrator(spec.SourceHydrator) + if len(condition) > 0 { + conditions = append(conditions, condition...) + return conditions, nil + } + if !proj.IsSourcePermitted(spec.SourceHydrator.GetDrySource()) { + conditions = append(conditions, argoappv1.ApplicationCondition{ + Type: argoappv1.ApplicationConditionInvalidSpecError, + Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", spec.GetSource().RepoURL, spec.Project), + }) + } + } else if spec.HasMultipleSources() { for _, source := range spec.Sources { condition := validateSourcePermissions(source, spec.HasMultipleSources()) if len(condition) > 0 { @@ -959,6 +1014,22 @@ func getDestinationServer(ctx context.Context, db db.ArgoDB, clusterName string) return servers[0], nil } +func getDestinationServerName(ctx context.Context, db db.ArgoDB, server string) (string, error) { + if db == nil { + return "", fmt.Errorf("there are no clusters registered in the database") + } + + cluster, err := db.GetCluster(ctx, server) + if err != nil { + return "", fmt.Errorf("error getting cluster name by server %q: %w", server, err) + } + + if cluster.Name == "" { + return "", fmt.Errorf("there are no clusters with this URL: %s", server) + } + return cluster.Name, nil +} + func GetGlobalProjects(proj *argoappv1.AppProject, projLister applicationsv1.AppProjectLister, settingsManager *settings.SettingsManager) []*argoappv1.AppProject { gps, err := settingsManager.GetGlobalProjectsSettings() globalProjects := make([]*argoappv1.AppProject, 0) @@ -1038,7 +1109,7 @@ func GenerateSpecIsDifferentErrorMessage(entity string, a, b interface{}) string if len(difference) == 0 { return basicMsg } - return fmt.Sprintf("%s; difference in keys \"%s\"", basicMsg, strings.Join(difference, ",")) + return fmt.Sprintf("%s; difference in keys %q", basicMsg, strings.Join(difference, ",")) } func GetDifferentPathsBetweenStructs(a, b interface{}) ([]string, error) { diff --git a/util/argo/argo_test.go b/util/argo/argo_test.go index 74db80a0c198c..76cb6c9fc7b21 100644 --- a/util/argo/argo_test.go +++ b/util/argo/argo_test.go @@ -78,7 +78,7 @@ func TestGetAppProjectWithNoProjDefined(t *testing.T) { go informer.Run(ctx.Done()) cache.WaitForCacheSync(ctx.Done(), informer.HasSynced) - kubeClient := fake.NewSimpleClientset(&cm) + kubeClient := fake.NewClientset(&cm) settingsMgr := settings.NewSettingsManager(context.Background(), kubeClient, test.FakeArgoCDNamespace) argoDB := db.NewDB("default", settingsMgr, kubeClient) proj, err := GetAppProject(&testApp, applisters.NewAppProjectLister(informer.GetIndexer()), namespace, settingsMgr, argoDB, ctx) @@ -366,7 +366,7 @@ func TestValidateRepo(t *testing.T) { }} kubeVersion := "v1.16" kustomizeOptions := &argoappv1.KustomizeOptions{BuildOptions: ""} - repo := &argoappv1.Repository{Repo: fmt.Sprintf("file://%s", repoPath)} + repo := &argoappv1.Repository{Repo: "file://" + repoPath} cluster := &argoappv1.Cluster{Server: "sample server"} app := &argoappv1.Application{ Spec: argoappv1.ApplicationSpec{ @@ -446,7 +446,7 @@ func TestValidateRepo(t *testing.T) { }, } - kubeClient := fake.NewSimpleClientset(&cm) + kubeClient := fake.NewClientset(&cm) settingsMgr := settings.NewSettingsManager(context.Background(), kubeClient, test.FakeArgoCDNamespace) conditions, err := ValidateRepo(context.Background(), app, repoClientSet, db, &kubetest.MockKubectlCmd{Version: kubeVersion, APIResources: apiResources}, proj, settingsMgr) @@ -475,7 +475,7 @@ func TestFormatAppConditions(t *testing.T) { t.Run("Single Condition", func(t *testing.T) { res := FormatAppConditions(conditions[0:1]) assert.NotEmpty(t, res) - assert.Equal(t, fmt.Sprintf("%s: Foo", EventReasonOperationCompleted), res) + assert.Equal(t, EventReasonOperationCompleted+": Foo", res) }) t.Run("Multiple Conditions", func(t *testing.T) { @@ -702,7 +702,7 @@ func TestValidatePermissions(t *testing.T) { SourceRepos: []string{"http://some/where/else"}, }, } - cluster := &argoappv1.Cluster{Server: "https://127.0.0.1:6443"} + cluster := &argoappv1.Cluster{Server: "https://127.0.0.1:6443", Name: "test"} db := &dbmocks.ArgoDB{} db.On("GetCluster", context.Background(), spec.Destination.Server).Return(cluster, nil) conditions, err := ValidatePermissions(context.Background(), &spec, &proj, db) @@ -735,7 +735,7 @@ func TestValidatePermissions(t *testing.T) { SourceRepos: []string{"http://some/where"}, }, } - cluster := &argoappv1.Cluster{Server: "https://127.0.0.1:6443"} + cluster := &argoappv1.Cluster{Server: "https://127.0.0.1:6443", Name: "test"} db := &dbmocks.ArgoDB{} db.On("GetCluster", context.Background(), spec.Destination.Server).Return(cluster, nil) conditions, err := ValidatePermissions(context.Background(), &spec, &proj, db) @@ -773,7 +773,7 @@ func TestValidatePermissions(t *testing.T) { conditions, err := ValidatePermissions(context.Background(), &spec, &proj, db) require.NoError(t, err) assert.Len(t, conditions, 1) - assert.Contains(t, conditions[0].Message, "has not been configured") + assert.Contains(t, conditions[0].Message, "unable to find destination server") }) t.Run("Destination cluster name does not exist", func(t *testing.T) { @@ -834,8 +834,10 @@ func TestValidatePermissions(t *testing.T) { } db := &dbmocks.ArgoDB{} db.On("GetCluster", context.Background(), spec.Destination.Server).Return(nil, fmt.Errorf("Unknown error occurred")) - _, err := ValidatePermissions(context.Background(), &spec, &proj, db) - require.Error(t, err) + conditions, err := ValidatePermissions(context.Background(), &spec, &proj, db) + require.NoError(t, err) + assert.Len(t, conditions, 1) + assert.Contains(t, conditions[0].Message, "Unknown error occurred") }) t.Run("Destination cluster name resolves to valid server", func(t *testing.T) { @@ -932,7 +934,7 @@ func TestValidateDestination(t *testing.T) { } appCond := ValidateDestination(context.Background(), &dest, nil) - require.NoError(t, appCond) + require.Error(t, appCond) assert.False(t, dest.IsServerInferred()) }) @@ -1292,12 +1294,12 @@ func Test_GetRefSources(t *testing.T) { } } - repo := &argoappv1.Repository{Repo: fmt.Sprintf("file://%s", repoPath)} + repo := &argoappv1.Repository{Repo: "file://" + repoPath} t.Run("target ref exists", func(t *testing.T) { argoSpec := getMultiSourceAppSpec(argoappv1.ApplicationSources{ - {RepoURL: fmt.Sprintf("file://%s", repoPath), Ref: "source-1_2"}, - {RepoURL: fmt.Sprintf("file://%s", repoPath)}, + {RepoURL: "file://" + repoPath, Ref: "source-1_2"}, + {RepoURL: "file://" + repoPath}, }) refSources, err := GetRefSources(context.Background(), argoSpec.Sources, argoSpec.Project, func(ctx context.Context, url string, project string) (*argoappv1.Repository, error) { @@ -1317,7 +1319,7 @@ func Test_GetRefSources(t *testing.T) { t.Run("target ref does not exist", func(t *testing.T) { argoSpec := getMultiSourceAppSpec(argoappv1.ApplicationSources{ {RepoURL: "file://does-not-exist", Ref: "source1"}, - {RepoURL: fmt.Sprintf("file://%s", repoPath)}, + {RepoURL: "file://" + repoPath}, }) refSources, err := GetRefSources(context.Background(), argoSpec.Sources, argoSpec.Project, func(ctx context.Context, url string, project string) (*argoappv1.Repository, error) { @@ -1331,7 +1333,7 @@ func Test_GetRefSources(t *testing.T) { t.Run("invalid ref", func(t *testing.T) { argoSpec := getMultiSourceAppSpec(argoappv1.ApplicationSources{ {RepoURL: "file://does-not-exist", Ref: "%invalid-name%"}, - {RepoURL: fmt.Sprintf("file://%s", repoPath)}, + {RepoURL: "file://" + repoPath}, }) refSources, err := GetRefSources(context.TODO(), argoSpec.Sources, argoSpec.Project, func(ctx context.Context, url string, project string) (*argoappv1.Repository, error) { @@ -1420,7 +1422,7 @@ func TestValidatePermissionsMultipleSources(t *testing.T) { SourceRepos: []string{"http://some/where/else"}, }, } - cluster := &argoappv1.Cluster{Server: "https://127.0.0.1:6443"} + cluster := &argoappv1.Cluster{Server: "https://127.0.0.1:6443", Name: "test"} db := &dbmocks.ArgoDB{} db.On("GetCluster", context.Background(), spec.Destination.Server).Return(cluster, nil) conditions, err := ValidatePermissions(context.Background(), &spec, &proj, db) diff --git a/util/argo/audit_logger_test.go b/util/argo/audit_logger_test.go index a0c5714fb3266..900bf43c4b128 100644 --- a/util/argo/audit_logger_test.go +++ b/util/argo/audit_logger_test.go @@ -36,12 +36,12 @@ func captureLogEntries(run func()) string { } func TestNewAuditLogger(t *testing.T) { - logger := NewAuditLogger("default", fake.NewSimpleClientset(), _somecomponent, testEnableEventLog) + logger := NewAuditLogger("default", fake.NewClientset(), _somecomponent, testEnableEventLog) assert.NotNil(t, logger) } func TestLogAppProjEvent(t *testing.T) { - logger := NewAuditLogger("default", fake.NewSimpleClientset(), _somecomponent, testEnableEventLog) + logger := NewAuditLogger("default", fake.NewClientset(), _somecomponent, testEnableEventLog) assert.NotNil(t, logger) proj := argoappv1.AppProject{ @@ -82,7 +82,7 @@ func TestLogAppProjEvent(t *testing.T) { } func TestLogAppEvent(t *testing.T) { - logger := NewAuditLogger("default", fake.NewSimpleClientset(), _somecomponent, testEnableEventLog) + logger := NewAuditLogger("default", fake.NewClientset(), _somecomponent, testEnableEventLog) assert.NotNil(t, logger) app := argoappv1.Application{ @@ -128,7 +128,7 @@ func TestLogAppEvent(t *testing.T) { } func TestLogResourceEvent(t *testing.T) { - logger := NewAuditLogger("default", fake.NewSimpleClientset(), _somecomponent, testEnableEventLog) + logger := NewAuditLogger("default", fake.NewClientset(), _somecomponent, testEnableEventLog) assert.NotNil(t, logger) res := argoappv1.ResourceNode{ diff --git a/reposerver/askpass/askpass.pb.go b/util/askpass/askpass.pb.go similarity index 90% rename from reposerver/askpass/askpass.pb.go rename to util/askpass/askpass.pb.go index d1d2a4612a9ac..c41b7336e741e 100644 --- a/reposerver/askpass/askpass.pb.go +++ b/util/askpass/askpass.pb.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: reposerver/askpass/askpass.proto +// source: util/askpass/askpass.proto package askpass @@ -37,7 +37,7 @@ func (m *CredentialsRequest) Reset() { *m = CredentialsRequest{} } func (m *CredentialsRequest) String() string { return proto.CompactTextString(m) } func (*CredentialsRequest) ProtoMessage() {} func (*CredentialsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_099f282cab154dba, []int{0} + return fileDescriptor_1c7c1d31cf056104, []int{0} } func (m *CredentialsRequest) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -85,7 +85,7 @@ func (m *CredentialsResponse) Reset() { *m = CredentialsResponse{} } func (m *CredentialsResponse) String() string { return proto.CompactTextString(m) } func (*CredentialsResponse) ProtoMessage() {} func (*CredentialsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_099f282cab154dba, []int{1} + return fileDescriptor_1c7c1d31cf056104, []int{1} } func (m *CredentialsResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -133,25 +133,25 @@ func init() { proto.RegisterType((*CredentialsResponse)(nil), "askpass.CredentialsResponse") } -func init() { proto.RegisterFile("reposerver/askpass/askpass.proto", fileDescriptor_099f282cab154dba) } +func init() { proto.RegisterFile("util/askpass/askpass.proto", fileDescriptor_1c7c1d31cf056104) } -var fileDescriptor_099f282cab154dba = []byte{ - // 231 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x28, 0x4a, 0x2d, 0xc8, - 0x2f, 0x4e, 0x2d, 0x2a, 0x4b, 0x2d, 0xd2, 0x4f, 0x2c, 0xce, 0x2e, 0x48, 0x2c, 0x2e, 0x86, 0xd1, - 0x7a, 0x05, 0x45, 0xf9, 0x25, 0xf9, 0x42, 0xec, 0x50, 0xae, 0x92, 0x16, 0x97, 0x90, 0x73, 0x51, - 0x6a, 0x4a, 0x6a, 0x5e, 0x49, 0x66, 0x62, 0x4e, 0x71, 0x50, 0x6a, 0x61, 0x69, 0x6a, 0x71, 0x89, - 0x90, 0x08, 0x17, 0x6b, 0x5e, 0x7e, 0x5e, 0x72, 0xaa, 0x04, 0xa3, 0x02, 0xa3, 0x06, 0x67, 0x10, - 0x84, 0xa3, 0xe4, 0xcb, 0x25, 0x8c, 0xa2, 0xb6, 0xb8, 0x20, 0x3f, 0xaf, 0x38, 0x55, 0x48, 0x8a, - 0x8b, 0xa3, 0xb4, 0x38, 0xb5, 0x28, 0x2f, 0x31, 0x17, 0xa6, 0x1e, 0xce, 0x07, 0xc9, 0x81, 0xac, - 0x29, 0xcf, 0x2f, 0x4a, 0x91, 0x60, 0x82, 0xc8, 0xc1, 0xf8, 0x46, 0xf1, 0x5c, 0x7c, 0x8e, 0xc5, - 0xd9, 0x01, 0x89, 0xc5, 0xc5, 0xc1, 0xa9, 0x45, 0x65, 0x99, 0xc9, 0xa9, 0x42, 0xbe, 0x5c, 0x7c, - 0xee, 0xa9, 0x25, 0x48, 0x76, 0x08, 0x49, 0xeb, 0xc1, 0xdc, 0x8d, 0xe9, 0x4a, 0x29, 0x19, 0xec, - 0x92, 0x10, 0x67, 0x29, 0x31, 0x38, 0xd9, 0x9f, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c, 0xe3, - 0x83, 0x47, 0x72, 0x8c, 0x51, 0x86, 0xe9, 0x99, 0x25, 0x19, 0xa5, 0x49, 0x7a, 0xc9, 0xf9, 0xb9, - 0xfa, 0x89, 0x45, 0xe9, 0xf9, 0x05, 0x45, 0xf9, 0x59, 0x60, 0x86, 0x6e, 0x72, 0x8a, 0x7e, 0x99, - 0x91, 0x3e, 0x66, 0x98, 0x25, 0xb1, 0x81, 0x03, 0xcb, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0x5a, - 0x1e, 0xa9, 0xaf, 0x50, 0x01, 0x00, 0x00, +var fileDescriptor_1c7c1d31cf056104 = []byte{ + // 225 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x2a, 0x2d, 0xc9, 0xcc, + 0xd1, 0x4f, 0x2c, 0xce, 0x2e, 0x48, 0x2c, 0x2e, 0x86, 0xd1, 0x7a, 0x05, 0x45, 0xf9, 0x25, 0xf9, + 0x42, 0xec, 0x50, 0xae, 0x92, 0x16, 0x97, 0x90, 0x73, 0x51, 0x6a, 0x4a, 0x6a, 0x5e, 0x49, 0x66, + 0x62, 0x4e, 0x71, 0x50, 0x6a, 0x61, 0x69, 0x6a, 0x71, 0x89, 0x90, 0x08, 0x17, 0x6b, 0x5e, 0x7e, + 0x5e, 0x72, 0xaa, 0x04, 0xa3, 0x02, 0xa3, 0x06, 0x67, 0x10, 0x84, 0xa3, 0xe4, 0xcb, 0x25, 0x8c, + 0xa2, 0xb6, 0xb8, 0x20, 0x3f, 0xaf, 0x38, 0x55, 0x48, 0x8a, 0x8b, 0xa3, 0xb4, 0x38, 0xb5, 0x28, + 0x2f, 0x31, 0x17, 0xa6, 0x1e, 0xce, 0x07, 0xc9, 0x81, 0xac, 0x29, 0xcf, 0x2f, 0x4a, 0x91, 0x60, + 0x82, 0xc8, 0xc1, 0xf8, 0x46, 0xf1, 0x5c, 0x7c, 0x8e, 0xc5, 0xd9, 0x01, 0x89, 0xc5, 0xc5, 0xc1, + 0xa9, 0x45, 0x65, 0x99, 0xc9, 0xa9, 0x42, 0xbe, 0x5c, 0x7c, 0xee, 0xa9, 0x25, 0x48, 0x76, 0x08, + 0x49, 0xeb, 0xc1, 0xdc, 0x8d, 0xe9, 0x4a, 0x29, 0x19, 0xec, 0x92, 0x10, 0x67, 0x29, 0x31, 0x38, + 0x59, 0x9e, 0x78, 0x24, 0xc7, 0x78, 0xe1, 0x91, 0x1c, 0xe3, 0x83, 0x47, 0x72, 0x8c, 0x51, 0xda, + 0xe9, 0x99, 0x25, 0x19, 0xa5, 0x49, 0x7a, 0xc9, 0xf9, 0xb9, 0xfa, 0x89, 0x45, 0xe9, 0xf9, 0x05, + 0x45, 0xf9, 0x59, 0x60, 0x86, 0x6e, 0x72, 0x8a, 0x7e, 0x99, 0x91, 0x3e, 0x72, 0x68, 0x25, 0xb1, + 0x81, 0x83, 0xc9, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0xa8, 0xcc, 0x96, 0x87, 0x44, 0x01, 0x00, + 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -231,7 +231,7 @@ var _AskPassService_serviceDesc = grpc.ServiceDesc{ }, }, Streams: []grpc.StreamDesc{}, - Metadata: "reposerver/askpass/askpass.proto", + Metadata: "util/askpass/askpass.proto", } func (m *CredentialsRequest) Marshal() (dAtA []byte, err error) { diff --git a/reposerver/askpass/askpass.proto b/util/askpass/askpass.proto similarity index 80% rename from reposerver/askpass/askpass.proto rename to util/askpass/askpass.proto index 4547edc3a0306..f4c3788185d7a 100644 --- a/reposerver/askpass/askpass.proto +++ b/util/askpass/askpass.proto @@ -1,5 +1,5 @@ syntax = "proto3"; -option go_package = "github.com/argoproj/argo-cd/v2/reposerver/askpass"; +option go_package = "github.com/argoproj/argo-cd/v2/util/askpass"; package askpass; diff --git a/reposerver/askpass/common.go b/util/askpass/common.go similarity index 76% rename from reposerver/askpass/common.go rename to util/askpass/common.go index c9757f5878956..2a34cca52c84c 100644 --- a/reposerver/askpass/common.go +++ b/util/askpass/common.go @@ -11,6 +11,8 @@ const ( ASKPASS_NONCE_ENV = "ARGOCD_GIT_ASKPASS_NONCE" // AKSPASS_SOCKET_PATH_ENV is the environment variable that is used to pass the socket path to the askpass script AKSPASS_SOCKET_PATH_ENV = "ARGOCD_ASK_PASS_SOCK" + // CommitServerSocketPath is the path to the socket used by the commit server to communicate with the askpass server + CommitServerSocketPath = "/tmp/commit-server-ask-pass.sock" ) func init() { diff --git a/reposerver/askpass/server.go b/util/askpass/server.go similarity index 100% rename from reposerver/askpass/server.go rename to util/askpass/server.go diff --git a/reposerver/askpass/server_test.go b/util/askpass/server_test.go similarity index 100% rename from reposerver/askpass/server_test.go rename to util/askpass/server_test.go diff --git a/util/cache/appstate/cache.go b/util/cache/appstate/cache.go index 5ad5b2154a3b1..f0c335abb9287 100644 --- a/util/cache/appstate/cache.go +++ b/util/cache/appstate/cache.go @@ -56,7 +56,7 @@ func (c *Cache) SetItem(key string, item interface{}, expiration time.Duration, } func appManagedResourcesKey(appName string) string { - return fmt.Sprintf("app|managed-resources|%s", appName) + return "app|managed-resources|" + appName } func (c *Cache) GetAppManagedResources(appName string, res *[]*appv1.ResourceDiff) error { @@ -72,7 +72,7 @@ func (c *Cache) SetAppManagedResources(appName string, managedResources []*appv1 } func appResourcesTreeKey(appName string, shard int64) string { - key := fmt.Sprintf("app|resources-tree|%s", appName) + key := "app|resources-tree|" + appName if shard > 0 { key = fmt.Sprintf("%s|%d", key, shard) } @@ -80,7 +80,7 @@ func appResourcesTreeKey(appName string, shard int64) string { } func clusterInfoKey(server string) string { - return fmt.Sprintf("cluster|info|%s", server) + return "cluster|info|" + server } func (c *Cache) GetAppResourcesTree(appName string, res *appv1.ApplicationTree) error { diff --git a/util/cache/cache_test.go b/util/cache/cache_test.go index 921b2b1dc1b9b..98d289d92030f 100644 --- a/util/cache/cache_test.go +++ b/util/cache/cache_test.go @@ -1,7 +1,6 @@ package cache import ( - "fmt" "testing" "time" @@ -86,5 +85,5 @@ func TestGenerateCacheKey(t *testing.T) { client := NewInMemoryCache(60 * time.Second) cache := NewCache(client) testKey := cache.generateFullKey("testkey") - assert.Equal(t, fmt.Sprintf("testkey|%s", common.CacheVersion), testKey) + assert.Equal(t, "testkey|"+common.CacheVersion, testKey) } diff --git a/util/cache/redis.go b/util/cache/redis.go index 5a832fd6ccd45..2c938b6998bb7 100644 --- a/util/cache/redis.go +++ b/util/cache/redis.go @@ -9,6 +9,7 @@ import ( "fmt" "io" "net" + "sync" "time" ioutil "github.com/argoproj/argo-cd/v2/util/io" @@ -200,6 +201,11 @@ func (redisHook) ProcessPipelineHook(next redis.ProcessPipelineHook) redis.Proce } // CollectMetrics add transport wrapper that pushes metrics into the specified metrics registry -func CollectMetrics(client *redis.Client, registry MetricsRegistry) { +// Lock should be shared between functions that can add/process a Redis hook. +func CollectMetrics(client *redis.Client, registry MetricsRegistry, lock *sync.RWMutex) { + if lock != nil { + lock.Lock() + defer lock.Unlock() + } client.AddHook(&redisHook{registry: registry}) } diff --git a/util/cache/redis_test.go b/util/cache/redis_test.go index d60c7ea268e2c..8cda6d8086e74 100644 --- a/util/cache/redis_test.go +++ b/util/cache/redis_test.go @@ -136,8 +136,8 @@ func TestRedisMetrics(t *testing.T) { ms := NewMockMetricsServer() redisClient := redis.NewClient(&redis.Options{Addr: mr.Addr()}) faultyRedisClient := redis.NewClient(&redis.Options{Addr: "invalidredishost.invalid:12345"}) - CollectMetrics(redisClient, ms) - CollectMetrics(faultyRedisClient, ms) + CollectMetrics(redisClient, ms, nil) + CollectMetrics(faultyRedisClient, ms, nil) client := NewRedisCache(redisClient, 60*time.Second, RedisCompressionNone) faultyClient := NewRedisCache(faultyRedisClient, 60*time.Second, RedisCompressionNone) diff --git a/util/cert/cert_test.go b/util/cert/cert_test.go index cfc4b4385dd07..d91505589145b 100644 --- a/util/cert/cert_test.go +++ b/util/cert/cert_test.go @@ -1,7 +1,6 @@ package cert import ( - "fmt" "os" "path" "testing" @@ -399,7 +398,7 @@ func Test_ValidHostnames(t *testing.T) { } for hostName, valid := range hostNames { - t.Run(fmt.Sprintf("Test validity for hostname %s", hostName), func(t *testing.T) { + t.Run("Test validity for hostname "+hostName, func(t *testing.T) { assert.Equal(t, valid, IsValidHostname(hostName, false)) }) } diff --git a/util/cli/cli.go b/util/cli/cli.go index a84e031f6d76c..92f41d2bed779 100644 --- a/util/cli/cli.go +++ b/util/cli/cli.go @@ -309,7 +309,7 @@ func PrintDiff(name string, live *unstructured.Unstructured, target *unstructure if err != nil { return err } - liveFile := path.Join(tempDir, fmt.Sprintf("%s-live.yaml", name)) + liveFile := path.Join(tempDir, name+"-live.yaml") liveData := []byte("") if live != nil { liveData, err = yaml.Marshal(live) diff --git a/util/db/certificate_test.go b/util/db/certificate_test.go index df4ba7aba621d..62358bcd15b3b 100644 --- a/util/db/certificate_test.go +++ b/util/db/certificate_test.go @@ -283,7 +283,7 @@ func getCertClientset() *fake.Clientset { }, } - return fake.NewSimpleClientset([]runtime.Object{&cm, &sshCM, &tlsCM}...) + return fake.NewClientset([]runtime.Object{&cm, &sshCM, &tlsCM}...) } func Test_ListCertificate(t *testing.T) { diff --git a/util/db/cluster_norace_test.go b/util/db/cluster_norace_test.go index 3386172c3a857..c26cfbf8b42f6 100644 --- a/util/db/cluster_norace_test.go +++ b/util/db/cluster_norace_test.go @@ -46,7 +46,7 @@ func TestWatchClusters_CreateRemoveCluster(t *testing.T) { "server.secretkey": nil, }, } - kubeclientset := fake.NewSimpleClientset(emptyArgoCDConfigMap, argoCDSecret) + kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) runWatchTest(t, db, []func(old *v1alpha1.Cluster, new *v1alpha1.Cluster){ @@ -101,7 +101,7 @@ func TestWatchClusters_LocalClusterModifications(t *testing.T) { "server.secretkey": nil, }, } - kubeclientset := fake.NewSimpleClientset(emptyArgoCDConfigMap, argoCDSecret) + kubeclientset := fake.NewClientset(emptyArgoCDConfigMap, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) runWatchTest(t, db, []func(old *v1alpha1.Cluster, new *v1alpha1.Cluster){ diff --git a/util/db/cluster_test.go b/util/db/cluster_test.go index b32120674e1bc..fc3da404e891a 100644 --- a/util/db/cluster_test.go +++ b/util/db/cluster_test.go @@ -172,7 +172,7 @@ func Test_secretToCluster_InvalidConfig(t *testing.T) { } func TestUpdateCluster(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(&v1.Secret{ + kubeclientset := fake.NewClientset(&v1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "mycluster", Namespace: fakeNamespace, @@ -202,7 +202,7 @@ func TestUpdateCluster(t *testing.T) { } func TestDeleteUnknownCluster(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(&v1.Secret{ + kubeclientset := fake.NewClientset(&v1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "mycluster", Namespace: fakeNamespace, @@ -244,7 +244,7 @@ func TestRejectCreationForInClusterWhenDisabled(t *testing.T) { "server.secretkey": nil, }, } - kubeclientset := fake.NewSimpleClientset(argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) + kubeclientset := fake.NewClientset(argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) _, err := db.CreateCluster(context.Background(), &appv1.Cluster{ @@ -371,7 +371,7 @@ func TestListClusters(t *testing.T) { } t.Run("Valid clusters", func(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(secretForServerWithInClusterAddr, secretForServerWithExternalClusterAddr, emptyArgoCDConfigMap, argoCDSecret) + kubeclientset := fake.NewClientset(secretForServerWithInClusterAddr, secretForServerWithExternalClusterAddr, emptyArgoCDConfigMap, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) @@ -381,7 +381,7 @@ func TestListClusters(t *testing.T) { }) t.Run("Cluster list with invalid cluster", func(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(secretForServerWithInClusterAddr, secretForServerWithExternalClusterAddr, invalidSecret, emptyArgoCDConfigMap, argoCDSecret) + kubeclientset := fake.NewClientset(secretForServerWithInClusterAddr, secretForServerWithExternalClusterAddr, invalidSecret, emptyArgoCDConfigMap, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) @@ -391,7 +391,7 @@ func TestListClusters(t *testing.T) { }) t.Run("Implicit in-cluster secret", func(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(secretForServerWithExternalClusterAddr, emptyArgoCDConfigMap, argoCDSecret) + kubeclientset := fake.NewClientset(secretForServerWithExternalClusterAddr, emptyArgoCDConfigMap, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) @@ -402,7 +402,7 @@ func TestListClusters(t *testing.T) { }) t.Run("ListClusters() should not add the cluster with in-cluster server address since in-cluster is disabled", func(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(secretForServerWithInClusterAddr, argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) + kubeclientset := fake.NewClientset(secretForServerWithInClusterAddr, argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) @@ -412,7 +412,7 @@ func TestListClusters(t *testing.T) { }) t.Run("ListClusters() should add this cluster since it does not contain in-cluster server address even though in-cluster is disabled", func(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(secretForServerWithExternalClusterAddr, argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) + kubeclientset := fake.NewClientset(secretForServerWithExternalClusterAddr, argoCDConfigMapWithInClusterServerAddressDisabled, argoCDSecret) settingsManager := settings.NewSettingsManager(context.Background(), kubeclientset, fakeNamespace) db := NewDB(fakeNamespace, settingsManager, kubeclientset) @@ -439,7 +439,7 @@ func TestClusterRaceConditionClusterSecrets(t *testing.T) { "config": []byte("{}"), }, } - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, diff --git a/util/db/db.go b/util/db/db.go index 34982f8c37806..0cd243c051458 100644 --- a/util/db/db.go +++ b/util/db/db.go @@ -47,6 +47,8 @@ type ArgoDB interface { // ListRepositories lists repositories ListRepositories(ctx context.Context) ([]*appv1.Repository, error) + // ListWriteRepositories lists repositories from write credentials + ListWriteRepositories(ctx context.Context) ([]*appv1.Repository, error) // CreateRepository creates a repository CreateRepository(ctx context.Context, r *appv1.Repository) (*appv1.Repository, error) @@ -61,6 +63,19 @@ type ArgoDB interface { // DeleteRepository deletes a repository from config DeleteRepository(ctx context.Context, name, project string) error + // CreateWriteRepository creates a repository with write credentials + CreateWriteRepository(ctx context.Context, r *appv1.Repository) (*appv1.Repository, error) + // GetWriteRepository returns a repository by URL with write credentials + GetWriteRepository(ctx context.Context, url, project string) (*appv1.Repository, error) + // GetProjectWriteRepositories returns project scoped repositories from write credentials by given project name + GetProjectWriteRepositories(ctx context.Context, project string) ([]*appv1.Repository, error) + // WriteRepositoryExists returns whether a repository is configured for the given URL with write credentials + WriteRepositoryExists(ctx context.Context, repoURL, project string) (bool, error) + // UpdateWriteRepository updates a repository with write credentials + UpdateWriteRepository(ctx context.Context, r *appv1.Repository) (*appv1.Repository, error) + // DeleteWriteRepository deletes a repository from config with write credentials + DeleteWriteRepository(ctx context.Context, name, project string) error + // ListRepositoryCredentials list all repo credential sets URL patterns ListRepositoryCredentials(ctx context.Context) ([]string, error) // GetRepositoryCredentials gets repo credentials for given URL @@ -72,6 +87,17 @@ type ArgoDB interface { // DeleteRepositoryCredentials deletes a repository credential set from config DeleteRepositoryCredentials(ctx context.Context, name string) error + // ListWriteRepositoryCredentials list all repo write credential sets URL patterns + ListWriteRepositoryCredentials(ctx context.Context) ([]string, error) + // GetWriteRepositoryCredentials gets repo write credentials for given URL + GetWriteRepositoryCredentials(ctx context.Context, name string) (*appv1.RepoCreds, error) + // CreateWriteRepositoryCredentials creates a repository write credential set + CreateWriteRepositoryCredentials(ctx context.Context, r *appv1.RepoCreds) (*appv1.RepoCreds, error) + // UpdateWriteRepositoryCredentials updates a repository write credential set + UpdateWriteRepositoryCredentials(ctx context.Context, r *appv1.RepoCreds) (*appv1.RepoCreds, error) + // DeleteWriteRepositoryCredentials deletes a repository write credential set from config + DeleteWriteRepositoryCredentials(ctx context.Context, name string) error + // ListRepoCertificates lists all configured certificates ListRepoCertificates(ctx context.Context, selector *CertificateListSelector) (*appv1.RepositoryCertificateList, error) // CreateRepoCertificate creates a new certificate entry @@ -111,22 +137,14 @@ func NewDB(namespace string, settingsMgr *settings.SettingsManager, kubeclientse } func (db *db) getSecret(name string, cache map[string]*v1.Secret) (*v1.Secret, error) { - secret, ok := cache[name] - if !ok { - secretsLister, err := db.settingsMgr.GetSecretsLister() - if err != nil { - return nil, err - } - secret, err = secretsLister.Secrets(db.ns).Get(name) + if _, ok := cache[name]; !ok { + secret, err := db.settingsMgr.GetSecretByName(name) if err != nil { return nil, err } - if secret.Data == nil { - secret.Data = make(map[string][]byte) - } cache[name] = secret } - return secret, nil + return cache[name], nil } func (db *db) unmarshalFromSecretsStr(secrets map[*SecretMaperValidation]*v1.SecretKeySelector, cache map[string]*v1.Secret) error { diff --git a/util/db/db_test.go b/util/db/db_test.go index 2e8560459c4b2..8227f86964bcc 100644 --- a/util/db/db_test.go +++ b/util/db/db_test.go @@ -47,7 +47,7 @@ func getClientset(config map[string]string, objects ...runtime.Object) *fake.Cli }, Data: config, } - return fake.NewSimpleClientset(append(objects, &cm, &secret)...) + return fake.NewClientset(append(objects, &cm, &secret)...) } func TestCreateRepository(t *testing.T) { diff --git a/util/db/gpgkeys.go b/util/db/gpgkeys.go index 80245718527c4..8d17d20374640 100644 --- a/util/db/gpgkeys.go +++ b/util/db/gpgkeys.go @@ -101,10 +101,6 @@ func (db *db) AddGPGPublicKey(ctx context.Context, keyData string) (map[string]* return nil, nil, err } - if keysCM.Data == nil { - keysCM.Data = make(map[string]string) - } - for kid, key := range keys { if _, ok := keysCM.Data[kid]; ok { skipped = append(skipped, kid) @@ -131,10 +127,6 @@ func (db *db) DeleteGPGPublicKey(ctx context.Context, keyID string) error { return err } - if keysCM.Data == nil { - return fmt.Errorf("No such key configured: %s", keyID) - } - if _, ok := keysCM.Data[keyID]; !ok { return fmt.Errorf("No such key configured: %s", keyID) } diff --git a/util/db/gpgkeys_test.go b/util/db/gpgkeys_test.go index dfc0d8fdaf99b..731293b5b279b 100644 --- a/util/db/gpgkeys_test.go +++ b/util/db/gpgkeys_test.go @@ -112,7 +112,7 @@ func getGPGKeysClientset(gpgCM v1.ConfigMap) *fake.Clientset { Data: nil, } - return fake.NewSimpleClientset([]runtime.Object{&cm, &gpgCM}...) + return fake.NewClientset([]runtime.Object{&cm, &gpgCM}...) } func Test_ValidatePGPKey(t *testing.T) { diff --git a/util/db/helmrepository.go b/util/db/helmrepository.go index 13118462e51b6..0cc6bb2742572 100644 --- a/util/db/helmrepository.go +++ b/util/db/helmrepository.go @@ -59,7 +59,7 @@ func (db *db) ListHelmRepositories(ctx context.Context) ([]*v1alpha1.Repository, } result[i] = repo } - repos, err := db.listRepositories(ctx, ptr.To("helm")) + repos, err := db.listRepositories(ctx, ptr.To("helm"), false) if err != nil { return nil, fmt.Errorf("failed to list Helm repositories: %w", err) } diff --git a/util/db/mocks/ArgoDB.go b/util/db/mocks/ArgoDB.go index 928cb0292eab7..837f939a6f41c 100644 --- a/util/db/mocks/ArgoDB.go +++ b/util/db/mocks/ArgoDB.go @@ -175,6 +175,66 @@ func (_m *ArgoDB) CreateRepositoryCredentials(ctx context.Context, r *v1alpha1.R return r0, r1 } +// CreateWriteRepository provides a mock function with given fields: ctx, r +func (_m *ArgoDB) CreateWriteRepository(ctx context.Context, r *v1alpha1.Repository) (*v1alpha1.Repository, error) { + ret := _m.Called(ctx, r) + + if len(ret) == 0 { + panic("no return value specified for CreateWriteRepository") + } + + var r0 *v1alpha1.Repository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *v1alpha1.Repository) (*v1alpha1.Repository, error)); ok { + return rf(ctx, r) + } + if rf, ok := ret.Get(0).(func(context.Context, *v1alpha1.Repository) *v1alpha1.Repository); ok { + r0 = rf(ctx, r) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.Repository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *v1alpha1.Repository) error); ok { + r1 = rf(ctx, r) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CreateWriteRepositoryCredentials provides a mock function with given fields: ctx, r +func (_m *ArgoDB) CreateWriteRepositoryCredentials(ctx context.Context, r *v1alpha1.RepoCreds) (*v1alpha1.RepoCreds, error) { + ret := _m.Called(ctx, r) + + if len(ret) == 0 { + panic("no return value specified for CreateWriteRepositoryCredentials") + } + + var r0 *v1alpha1.RepoCreds + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *v1alpha1.RepoCreds) (*v1alpha1.RepoCreds, error)); ok { + return rf(ctx, r) + } + if rf, ok := ret.Get(0).(func(context.Context, *v1alpha1.RepoCreds) *v1alpha1.RepoCreds); ok { + r0 = rf(ctx, r) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.RepoCreds) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *v1alpha1.RepoCreds) error); ok { + r1 = rf(ctx, r) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // DeleteCluster provides a mock function with given fields: ctx, server func (_m *ArgoDB) DeleteCluster(ctx context.Context, server string) error { ret := _m.Called(ctx, server) @@ -247,6 +307,42 @@ func (_m *ArgoDB) DeleteRepositoryCredentials(ctx context.Context, name string) return r0 } +// DeleteWriteRepository provides a mock function with given fields: ctx, name, project +func (_m *ArgoDB) DeleteWriteRepository(ctx context.Context, name string, project string) error { + ret := _m.Called(ctx, name, project) + + if len(ret) == 0 { + panic("no return value specified for DeleteWriteRepository") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, string, string) error); ok { + r0 = rf(ctx, name, project) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// DeleteWriteRepositoryCredentials provides a mock function with given fields: ctx, name +func (_m *ArgoDB) DeleteWriteRepositoryCredentials(ctx context.Context, name string) error { + ret := _m.Called(ctx, name) + + if len(ret) == 0 { + panic("no return value specified for DeleteWriteRepositoryCredentials") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { + r0 = rf(ctx, name) + } else { + r0 = ret.Error(0) + } + + return r0 +} + // GetAllHelmRepositoryCredentials provides a mock function with given fields: ctx func (_m *ArgoDB) GetAllHelmRepositoryCredentials(ctx context.Context) ([]*v1alpha1.RepoCreds, error) { ret := _m.Called(ctx) @@ -415,6 +511,36 @@ func (_m *ArgoDB) GetProjectRepositories(ctx context.Context, project string) ([ return r0, r1 } +// GetProjectWriteRepositories provides a mock function with given fields: ctx, project +func (_m *ArgoDB) GetProjectWriteRepositories(ctx context.Context, project string) ([]*v1alpha1.Repository, error) { + ret := _m.Called(ctx, project) + + if len(ret) == 0 { + panic("no return value specified for GetProjectWriteRepositories") + } + + var r0 []*v1alpha1.Repository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string) ([]*v1alpha1.Repository, error)); ok { + return rf(ctx, project) + } + if rf, ok := ret.Get(0).(func(context.Context, string) []*v1alpha1.Repository); ok { + r0 = rf(ctx, project) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*v1alpha1.Repository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string) error); ok { + r1 = rf(ctx, project) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // GetRepository provides a mock function with given fields: ctx, url, project func (_m *ArgoDB) GetRepository(ctx context.Context, url string, project string) (*v1alpha1.Repository, error) { ret := _m.Called(ctx, url, project) @@ -475,6 +601,66 @@ func (_m *ArgoDB) GetRepositoryCredentials(ctx context.Context, name string) (*v return r0, r1 } +// GetWriteRepository provides a mock function with given fields: ctx, url, project +func (_m *ArgoDB) GetWriteRepository(ctx context.Context, url string, project string) (*v1alpha1.Repository, error) { + ret := _m.Called(ctx, url, project) + + if len(ret) == 0 { + panic("no return value specified for GetWriteRepository") + } + + var r0 *v1alpha1.Repository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string, string) (*v1alpha1.Repository, error)); ok { + return rf(ctx, url, project) + } + if rf, ok := ret.Get(0).(func(context.Context, string, string) *v1alpha1.Repository); ok { + r0 = rf(ctx, url, project) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.Repository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string, string) error); ok { + r1 = rf(ctx, url, project) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// GetWriteRepositoryCredentials provides a mock function with given fields: ctx, name +func (_m *ArgoDB) GetWriteRepositoryCredentials(ctx context.Context, name string) (*v1alpha1.RepoCreds, error) { + ret := _m.Called(ctx, name) + + if len(ret) == 0 { + panic("no return value specified for GetWriteRepositoryCredentials") + } + + var r0 *v1alpha1.RepoCreds + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string) (*v1alpha1.RepoCreds, error)); ok { + return rf(ctx, name) + } + if rf, ok := ret.Get(0).(func(context.Context, string) *v1alpha1.RepoCreds); ok { + r0 = rf(ctx, name) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.RepoCreds) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string) error); ok { + r1 = rf(ctx, name) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // ListClusters provides a mock function with given fields: ctx func (_m *ArgoDB) ListClusters(ctx context.Context) (*v1alpha1.ClusterList, error) { ret := _m.Called(ctx) @@ -655,6 +841,66 @@ func (_m *ArgoDB) ListRepositoryCredentials(ctx context.Context) ([]string, erro return r0, r1 } +// ListWriteRepositories provides a mock function with given fields: ctx +func (_m *ArgoDB) ListWriteRepositories(ctx context.Context) ([]*v1alpha1.Repository, error) { + ret := _m.Called(ctx) + + if len(ret) == 0 { + panic("no return value specified for ListWriteRepositories") + } + + var r0 []*v1alpha1.Repository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context) ([]*v1alpha1.Repository, error)); ok { + return rf(ctx) + } + if rf, ok := ret.Get(0).(func(context.Context) []*v1alpha1.Repository); ok { + r0 = rf(ctx) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]*v1alpha1.Repository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context) error); ok { + r1 = rf(ctx) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListWriteRepositoryCredentials provides a mock function with given fields: ctx +func (_m *ArgoDB) ListWriteRepositoryCredentials(ctx context.Context) ([]string, error) { + ret := _m.Called(ctx) + + if len(ret) == 0 { + panic("no return value specified for ListWriteRepositoryCredentials") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context) ([]string, error)); ok { + return rf(ctx) + } + if rf, ok := ret.Get(0).(func(context.Context) []string); ok { + r0 = rf(ctx) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context) error); ok { + r1 = rf(ctx) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // RemoveRepoCertificates provides a mock function with given fields: ctx, selector func (_m *ArgoDB) RemoveRepoCertificates(ctx context.Context, selector *db.CertificateListSelector) (*v1alpha1.RepositoryCertificateList, error) { ret := _m.Called(ctx, selector) @@ -803,6 +1049,66 @@ func (_m *ArgoDB) UpdateRepositoryCredentials(ctx context.Context, r *v1alpha1.R return r0, r1 } +// UpdateWriteRepository provides a mock function with given fields: ctx, r +func (_m *ArgoDB) UpdateWriteRepository(ctx context.Context, r *v1alpha1.Repository) (*v1alpha1.Repository, error) { + ret := _m.Called(ctx, r) + + if len(ret) == 0 { + panic("no return value specified for UpdateWriteRepository") + } + + var r0 *v1alpha1.Repository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *v1alpha1.Repository) (*v1alpha1.Repository, error)); ok { + return rf(ctx, r) + } + if rf, ok := ret.Get(0).(func(context.Context, *v1alpha1.Repository) *v1alpha1.Repository); ok { + r0 = rf(ctx, r) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.Repository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *v1alpha1.Repository) error); ok { + r1 = rf(ctx, r) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// UpdateWriteRepositoryCredentials provides a mock function with given fields: ctx, r +func (_m *ArgoDB) UpdateWriteRepositoryCredentials(ctx context.Context, r *v1alpha1.RepoCreds) (*v1alpha1.RepoCreds, error) { + ret := _m.Called(ctx, r) + + if len(ret) == 0 { + panic("no return value specified for UpdateWriteRepositoryCredentials") + } + + var r0 *v1alpha1.RepoCreds + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *v1alpha1.RepoCreds) (*v1alpha1.RepoCreds, error)); ok { + return rf(ctx, r) + } + if rf, ok := ret.Get(0).(func(context.Context, *v1alpha1.RepoCreds) *v1alpha1.RepoCreds); ok { + r0 = rf(ctx, r) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.RepoCreds) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *v1alpha1.RepoCreds) error); ok { + r1 = rf(ctx, r) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // WatchClusters provides a mock function with given fields: ctx, handleAddEvent, handleModEvent, handleDeleteEvent func (_m *ArgoDB) WatchClusters(ctx context.Context, handleAddEvent func(*v1alpha1.Cluster), handleModEvent func(*v1alpha1.Cluster, *v1alpha1.Cluster), handleDeleteEvent func(string)) error { ret := _m.Called(ctx, handleAddEvent, handleModEvent, handleDeleteEvent) @@ -821,6 +1127,34 @@ func (_m *ArgoDB) WatchClusters(ctx context.Context, handleAddEvent func(*v1alph return r0 } +// WriteRepositoryExists provides a mock function with given fields: ctx, repoURL, project +func (_m *ArgoDB) WriteRepositoryExists(ctx context.Context, repoURL string, project string) (bool, error) { + ret := _m.Called(ctx, repoURL, project) + + if len(ret) == 0 { + panic("no return value specified for WriteRepositoryExists") + } + + var r0 bool + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string, string) (bool, error)); ok { + return rf(ctx, repoURL, project) + } + if rf, ok := ret.Get(0).(func(context.Context, string, string) bool); ok { + r0 = rf(ctx, repoURL, project) + } else { + r0 = ret.Get(0).(bool) + } + + if rf, ok := ret.Get(1).(func(context.Context, string, string) error); ok { + r1 = rf(ctx, repoURL, project) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // NewArgoDB creates a new instance of ArgoDB. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. // The first argument is typically a *testing.T value. func NewArgoDB(t interface { diff --git a/util/db/repository.go b/util/db/repository.go index a186cb07cc31a..f6e7a708d04df 100644 --- a/util/db/repository.go +++ b/util/db/repository.go @@ -5,10 +5,11 @@ import ( "fmt" "hash/fnv" + apiv1 "k8s.io/api/core/v1" + log "github.com/sirupsen/logrus" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - apiv1 "k8s.io/api/core/v1" appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -77,6 +78,20 @@ func (db *db) CreateRepository(ctx context.Context, r *appsv1.Repository) (*apps return secretBackend.CreateRepository(ctx, r) } +func (db *db) CreateWriteRepository(ctx context.Context, r *appsv1.Repository) (*appsv1.Repository, error) { + secretBackend := db.repoWriteBackend() + secretExists, err := secretBackend.RepositoryExists(ctx, r.Repo, r.Project, false) + if err != nil { + return nil, err + } + + if secretExists { + return nil, status.Errorf(codes.AlreadyExists, "repository %q already exists", r.Repo) + } + + return secretBackend.CreateRepository(ctx, r) +} + func (db *db) GetRepository(ctx context.Context, repoURL, project string) (*appsv1.Repository, error) { repository, err := db.getRepository(ctx, repoURL, project) if err != nil { @@ -90,12 +105,34 @@ func (db *db) GetRepository(ctx context.Context, repoURL, project string) (*apps return repository, err } +func (db *db) GetWriteRepository(ctx context.Context, repoURL, project string) (*appsv1.Repository, error) { + repository, err := db.repoWriteBackend().GetRepository(ctx, repoURL, project) + if err != nil { + return repository, fmt.Errorf("unable to get write repository %q: %w", repoURL, err) + } + + // TODO: enrich with write credentials. + //if err := db.enrichCredsToRepo(ctx, repository); err != nil { + // return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err) + //} + + return repository, err +} + func (db *db) GetProjectRepositories(ctx context.Context, project string) ([]*appsv1.Repository, error) { + return db.getRepositories(settings.ByProjectRepoIndexer, project) +} + +func (db *db) GetProjectWriteRepositories(ctx context.Context, project string) ([]*appsv1.Repository, error) { + return db.getRepositories(settings.ByProjectRepoWriteIndexer, project) +} + +func (db *db) getRepositories(indexer, project string) ([]*appv1.Repository, error) { informer, err := db.settingsMgr.GetSecretsInformer() if err != nil { return nil, err } - secrets, err := informer.GetIndexer().ByIndex(settings.ByProjectRepoIndexer, project) + secrets, err := informer.GetIndexer().ByIndex(indexer, project) if err != nil { return nil, err } @@ -121,6 +158,11 @@ func (db *db) RepositoryExists(ctx context.Context, repoURL, project string) (bo return legacyBackend.RepositoryExists(ctx, repoURL, project, true) } +func (db *db) WriteRepositoryExists(ctx context.Context, repoURL, project string) (bool, error) { + secretsBackend := db.repoWriteBackend() + return secretsBackend.RepositoryExists(ctx, repoURL, project, true) +} + func (db *db) getRepository(ctx context.Context, repoURL, project string) (*appsv1.Repository, error) { secretsBackend := db.repoBackend() exists, err := secretsBackend.RepositoryExists(ctx, repoURL, project, true) @@ -150,24 +192,37 @@ func (db *db) getRepository(ctx context.Context, repoURL, project string) (*apps } func (db *db) ListRepositories(ctx context.Context) ([]*appsv1.Repository, error) { - return db.listRepositories(ctx, nil) + return db.listRepositories(ctx, nil, false) } -func (db *db) listRepositories(ctx context.Context, repoType *string) ([]*appsv1.Repository, error) { +func (db *db) ListWriteRepositories(ctx context.Context) ([]*appsv1.Repository, error) { + return db.listRepositories(ctx, nil, true) +} + +func (db *db) listRepositories(ctx context.Context, repoType *string, writeCreds bool) ([]*appsv1.Repository, error) { // TODO It would be nice to check for duplicates between secret and legacy repositories and make it so that // repositories from secrets overlay repositories from legacys. - secretRepositories, err := db.repoBackend().ListRepositories(ctx, repoType) - if err != nil { - return nil, err - } + var repositories []*appv1.Repository + if writeCreds { + var err error + repositories, err = db.repoWriteBackend().ListRepositories(ctx, repoType) + if err != nil { + return nil, err + } + } else { + secretRepositories, err := db.repoBackend().ListRepositories(ctx, repoType) + if err != nil { + return nil, err + } - legacyRepositories, err := db.legacyRepoBackend().ListRepositories(ctx, repoType) - if err != nil { - return nil, err - } + legacyRepositories, err := db.legacyRepoBackend().ListRepositories(ctx, repoType) + if err != nil { + return nil, err + } - repositories := append(secretRepositories, legacyRepositories...) + repositories = append(secretRepositories, legacyRepositories...) + } if err := db.enrichCredsToRepos(ctx, repositories); err != nil { return nil, err } @@ -196,6 +251,20 @@ func (db *db) UpdateRepository(ctx context.Context, r *appsv1.Repository) (*apps return nil, status.Errorf(codes.NotFound, "repo '%s' not found", r.Repo) } +func (db *db) UpdateWriteRepository(ctx context.Context, r *appsv1.Repository) (*appsv1.Repository, error) { + secretBackend := db.repoWriteBackend() + exists, err := secretBackend.RepositoryExists(ctx, r.Repo, r.Project, false) + if err != nil { + return nil, err + } + + if !exists { + return nil, status.Errorf(codes.NotFound, "repo '%s' not found", r.Repo) + } + + return secretBackend.UpdateRepository(ctx, r) +} + func (db *db) DeleteRepository(ctx context.Context, repoURL, project string) error { secretsBackend := db.repoBackend() exists, err := secretsBackend.RepositoryExists(ctx, repoURL, project, false) @@ -216,6 +285,20 @@ func (db *db) DeleteRepository(ctx context.Context, repoURL, project string) err return status.Errorf(codes.NotFound, "repo '%s' not found", repoURL) } +func (db *db) DeleteWriteRepository(ctx context.Context, repoURL, project string) error { + secretsBackend := db.repoWriteBackend() + exists, err := secretsBackend.RepositoryExists(ctx, repoURL, project, false) + if err != nil { + return err + } + + if !exists { + return status.Errorf(codes.NotFound, "repo '%s' not found", repoURL) + } + + return secretsBackend.DeleteRepository(ctx, repoURL, project) +} + // ListRepositoryCredentials returns a list of URLs that contain repo credential sets func (db *db) ListRepositoryCredentials(ctx context.Context) ([]string, error) { // TODO It would be nice to check for duplicates between secret and legacy repositories and make it so that @@ -234,6 +317,15 @@ func (db *db) ListRepositoryCredentials(ctx context.Context) ([]string, error) { return append(secretRepoCreds, legacyRepoCreds...), nil } +// ListWriteRepositoryCredentials returns a list of URLs that contain repo write credential sets +func (db *db) ListWriteRepositoryCredentials(ctx context.Context) ([]string, error) { + secretRepoCreds, err := db.repoWriteBackend().ListRepoCreds(ctx) + if err != nil { + return nil, err + } + return secretRepoCreds, nil +} + // GetRepositoryCredentials retrieves a repository credential set func (db *db) GetRepositoryCredentials(ctx context.Context, repoURL string) (*appsv1.RepoCreds, error) { secretsBackend := db.repoBackend() @@ -263,6 +355,31 @@ func (db *db) GetRepositoryCredentials(ctx context.Context, repoURL string) (*ap return nil, nil } +// GetWriteRepositoryCredentials retrieves a repository write credential set +func (db *db) GetWriteRepositoryCredentials(ctx context.Context, repoURL string) (*appsv1.RepoCreds, error) { + secretBackend := db.repoWriteBackend() + exists, err := secretBackend.RepoCredsExists(ctx, repoURL) + if err != nil { + return nil, fmt.Errorf("unable to check if repository write credentials for %q exists from secrets backend: %w", repoURL, err) + } + + if !exists { + return nil, nil + } + + // TODO: enrich with write credentials. + //if err := db.enrichCredsToRepo(ctx, repository); err != nil { + // return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err) + //} + + creds, err := secretBackend.GetRepoCreds(ctx, repoURL) + if err != nil { + return nil, fmt.Errorf("unable to get repository write credentials for %q from secrets backend: %w", repoURL, err) + } + + return creds, nil +} + // GetAllHelmRepositoryCredentials retrieves all repository credentials func (db *db) GetAllHelmRepositoryCredentials(ctx context.Context) ([]*appsv1.RepoCreds, error) { // TODO It would be nice to check for duplicates between secret and legacy repositories and make it so that @@ -302,6 +419,21 @@ func (db *db) CreateRepositoryCredentials(ctx context.Context, r *appsv1.RepoCre return secretBackend.CreateRepoCreds(ctx, r) } +// CreateWriteRepositoryCredentials creates a repository write credential set +func (db *db) CreateWriteRepositoryCredentials(ctx context.Context, r *appsv1.RepoCreds) (*appsv1.RepoCreds, error) { + secretBackend := db.repoWriteBackend() + secretExists, err := secretBackend.RepoCredsExists(ctx, r.URL) + if err != nil { + return nil, err + } + + if secretExists { + return nil, status.Errorf(codes.AlreadyExists, "write repository credentials %q already exists", r.URL) + } + + return secretBackend.CreateRepoCreds(ctx, r) +} + // UpdateRepositoryCredentials updates a repository credential set func (db *db) UpdateRepositoryCredentials(ctx context.Context, r *appsv1.RepoCreds) (*appsv1.RepoCreds, error) { secretsBackend := db.repoBackend() @@ -323,6 +455,21 @@ func (db *db) UpdateRepositoryCredentials(ctx context.Context, r *appsv1.RepoCre return nil, status.Errorf(codes.NotFound, "repository credentials '%s' not found", r.URL) } +// UpdateWriteRepositoryCredentials updates a repository write credential set +func (db *db) UpdateWriteRepositoryCredentials(ctx context.Context, r *appsv1.RepoCreds) (*appsv1.RepoCreds, error) { + secretBackend := db.repoWriteBackend() + exists, err := secretBackend.RepoCredsExists(ctx, r.URL) + if err != nil { + return nil, err + } + + if !exists { + return nil, status.Errorf(codes.NotFound, "write repository credentials '%s' not found", r.URL) + } + + return secretBackend.UpdateRepoCreds(ctx, r) +} + // DeleteRepositoryCredentials deletes a repository credential set from config, and // also all the secrets which actually contained the credentials. func (db *db) DeleteRepositoryCredentials(ctx context.Context, name string) error { @@ -345,6 +492,19 @@ func (db *db) DeleteRepositoryCredentials(ctx context.Context, name string) erro return status.Errorf(codes.NotFound, "repository credentials '%s' not found", name) } +// DeleteWriteRepositoryCredentials deletes a repository write credential set from config, and +// also all the secrets which actually contained the credentials. +func (db *db) DeleteWriteRepositoryCredentials(ctx context.Context, name string) error { + secretBackend := db.repoWriteBackend() + exists, err := secretBackend.RepoCredsExists(ctx, name) + if err != nil { + return err + } else if exists { + return secretBackend.DeleteRepoCreds(ctx, name) + } + return status.Errorf(codes.NotFound, "write repository credentials '%s' not found", name) +} + func (db *db) enrichCredsToRepos(ctx context.Context, repositories []*appsv1.Repository) error { for _, repository := range repositories { if err := db.enrichCredsToRepo(ctx, repository); err != nil { @@ -358,6 +518,10 @@ func (db *db) repoBackend() repositoryBackend { return &secretsRepositoryBackend{db: db} } +func (db *db) repoWriteBackend() repositoryBackend { + return &secretsRepositoryBackend{db: db, writeCreds: true} +} + func (db *db) legacyRepoBackend() repositoryBackend { return &legacyRepositoryBackend{db: db} } diff --git a/util/db/repository_secrets.go b/util/db/repository_secrets.go index c4ed8396764bb..1897e54d6dcf3 100644 --- a/util/db/repository_secrets.go +++ b/util/db/repository_secrets.go @@ -21,6 +21,8 @@ var _ repositoryBackend = &secretsRepositoryBackend{} type secretsRepositoryBackend struct { db *db + // If true, the backend will manage write only credentials. If false, it will manage only read credentials. + writeCreds bool } func (s *secretsRepositoryBackend) CreateRepository(ctx context.Context, repository *appsv1.Repository) (*appsv1.Repository, error) { @@ -32,7 +34,7 @@ func (s *secretsRepositoryBackend) CreateRepository(ctx context.Context, reposit }, } - repositoryToSecret(repository, repositorySecret) + s.repositoryToSecret(repository, repositorySecret) _, err := s.db.createSecret(ctx, repositorySecret) if err != nil { @@ -102,7 +104,7 @@ func (s *secretsRepositoryBackend) GetRepository(ctx context.Context, repoURL, p func (s *secretsRepositoryBackend) ListRepositories(ctx context.Context, repoType *string) ([]*appsv1.Repository, error) { var repos []*appsv1.Repository - secrets, err := s.db.listSecretsByType(common.LabelValueSecretTypeRepository) + secrets, err := s.db.listSecretsByType(s.getSecretType()) if err != nil { return nil, err } @@ -141,7 +143,7 @@ func (s *secretsRepositoryBackend) UpdateRepository(ctx context.Context, reposit return nil, err } - repositoryToSecret(repository, repositorySecret) + s.repositoryToSecret(repository, repositorySecret) _, err = s.db.kubeclientset.CoreV1().Secrets(s.db.ns).Update(ctx, repositorySecret, metav1.UpdateOptions{}) if err != nil { @@ -362,7 +364,7 @@ func secretToRepository(secret *corev1.Secret) (*appsv1.Repository, error) { return repository, nil } -func repositoryToSecret(repository *appsv1.Repository, secret *corev1.Secret) { +func (s *secretsRepositoryBackend) repositoryToSecret(repository *appsv1.Repository, secret *corev1.Secret) { if secret.Data == nil { secret.Data = make(map[string][]byte) } @@ -388,7 +390,7 @@ func repositoryToSecret(repository *appsv1.Repository, secret *corev1.Secret) { updateSecretString(secret, "noProxy", repository.NoProxy) updateSecretString(secret, "gcpServiceAccountKey", repository.GCPServiceAccountKey) updateSecretBool(secret, "forceHttpBasicAuth", repository.ForceHttpBasicAuth) - addSecretMetadata(secret, common.LabelValueSecretTypeRepository) + addSecretMetadata(secret, s.getSecretType()) } func (s *secretsRepositoryBackend) secretToRepoCred(secret *corev1.Secret) (*appsv1.RepoCreds, error) { @@ -459,7 +461,7 @@ func repoCredsToSecret(repoCreds *appsv1.RepoCreds, secret *corev1.Secret) { } func (s *secretsRepositoryBackend) getRepositorySecret(repoURL, project string, allowFallback bool) (*corev1.Secret, error) { - secrets, err := s.db.listSecretsByType(common.LabelValueSecretTypeRepository) + secrets, err := s.db.listSecretsByType(s.getSecretType()) if err != nil { return nil, fmt.Errorf("failed to list repository secrets: %w", err) } @@ -524,3 +526,10 @@ func (s *secretsRepositoryBackend) getRepositoryCredentialIndex(repoCredentials } return idx } + +func (s *secretsRepositoryBackend) getSecretType() string { + if s.writeCreds { + return common.LabelValueSecretTypeRepositoryWrite + } + return common.LabelValueSecretTypeRepository +} diff --git a/util/db/repository_secrets_test.go b/util/db/repository_secrets_test.go index 0a74a9806f5cb..e484999f884e7 100644 --- a/util/db/repository_secrets_test.go +++ b/util/db/repository_secrets_test.go @@ -83,7 +83,8 @@ func TestSecretsRepositoryBackend_CreateRepository(t *testing.T) { // given t.Parallel() secret := &corev1.Secret{} - repositoryToSecret(repo, secret) + s := secretsRepositoryBackend{} + s.repositoryToSecret(repo, secret) delete(secret.Labels, common.LabelKeySecretType) f := setupWithK8sObjects(secret) f.clientSet.ReactionChain = nil @@ -119,7 +120,8 @@ func TestSecretsRepositoryBackend_CreateRepository(t *testing.T) { Namespace: "default", }, } - repositoryToSecret(repo, secret) + s := secretsRepositoryBackend{} + s.repositoryToSecret(repo, secret) f := setupWithK8sObjects(secret) f.clientSet.ReactionChain = nil f.clientSet.WatchReactionChain = nil @@ -682,7 +684,7 @@ func TestSecretsRepositoryBackend_GetRepoCreds(t *testing.T) { repoCred, err := testee.GetRepoCreds(context.TODO(), "git@github.com:argoproj") require.NoError(t, err) - assert.NotNil(t, repoCred) + require.NotNil(t, repoCred) assert.Equal(t, "git@github.com:argoproj", repoCred.URL) assert.Equal(t, "someUsername", repoCred.Username) assert.Equal(t, "somePassword", repoCred.Password) diff --git a/util/dex/dex.go b/util/dex/dex.go index 34b3c552f32be..5c417f73293cb 100644 --- a/util/dex/dex.go +++ b/util/dex/dex.go @@ -88,7 +88,7 @@ func NewDexHTTPReverseProxy(serverAddr string, baseHRef string, tlsConfig *DexTL }).Errorf("received error from dex: %s", string(b)) resp.ContentLength = 0 resp.Header.Set("Content-Length", strconv.Itoa(0)) - resp.Header.Set("Location", fmt.Sprintf("%s?has_sso_error=true", path.Join(baseHRef, "login"))) + resp.Header.Set("Location", path.Join(baseHRef, "login")+"?has_sso_error=true") resp.StatusCode = http.StatusSeeOther resp.Body = io.NopCloser(bytes.NewReader(make([]byte, 0))) return nil diff --git a/util/env/env.go b/util/env/env.go index e9c2ff41d393e..686ef8089154c 100644 --- a/util/env/env.go +++ b/util/env/env.go @@ -7,8 +7,6 @@ import ( "strings" "time" - timeutil "github.com/argoproj/pkg/time" - log "github.com/sirupsen/logrus" ) @@ -133,13 +131,12 @@ func ParseDurationFromEnv(env string, defaultValue, min, max time.Duration) time if str == "" { return defaultValue } - durPtr, err := timeutil.ParseDuration(str) + dur, err := time.ParseDuration(str) if err != nil { log.Warnf("Could not parse '%s' as a duration string from environment %s", str, env) return defaultValue } - dur := *durPtr if dur < min { log.Warnf("Value in %s is %s, which is less than minimum %s allowed", env, dur, min) return defaultValue diff --git a/util/env/env_test.go b/util/env/env_test.go index 5be065908084d..48da08b0668f2 100644 --- a/util/env/env_test.go +++ b/util/env/env_test.go @@ -115,6 +115,10 @@ func TestParseDurationFromEnv(t *testing.T) { name: "ValidValueSet", env: "2s", expected: time.Second * 2, + }, { + name: "ValidValueSetMs", + env: "2500ms", + expected: time.Millisecond * 2500, }, { name: "MoreThanMaxSet", env: "6s", diff --git a/util/git/client.go b/util/git/client.go index 81bc87f081e43..76160204fcd71 100644 --- a/util/git/client.go +++ b/util/git/client.go @@ -69,7 +69,7 @@ type Client interface { Init() error Fetch(revision string) error Submodule() error - Checkout(revision string, submoduleEnabled bool) error + Checkout(revision string, submoduleEnabled bool) (string, error) LsRefs() (*Refs, error) LsRemote(revision string) (string, error) LsFiles(path string, enableNewGitFileGlobbing bool) ([]string, error) @@ -80,11 +80,23 @@ type Client interface { IsAnnotatedTag(string) bool ChangedFiles(revision string, targetRevision string) ([]string, error) IsRevisionPresent(revision string) bool + // SetAuthor sets the author name and email in the git configuration. + SetAuthor(name, email string) (string, error) + // CheckoutOrOrphan checks out the branch. If the branch does not exist, it creates an orphan branch. + CheckoutOrOrphan(branch string, submoduleEnabled bool) (string, error) + // CheckoutOrNew checks out the given branch. If the branch does not exist, it creates an empty branch based on + // the base branch. + CheckoutOrNew(branch, base string, submoduleEnabled bool) (string, error) + // RemoveContents removes all files from the git repository. + RemoveContents() (string, error) + // CommitAndPush commits and pushes changes to the target branch. + CommitAndPush(branch, message string) (string, error) } type EventHandlers struct { OnLsRemote func(repo string) func() OnFetch func(repo string) func() + OnPush func(repo string) func() } // nativeGitClient implements Client interface using git CLI @@ -459,43 +471,43 @@ func (m *nativeGitClient) Submodule() error { return nil } -// Checkout checkout specified revision -func (m *nativeGitClient) Checkout(revision string, submoduleEnabled bool) error { +// Checkout checks out the specified revision +func (m *nativeGitClient) Checkout(revision string, submoduleEnabled bool) (string, error) { if revision == "" || revision == "HEAD" { revision = "origin/HEAD" } - if _, err := m.runCmd("checkout", "--force", revision); err != nil { - return err + if out, err := m.runCmd("checkout", "--force", revision); err != nil { + return out, fmt.Errorf("failed to checkout %s: %w", revision, err) } // We must populate LFS content by using lfs checkout, if we have at least // one LFS reference in the current revision. if m.IsLFSEnabled() { if largeFiles, err := m.LsLargeFiles(); err == nil { if len(largeFiles) > 0 { - if _, err := m.runCmd("lfs", "checkout"); err != nil { - return err + if out, err := m.runCmd("lfs", "checkout"); err != nil { + return out, fmt.Errorf("failed to checkout LFS files: %w", err) } } } else { - return err + return "", fmt.Errorf("failed to list LFS files: %w", err) } } if _, err := os.Stat(m.root + "/.gitmodules"); !os.IsNotExist(err) { if submoduleEnabled { if err := m.Submodule(); err != nil { - return err + return "", fmt.Errorf("failed to update submodules: %w", err) } } } // NOTE // The double “f” in the arguments is not a typo: the first “f” tells // `git clean` to delete untracked files and directories, and the second “f” - // tells it to clean untractked nested Git repositories (for example a + // tells it to clean untracked nested Git repositories (for example a // submodule which has since been removed). - if _, err := m.runCmd("clean", "-ffdx"); err != nil { - return err + if out, err := m.runCmd("clean", "-ffdx"); err != nil { + return out, fmt.Errorf("failed to clean: %w", err) } - return nil + return "", nil } func (m *nativeGitClient) getRefs() ([]*plumbing.Reference, error) { @@ -624,7 +636,7 @@ func (m *nativeGitClient) lsRemote(revision string) (string, error) { refs, err := m.getRefs() if err != nil { - return "", err + return "", fmt.Errorf("failed to list refs: %w", err) } if revision == "" { @@ -811,10 +823,127 @@ func (m *nativeGitClient) ChangedFiles(revision string, targetRevision string) ( return files, nil } +// config runs a git config command. +func (m *nativeGitClient) config(args ...string) (string, error) { + args = append([]string{"config"}, args...) + out, err := m.runCmd(args...) + if err != nil { + return out, fmt.Errorf("failed to run git config: %w", err) + } + return out, nil +} + +// SetAuthor sets the author name and email in the git configuration. +func (m *nativeGitClient) SetAuthor(name, email string) (string, error) { + if name != "" { + out, err := m.config("--local", "user.name", name) + if err != nil { + return out, err + } + } + if email != "" { + out, err := m.config("--local", "user.email", email) + if err != nil { + return out, err + } + } + return "", nil +} + +// CheckoutOrOrphan checks out the branch. If the branch does not exist, it creates an orphan branch. +func (m *nativeGitClient) CheckoutOrOrphan(branch string, submoduleEnabled bool) (string, error) { + out, err := m.Checkout(branch, submoduleEnabled) + if err != nil { + // If the branch doesn't exist, create it as an orphan branch. + if strings.Contains(err.Error(), "did not match any file(s) known to git") { + out, err = m.runCmd("switch", "--orphan", branch) + if err != nil { + return out, fmt.Errorf("failed to create orphan branch: %w", err) + } + } else { + return out, fmt.Errorf("failed to checkout branch: %w", err) + } + + // Make an empty initial commit. + out, err = m.runCmd("commit", "--allow-empty", "-m", "Initial commit") + if err != nil { + return out, fmt.Errorf("failed to commit initial commit: %w", err) + } + + // Push the commit. + err = m.runCredentialedCmd("push", "origin", branch) + if err != nil { + return "", fmt.Errorf("failed to push to branch: %w", err) + } + } + return "", nil +} + +// CheckoutOrNew checks out the given branch. If the branch does not exist, it creates an empty branch based on +// the base branch. +func (m *nativeGitClient) CheckoutOrNew(branch, base string, submoduleEnabled bool) (string, error) { + out, err := m.Checkout(branch, submoduleEnabled) + if err != nil { + if strings.Contains(err.Error(), "did not match any file(s) known to git") { + // If the branch does not exist, create any empty branch based on the sync branch + // First, checkout the sync branch. + out, err = m.Checkout(base, submoduleEnabled) + if err != nil { + return out, fmt.Errorf("failed to checkout sync branch: %w", err) + } + + out, err = m.runCmd("checkout", "-b", branch) + if err != nil { + return out, fmt.Errorf("failed to create branch: %w", err) + } + } else { + return out, fmt.Errorf("failed to checkout branch: %w", err) + } + } + return "", nil +} + +// RemoveContents removes all files from the git repository. +func (m *nativeGitClient) RemoveContents() (string, error) { + out, err := m.runCmd("rm", "-r", "--ignore-unmatch", ".") + if err != nil { + return out, fmt.Errorf("failed to clear repo contents: %w", err) + } + return "", nil +} + +// CommitAndPush commits and pushes changes to the target branch. +func (m *nativeGitClient) CommitAndPush(branch, message string) (string, error) { + out, err := m.runCmd("add", ".") + if err != nil { + return out, fmt.Errorf("failed to add files: %w", err) + } + + out, err = m.runCmd("commit", "-m", message) + if err != nil { + if strings.Contains(out, "nothing to commit, working tree clean") { + return out, nil + } + return out, fmt.Errorf("failed to commit: %w", err) + } + + if m.OnPush != nil { + done := m.OnPush(m.repoURL) + defer done() + } + + err = m.runCredentialedCmd("push", "origin", branch) + if err != nil { + return "", fmt.Errorf("failed to push: %w", err) + } + + return "", nil +} + // runWrapper runs a custom command with all the semantics of running the Git client func (m *nativeGitClient) runGnuPGWrapper(wrapper string, args ...string) (string, error) { cmd := exec.Command(wrapper, args...) - cmd.Env = append(cmd.Env, fmt.Sprintf("GNUPGHOME=%s", common.GetGnuPGHomePath()), "LANG=C") + cmd.Env = append(cmd.Env, "GNUPGHOME="+common.GetGnuPGHomePath(), "LANG=C") return m.runCmdOutput(cmd, runOpts{}) } @@ -836,8 +965,8 @@ func (m *nativeGitClient) runCredentialedCmd(args ...string) error { // If a basic auth header is explicitly set, tell Git to send it to the // server to force use of basic auth instead of negotiating the auth scheme for _, e := range environ { - if strings.HasPrefix(e, fmt.Sprintf("%s=", forceBasicAuthHeaderEnv)) { - args = append([]string{"--config-env", fmt.Sprintf("http.extraHeader=%s", forceBasicAuthHeaderEnv)}, args...) + if strings.HasPrefix(e, forceBasicAuthHeaderEnv+"=") { + args = append([]string{"--config-env", "http.extraHeader=" + forceBasicAuthHeaderEnv}, args...) } } @@ -850,7 +979,7 @@ func (m *nativeGitClient) runCredentialedCmd(args ...string) error { func (m *nativeGitClient) runCmdOutput(cmd *exec.Cmd, ropts runOpts) (string, error) { cmd.Dir = m.root cmd.Env = append(os.Environ(), cmd.Env...) - // Set $HOME to nowhere, so we can be execute Git regardless of any external + // Set $HOME to nowhere, so we can execute Git regardless of any external // authentication keys (e.g. in ~/.ssh) -- this is especially important for // running tests on local machines and/or CircleCI. cmd.Env = append(cmd.Env, "HOME=/dev/null") @@ -873,7 +1002,7 @@ func (m *nativeGitClient) runCmdOutput(cmd *exec.Cmd, ropts runOpts) (string, er } else { caPath, err := certutil.GetCertBundlePathForRepository(parsedURL.Host) if err == nil && caPath != "" { - cmd.Env = append(cmd.Env, fmt.Sprintf("GIT_SSL_CAINFO=%s", caPath)) + cmd.Env = append(cmd.Env, "GIT_SSL_CAINFO="+caPath) } } } diff --git a/util/git/client_test.go b/util/git/client_test.go index a953e8bf214e1..497c32fc0a9d3 100644 --- a/util/git/client_test.go +++ b/util/git/client_test.go @@ -1,11 +1,11 @@ package git import ( - "fmt" "os" "os/exec" "path" "path/filepath" + "strings" "testing" "time" @@ -21,6 +21,13 @@ func runCmd(workingDir string, name string, args ...string) error { return cmd.Run() } +func outputCmd(workingDir string, name string, args ...string) ([]byte, error) { + cmd := exec.Command(name, args...) + cmd.Dir = workingDir + cmd.Stderr = os.Stderr + return cmd.Output() +} + func _createEmptyGitRepo() (string, error) { tempDir, err := os.MkdirTemp("", "") if err != nil { @@ -40,7 +47,7 @@ func Test_nativeGitClient_Fetch(t *testing.T) { tempDir, err := _createEmptyGitRepo() require.NoError(t, err) - client, err := NewClient(fmt.Sprintf("file://%s", tempDir), NopCreds{}, true, false, "", "") + client, err := NewClient("file://"+tempDir, NopCreds{}, true, false, "", "") require.NoError(t, err) err = client.Init() @@ -54,7 +61,7 @@ func Test_nativeGitClient_Fetch_Prune(t *testing.T) { tempDir, err := _createEmptyGitRepo() require.NoError(t, err) - client, err := NewClient(fmt.Sprintf("file://%s", tempDir), NopCreds{}, true, false, "", "") + client, err := NewClient("file://"+tempDir, NopCreds{}, true, false, "", "") require.NoError(t, err) err = client.Init() @@ -77,7 +84,7 @@ func Test_nativeGitClient_Fetch_Prune(t *testing.T) { func Test_IsAnnotatedTag(t *testing.T) { tempDir := t.TempDir() - client, err := NewClient(fmt.Sprintf("file://%s", tempDir), NopCreds{}, true, false, "", "") + client, err := NewClient("file://"+tempDir, NopCreds{}, true, false, "", "") require.NoError(t, err) err = client.Init() @@ -122,7 +129,7 @@ func Test_IsAnnotatedTag(t *testing.T) { func Test_ChangedFiles(t *testing.T) { tempDir := t.TempDir() - client, err := NewClientExt(fmt.Sprintf("file://%s", tempDir), tempDir, NopCreds{}, true, false, "", "") + client, err := NewClientExt("file://"+tempDir, tempDir, NopCreds{}, true, false, "", "") require.NoError(t, err) err = client.Init() @@ -177,7 +184,7 @@ func Test_ChangedFiles(t *testing.T) { func Test_SemverTags(t *testing.T) { tempDir := t.TempDir() - client, err := NewClientExt(fmt.Sprintf("file://%s", tempDir), tempDir, NopCreds{}, true, false, "", "") + client, err := NewClientExt("file://"+tempDir, tempDir, NopCreds{}, true, false, "", "") require.NoError(t, err) err = client.Init() @@ -352,7 +359,7 @@ func Test_nativeGitClient_Submodule(t *testing.T) { err = runCmd(tempDir, "git", "clone", foo) require.NoError(t, err) - client, err := NewClient(fmt.Sprintf("file://%s", foo), NopCreds{}, true, false, "", "") + client, err := NewClient("file://"+foo, NopCreds{}, true, false, "", "") require.NoError(t, err) err = client.Init() @@ -365,7 +372,7 @@ func Test_nativeGitClient_Submodule(t *testing.T) { require.NoError(t, err) // Call Checkout() with submoduleEnabled=false. - err = client.Checkout(commitSHA, false) + _, err = client.Checkout(commitSHA, false) require.NoError(t, err) // Check if submodule url does not exist in .git/config @@ -373,7 +380,7 @@ func Test_nativeGitClient_Submodule(t *testing.T) { require.Error(t, err) // Call Submodule() via Checkout() with submoduleEnabled=true. - err = client.Checkout(commitSHA, true) + _, err = client.Checkout(commitSHA, true) require.NoError(t, err) // Check if the .gitmodule URL is reflected in .git/config @@ -408,7 +415,7 @@ func TestNewClient_invalidSSHURL(t *testing.T) { func Test_IsRevisionPresent(t *testing.T) { tempDir := t.TempDir() - client, err := NewClientExt(fmt.Sprintf("file://%s", tempDir), tempDir, NopCreds{}, true, false, "", "") + client, err := NewClientExt("file://"+tempDir, tempDir, NopCreds{}, true, false, "", "") require.NoError(t, err) err = client.Init() @@ -442,7 +449,7 @@ func Test_IsRevisionPresent(t *testing.T) { func Test_nativeGitClient_RevisionMetadata(t *testing.T) { tempDir := t.TempDir() - client, err := NewClient(fmt.Sprintf("file://%s", tempDir), NopCreds{}, true, false, "", "") + client, err := NewClient("file://"+tempDir, NopCreds{}, true, false, "", "") require.NoError(t, err) err = client.Init() @@ -479,3 +486,353 @@ func Test_nativeGitClient_RevisionMetadata(t *testing.T) { Message: "| Initial commit |\n\n(╯°□°)╯︵ ┻━┻", }, metadata) } + +func Test_nativeGitClient_SetAuthor(t *testing.T) { + expectedName := "Tester" + expectedEmail := "test@example.com" + + tempDir, err := _createEmptyGitRepo() + require.NoError(t, err) + + client, err := NewClient("file://"+tempDir, NopCreds{}, true, false, "", "") + require.NoError(t, err) + + err = client.Init() + require.NoError(t, err) + + out, err := client.SetAuthor(expectedName, expectedEmail) + require.NoError(t, err, "error output: ", out) + + // Check git user.name + gitUserName, err := outputCmd(client.Root(), "git", "config", "--local", "user.name") + require.NoError(t, err) + actualName := strings.TrimSpace(string(gitUserName)) + require.Equal(t, expectedName, actualName) + + // Check git user.email + gitUserEmail, err := outputCmd(client.Root(), "git", "config", "--local", "user.email") + require.NoError(t, err) + actualEmail := strings.TrimSpace(string(gitUserEmail)) + require.Equal(t, expectedEmail, actualEmail) +} + +func Test_nativeGitClient_CheckoutOrOrphan(t *testing.T) { + t.Run("checkout to an existing branch", func(t *testing.T) { + // not main or master + expectedBranch := "feature" + + tempDir, err := _createEmptyGitRepo() + require.NoError(t, err) + + client, err := NewClientExt("file://"+tempDir, tempDir, NopCreds{}, true, false, "", "") + require.NoError(t, err) + + err = client.Init() + require.NoError(t, err) + + // set the author for the initial commit of the orphan branch + out, err := client.SetAuthor("test", "test@example.com") + require.NoError(t, err, "error output: %s", out) + + // get base branch + gitCurrentBranch, err := outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + baseBranch := strings.TrimSpace(string(gitCurrentBranch)) + + // get base commit + gitCurrentCommitHash, err := outputCmd(tempDir, "git", "rev-parse", "HEAD") + require.NoError(t, err) + expectedCommitHash := strings.TrimSpace(string(gitCurrentCommitHash)) + + // make expected branch + err = runCmd(tempDir, "git", "checkout", "-b", expectedBranch) + require.NoError(t, err) + + // checkout to base branch, ready to test + err = runCmd(tempDir, "git", "checkout", baseBranch) + require.NoError(t, err) + + out, err = client.CheckoutOrOrphan(expectedBranch, false) + require.NoError(t, err, "error output: ", out) + + // get current branch, verify current branch + gitCurrentBranch, err = outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + actualBranch := strings.TrimSpace(string(gitCurrentBranch)) + require.Equal(t, expectedBranch, actualBranch) + + // get current commit hash, verify current commit hash + // equal -> not orphan + gitCurrentCommitHash, err = outputCmd(tempDir, "git", "rev-parse", "HEAD") + require.NoError(t, err) + actualCommitHash := strings.TrimSpace(string(gitCurrentCommitHash)) + require.Equal(t, expectedCommitHash, actualCommitHash) + }) + + t.Run("orphan", func(t *testing.T) { + // not main or master + expectedBranch := "feature" + + // make origin git repository + tempDir, err := _createEmptyGitRepo() + require.NoError(t, err) + originGitRepoUrl := "file://" + tempDir + err = runCmd(tempDir, "git", "commit", "-m", "Second commit", "--allow-empty") + require.NoError(t, err) + + // get base branch + gitCurrentBranch, err := outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + baseBranch := strings.TrimSpace(string(gitCurrentBranch)) + + // make test dir + tempDir, err = os.MkdirTemp("", "") + require.NoError(t, err) + + client, err := NewClientExt(originGitRepoUrl, tempDir, NopCreds{}, true, false, "", "") + require.NoError(t, err) + + err = client.Init() + require.NoError(t, err) + + // set the author for the initial commit of the orphan branch + out, err := client.SetAuthor("test", "test@example.com") + require.NoError(t, err, "error output: %s", out) + + err = client.Fetch("") + require.NoError(t, err) + + // checkout to origin base branch + err = runCmd(tempDir, "git", "checkout", baseBranch) + require.NoError(t, err) + + // get base commit + gitCurrentCommitHash, err := outputCmd(tempDir, "git", "rev-parse", "HEAD") + require.NoError(t, err) + baseCommitHash := strings.TrimSpace(string(gitCurrentCommitHash)) + + out, err = client.CheckoutOrOrphan(expectedBranch, false) + require.NoError(t, err, "error output: ", out) + + // get current branch, verify current branch + gitCurrentBranch, err = outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + actualBranch := strings.TrimSpace(string(gitCurrentBranch)) + require.Equal(t, expectedBranch, actualBranch) + + // check orphan branch + + // get current commit hash, verify current commit hash + // not equal -> orphan + gitCurrentCommitHash, err = outputCmd(tempDir, "git", "rev-parse", "HEAD") + require.NoError(t, err) + currentCommitHash := strings.TrimSpace(string(gitCurrentCommitHash)) + require.NotEqual(t, baseCommitHash, currentCommitHash) + + // get commit count on current branch, verify 1 -> orphan + gitCommitCount, err := outputCmd(tempDir, "git", "rev-list", "--count", actualBranch) + require.NoError(t, err) + require.Equal(t, "1", strings.TrimSpace(string(gitCommitCount))) + }) +} + +func Test_nativeGitClient_CheckoutOrNew(t *testing.T) { + t.Run("checkout to an existing branch", func(t *testing.T) { + // Example status + // * 57aef63 (feature) Second commit + // * a4fad22 (main) Initial commit + + // Test scenario + // given : main branch (w/ Initial commit) + // when : try to check out [main -> feature] + // then : feature branch (w/ Second commit) + + // not main or master + expectedBranch := "feature" + + tempDir, err := _createEmptyGitRepo() + require.NoError(t, err) + + client, err := NewClientExt("file://"+tempDir, tempDir, NopCreds{}, true, false, "", "") + require.NoError(t, err) + + err = client.Init() + require.NoError(t, err) + + out, err := client.SetAuthor("test", "test@example.com") + require.NoError(t, err, "error output: %s", out) + + // get base branch + gitCurrentBranch, err := outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + baseBranch := strings.TrimSpace(string(gitCurrentBranch)) + + // make expected branch + err = runCmd(tempDir, "git", "checkout", "-b", expectedBranch) + require.NoError(t, err) + + // make expected commit + err = runCmd(tempDir, "git", "commit", "-m", "Second commit", "--allow-empty") + require.NoError(t, err) + + // get expected commit + expectedCommitHash, err := client.CommitSHA() + require.NoError(t, err) + + // checkout to base branch, ready to test + err = runCmd(tempDir, "git", "checkout", baseBranch) + require.NoError(t, err) + + out, err = client.CheckoutOrNew(expectedBranch, baseBranch, false) + require.NoError(t, err, "error output: ", out) + + // get current branch, verify current branch + gitCurrentBranch, err = outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + actualBranch := strings.TrimSpace(string(gitCurrentBranch)) + require.Equal(t, expectedBranch, actualBranch) + + // get current commit hash, verify current commit hash + actualCommitHash, err := client.CommitSHA() + require.NoError(t, err) + require.Equal(t, expectedCommitHash, actualCommitHash) + }) + + t.Run("new", func(t *testing.T) { + // Test scenario + // given : main branch (w/ Initial commit) + // * a4fad22 (main) Initial commit + // when : try to check out [main -> feature] + // then : feature branch (w/ Initial commit) + // * a4fad22 (feature, main) Initial commit + + // not main or master + expectedBranch := "feature" + + tempDir, err := _createEmptyGitRepo() + require.NoError(t, err) + + client, err := NewClientExt("file://"+tempDir, tempDir, NopCreds{}, true, false, "", "") + require.NoError(t, err) + + err = client.Init() + require.NoError(t, err) + + out, err := client.SetAuthor("test", "test@example.com") + require.NoError(t, err, "error output: %s", out) + + // get base branch + gitCurrentBranch, err := outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + baseBranch := strings.TrimSpace(string(gitCurrentBranch)) + + // get expected commit + expectedCommitHash, err := client.CommitSHA() + require.NoError(t, err) + + out, err = client.CheckoutOrNew(expectedBranch, baseBranch, false) + require.NoError(t, err, "error output: ", out) + + // get current branch, verify current branch + gitCurrentBranch, err = outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + actualBranch := strings.TrimSpace(string(gitCurrentBranch)) + require.Equal(t, expectedBranch, actualBranch) + + // get current commit hash, verify current commit hash + actualCommitHash, err := client.CommitSHA() + require.NoError(t, err) + require.Equal(t, expectedCommitHash, actualCommitHash) + }) +} + +func Test_nativeGitClient_RemoveContents(t *testing.T) { + // Example status + // 2 files : + // * /README.md + // * /scripts/startup.sh + + // given + tempDir, err := _createEmptyGitRepo() + require.NoError(t, err) + + client, err := NewClient("file://"+tempDir, NopCreds{}, true, false, "", "") + require.NoError(t, err) + + err = client.Init() + require.NoError(t, err) + + out, err := client.SetAuthor("test", "test@example.com") + require.NoError(t, err, "error output: ", out) + + err = runCmd(client.Root(), "touch", "README.md") + require.NoError(t, err) + + err = runCmd(client.Root(), "mkdir", "scripts") + require.NoError(t, err) + + err = runCmd(client.Root(), "touch", "scripts/startup.sh") + require.NoError(t, err) + + err = runCmd(client.Root(), "git", "add", "--all") + require.NoError(t, err) + + err = runCmd(client.Root(), "git", "commit", "-m", "Make files") + require.NoError(t, err) + + // when + out, err = client.RemoveContents() + require.NoError(t, err, "error output: ", out) + + // then + ls, err := outputCmd(client.Root(), "ls", "-l") + require.NoError(t, err) + require.Equal(t, "total 0", strings.TrimSpace(string(ls))) +} + +func Test_nativeGitClient_CommitAndPush(t *testing.T) { + tempDir, err := _createEmptyGitRepo() + require.NoError(t, err) + + // config receive.denyCurrentBranch updateInstead + // because local git init make a non-bare repository which cannot be pushed normally + err = runCmd(tempDir, "git", "config", "--local", "receive.denyCurrentBranch", "updateInstead") + require.NoError(t, err) + + // get branch + gitCurrentBranch, err := outputCmd(tempDir, "git", "rev-parse", "--abbrev-ref", "HEAD") + require.NoError(t, err) + branch := strings.TrimSpace(string(gitCurrentBranch)) + + client, err := NewClient("file://"+tempDir, NopCreds{}, true, false, "", "") + require.NoError(t, err) + + err = client.Init() + require.NoError(t, err) + + out, err := client.SetAuthor("test", "test@example.com") + require.NoError(t, err, "error output: ", out) + + err = client.Fetch(branch) + require.NoError(t, err) + + out, err = client.Checkout(branch, false) + require.NoError(t, err, "error output: ", out) + + // make a file then commit and push + err = runCmd(client.Root(), "touch", "README.md") + require.NoError(t, err) + + out, err = client.CommitAndPush(branch, "docs: README") + require.NoError(t, err, "error output: %s", out) + + // get current commit hash of the cloned repository + expectedCommitHash, err := client.CommitSHA() + require.NoError(t, err) + + // get origin repository's current commit hash + gitCurrentCommitHash, err := outputCmd(tempDir, "git", "rev-parse", "HEAD") + require.NoError(t, err) + actualCommitHash := strings.TrimSpace(string(gitCurrentCommitHash)) + require.Equal(t, expectedCommitHash, actualCommitHash) +} diff --git a/util/git/creds.go b/util/git/creds.go index f48b2362dc22a..19308112c9c29 100644 --- a/util/git/creds.go +++ b/util/git/creds.go @@ -9,12 +9,15 @@ import ( "errors" "fmt" "io" + "net/http" "net/url" "os" "strconv" "strings" "time" + "github.com/google/go-github/v66/github" + "golang.org/x/oauth2" "golang.org/x/oauth2/google" @@ -78,6 +81,8 @@ type CredsStore interface { type Creds interface { Environ() (io.Closer, []string, error) + // GetUserInfo gets the username and email address for the credentials, if they're available. + GetUserInfo(ctx context.Context) (string, string, error) } // nop implementation @@ -95,16 +100,24 @@ func (c NopCreds) Environ() (io.Closer, []string, error) { return NopCloser{}, nil, nil } +// GetUserInfo returns empty strings for user info +func (c NopCreds) GetUserInfo(ctx context.Context) (name string, email string, err error) { + return "", "", nil +} + var _ io.Closer = NopCloser{} type GenericHTTPSCreds interface { HasClientCert() bool GetClientCertData() string GetClientCertKey() string - Environ() (io.Closer, []string, error) + Creds } -var _ GenericHTTPSCreds = HTTPSCreds{} +var ( + _ GenericHTTPSCreds = HTTPSCreds{} + _ Creds = HTTPSCreds{} +) // HTTPS creds implementation type HTTPSCreds struct { @@ -142,6 +155,12 @@ func NewHTTPSCreds(username string, password string, clientCertData string, clie } } +// GetUserInfo returns the username and email address for the credentials, if they're available. +func (c HTTPSCreds) GetUserInfo(ctx context.Context) (string, string, error) { + // Email not implemented for HTTPS creds. + return c.username, "", nil +} + func (c HTTPSCreds) BasicAuthHeader() string { h := "Authorization: Basic " t := c.username + ":" + c.password @@ -196,7 +215,7 @@ func (c HTTPSCreds) Environ() (io.Closer, []string, error) { return NopCloser{}, nil, err } // GIT_SSL_CERT is the full path to a client certificate to be used - env = append(env, fmt.Sprintf("GIT_SSL_CERT=%s", certFile.Name())) + env = append(env, "GIT_SSL_CERT="+certFile.Name()) _, err = keyFile.WriteString(c.clientCertKey) if err != nil { @@ -204,7 +223,7 @@ func (c HTTPSCreds) Environ() (io.Closer, []string, error) { return NopCloser{}, nil, err } // GIT_SSL_KEY is the full path to a client certificate's key to be used - env = append(env, fmt.Sprintf("GIT_SSL_KEY=%s", keyFile.Name())) + env = append(env, "GIT_SSL_KEY="+keyFile.Name()) } // If at least password is set, we will set ARGOCD_BASIC_AUTH_HEADER to // hold the HTTP authorization header, so auth mechanism negotiation is @@ -232,6 +251,8 @@ func (c HTTPSCreds) GetClientCertKey() string { return c.clientCertKey } +var _ Creds = SSHCreds{} + // SSH implementation type SSHCreds struct { sshPrivateKey string @@ -246,6 +267,13 @@ func NewSSHCreds(sshPrivateKey string, caPath string, insecureIgnoreHostKey bool return SSHCreds{sshPrivateKey, caPath, insecureIgnoreHostKey, store, proxy, noProxy} } +// GetUserInfo returns empty strings for user info. +// TODO: Implement this method to return the username and email address for the credentials, if they're available. +func (c SSHCreds) GetUserInfo(ctx context.Context) (string, string, error) { + // User info not implemented for SSH creds. + return "", "", nil +} + type sshPrivateKeyFile string type authFilePaths []string @@ -295,7 +323,7 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { args := []string{"ssh", "-i", file.Name()} var env []string if c.caPath != "" { - env = append(env, fmt.Sprintf("GIT_SSL_CAINFO=%s", c.caPath)) + env = append(env, "GIT_SSL_CAINFO="+c.caPath) } if c.insecure { log.Warn("temporarily disabling strict host key checking (i.e. '-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'), please don't use in production") @@ -304,7 +332,7 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { args = append(args, "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null") } else { knownHostsFile := certutil.GetSSHKnownHostsDataPath() - args = append(args, "-o", "StrictHostKeyChecking=yes", "-o", fmt.Sprintf("UserKnownHostsFile=%s", knownHostsFile)) + args = append(args, "-o", "StrictHostKeyChecking=yes", "-o", "UserKnownHostsFile="+knownHostsFile) } // Handle SSH socks5 proxy settings proxyEnv := []string{} @@ -318,13 +346,13 @@ func (c SSHCreds) Environ() (io.Closer, []string, error) { parsedProxyURL.Hostname(), parsedProxyURL.Port())) if parsedProxyURL.User != nil { - proxyEnv = append(proxyEnv, fmt.Sprintf("SOCKS5_USER=%s", parsedProxyURL.User.Username())) + proxyEnv = append(proxyEnv, "SOCKS5_USER="+parsedProxyURL.User.Username()) if socks5_passwd, isPasswdSet := parsedProxyURL.User.Password(); isPasswdSet { - proxyEnv = append(proxyEnv, fmt.Sprintf("SOCKS5_PASSWD=%s", socks5_passwd)) + proxyEnv = append(proxyEnv, "SOCKS5_PASSWD="+socks5_passwd) } } } - env = append(env, []string{fmt.Sprintf("GIT_SSH_COMMAND=%s", strings.Join(args, " "))}...) + env = append(env, []string{"GIT_SSH_COMMAND=" + strings.Join(args, " ")}...) env = append(env, proxyEnv...) return sshCloser, env, nil } @@ -397,7 +425,7 @@ func (g GitHubAppCreds) Environ() (io.Closer, []string, error) { return NopCloser{}, nil, err } // GIT_SSL_CERT is the full path to a client certificate to be used - env = append(env, fmt.Sprintf("GIT_SSL_CERT=%s", certFile.Name())) + env = append(env, "GIT_SSL_CERT="+certFile.Name()) _, err = keyFile.WriteString(g.clientCertKey) if err != nil { @@ -405,7 +433,7 @@ func (g GitHubAppCreds) Environ() (io.Closer, []string, error) { return NopCloser{}, nil, err } // GIT_SSL_KEY is the full path to a client certificate's key to be used - env = append(env, fmt.Sprintf("GIT_SSL_KEY=%s", keyFile.Name())) + env = append(env, "GIT_SSL_KEY="+keyFile.Name()) } nonce := g.store.Add(githubAccessTokenUsername, token) env = append(env, g.store.Environ(nonce)...) @@ -415,6 +443,37 @@ func (g GitHubAppCreds) Environ() (io.Closer, []string, error) { }), env, nil } +// GetUserInfo returns the username and email address for the credentials, if they're available. +func (g GitHubAppCreds) GetUserInfo(ctx context.Context) (string, string, error) { + // We use the apps transport to get the app slug. + appTransport, err := g.getAppTransport() + if err != nil { + return "", "", fmt.Errorf("failed to create GitHub app transport: %w", err) + } + appClient := github.NewClient(&http.Client{Transport: appTransport}) + app, _, err := appClient.Apps.Get(ctx, "") + if err != nil { + return "", "", fmt.Errorf("failed to get app info: %w", err) + } + + // Then we use the installation transport to get the installation info. + appInstallTransport, err := g.getInstallationTransport() + if err != nil { + return "", "", fmt.Errorf("failed to get app installation: %w", err) + } + httpClient := http.Client{Transport: appInstallTransport} + client := github.NewClient(&httpClient) + + appLogin := app.GetSlug() + "[bot]" + user, _, err := client.Users.Get(ctx, appLogin) + if err != nil { + return "", "", fmt.Errorf("failed to get app user info: %w", err) + } + authorName := user.GetLogin() + authorEmail := fmt.Sprintf("%d+%s@users.noreply.github.com", user.GetID(), user.GetLogin()) + return authorName, authorEmail, nil +} + // getAccessToken fetches GitHub token using the app id, install id, and private key. // the token is then cached for re-use. func (g GitHubAppCreds) getAccessToken() (string, error) { @@ -422,11 +481,44 @@ func (g GitHubAppCreds) getAccessToken() (string, error) { ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second) defer cancel() + itr, err := g.getInstallationTransport() + if err != nil { + return "", fmt.Errorf("failed to create GitHub app installation transport: %w", err) + } + + return itr.Token(ctx) +} + +// getAppTransport creates a new GitHub transport for the app +func (g GitHubAppCreds) getAppTransport() (*ghinstallation.AppsTransport, error) { + // GitHub API url + baseUrl := "https://api.github.com" + if g.baseURL != "" { + baseUrl = strings.TrimSuffix(g.baseURL, "/") + } + + // Create a new GitHub transport + c := GetRepoHTTPClient(baseUrl, g.insecure, g, g.proxy, g.noProxy) + itr, err := ghinstallation.NewAppsTransport(c.Transport, + g.appID, + []byte(g.privateKey), + ) + if err != nil { + return nil, fmt.Errorf("failed to initialize GitHub installation transport: %w", err) + } + + itr.BaseURL = baseUrl + + return itr, nil +} + +// getInstallationTransport creates a new GitHub transport for the app installation +func (g GitHubAppCreds) getInstallationTransport() (*ghinstallation.Transport, error) { // Compute hash of creds for lookup in cache h := sha256.New() _, err := h.Write([]byte(fmt.Sprintf("%s %d %d %s", g.privateKey, g.appID, g.appInstallId, g.baseURL))) if err != nil { - return "", err + return nil, fmt.Errorf("failed to get get SHA256 hash for GitHub app credentials: %w", err) } key := hex.EncodeToString(h.Sum(nil)) @@ -435,7 +527,7 @@ func (g GitHubAppCreds) getAccessToken() (string, error) { if found { itr := t.(*ghinstallation.Transport) // This method caches the token and if it's expired retrieves a new one - return itr.Token(ctx) + return itr, nil } // GitHub API url @@ -452,7 +544,7 @@ func (g GitHubAppCreds) getAccessToken() (string, error) { []byte(g.privateKey), ) if err != nil { - return "", err + return nil, fmt.Errorf("failed to initialize GitHub installation transport: %w", err) } itr.BaseURL = baseUrl @@ -460,7 +552,7 @@ func (g GitHubAppCreds) getAccessToken() (string, error) { // Add transport to cache githubAppTokenCache.Set(key, itr, time.Minute*60) - return itr.Token(ctx) + return itr, nil } func (g GitHubAppCreds) HasClientCert() bool { @@ -475,6 +567,8 @@ func (g GitHubAppCreds) GetClientCertKey() string { return g.clientCertKey } +var _ Creds = GoogleCloudCreds{} + // GoogleCloudCreds to authenticate to Google Cloud Source repositories type GoogleCloudCreds struct { creds *google.Credentials @@ -490,6 +584,16 @@ func NewGoogleCloudCreds(jsonData string, store CredsStore) GoogleCloudCreds { return GoogleCloudCreds{creds, store} } +// GetUserInfo returns the username and email address for the credentials, if they're available. +// TODO: implement getting email instead of just username. +func (c GoogleCloudCreds) GetUserInfo(ctx context.Context) (string, string, error) { + username, err := c.getUsername() + if err != nil { + return "", "", fmt.Errorf("failed to get username from creds: %w", err) + } + return username, "", nil +} + func (c GoogleCloudCreds) Environ() (io.Closer, []string, error) { username, err := c.getUsername() if err != nil { diff --git a/util/git/creds_test.go b/util/git/creds_test.go index 865e2316e0790..303ac2f8f4752 100644 --- a/util/git/creds_test.go +++ b/util/git/creds_test.go @@ -100,7 +100,7 @@ func TestHTTPSCreds_Environ_forceBasicAuth(t *testing.T) { defer closer.Close() var header string for _, envVar := range env { - if strings.HasPrefix(envVar, fmt.Sprintf("%s=", forceBasicAuthHeaderEnv)) { + if strings.HasPrefix(envVar, forceBasicAuthHeaderEnv+"=") { header = envVar[len(forceBasicAuthHeaderEnv)+1:] } if header != "" { @@ -118,7 +118,7 @@ func TestHTTPSCreds_Environ_forceBasicAuth(t *testing.T) { defer closer.Close() var header string for _, envVar := range env { - if strings.HasPrefix(envVar, fmt.Sprintf("%s=", forceBasicAuthHeaderEnv)) { + if strings.HasPrefix(envVar, forceBasicAuthHeaderEnv+"=") { header = envVar[len(forceBasicAuthHeaderEnv)+1:] } if header != "" { @@ -135,7 +135,7 @@ func TestHTTPSCreds_Environ_forceBasicAuth(t *testing.T) { defer closer.Close() var header string for _, envVar := range env { - if strings.HasPrefix(envVar, fmt.Sprintf("%s=", forceBasicAuthHeaderEnv)) { + if strings.HasPrefix(envVar, forceBasicAuthHeaderEnv+"=") { header = envVar[len(forceBasicAuthHeaderEnv)+1:] } if header != "" { @@ -153,7 +153,7 @@ func TestHTTPSCreds_Environ_forceBasicAuth(t *testing.T) { defer closer.Close() var header string for _, envVar := range env { - if strings.HasPrefix(envVar, fmt.Sprintf("%s=", forceBasicAuthHeaderEnv)) { + if strings.HasPrefix(envVar, forceBasicAuthHeaderEnv+"=") { header = envVar[len(forceBasicAuthHeaderEnv)+1:] } if header != "" { @@ -219,7 +219,7 @@ func Test_SSHCreds_Environ(t *testing.T) { } else { assert.Contains(t, env[1], "-o StrictHostKeyChecking=yes") hostsPath := cert.GetSSHKnownHostsDataPath() - assert.Contains(t, env[1], fmt.Sprintf("-o UserKnownHostsFile=%s", hostsPath)) + assert.Contains(t, env[1], "-o UserKnownHostsFile="+hostsPath) } envRegex := regexp.MustCompile("-i ([^ ]+)") @@ -252,7 +252,7 @@ func Test_SSHCreds_Environ_WithProxy(t *testing.T) { } else { assert.Contains(t, env[1], "-o StrictHostKeyChecking=yes") hostsPath := cert.GetSSHKnownHostsDataPath() - assert.Contains(t, env[1], fmt.Sprintf("-o UserKnownHostsFile=%s", hostsPath)) + assert.Contains(t, env[1], "-o UserKnownHostsFile="+hostsPath) } assert.Contains(t, env[1], "-o ProxyCommand='connect-proxy -S 127.0.0.1:1080 -5 %h %p'") @@ -288,7 +288,7 @@ func Test_SSHCreds_Environ_WithProxyUserNamePassword(t *testing.T) { } else { assert.Contains(t, env[1], "-o StrictHostKeyChecking=yes") hostsPath := cert.GetSSHKnownHostsDataPath() - assert.Contains(t, env[1], fmt.Sprintf("-o UserKnownHostsFile=%s", hostsPath)) + assert.Contains(t, env[1], "-o UserKnownHostsFile="+hostsPath) } assert.Contains(t, env[1], "-o ProxyCommand='connect-proxy -S 127.0.0.1:1080 -5 %h %p'") diff --git a/util/git/git.go b/util/git/git.go index 3a087aeb00096..ea2f310b0f7fb 100644 --- a/util/git/git.go +++ b/util/git/git.go @@ -1,6 +1,7 @@ package git import ( + "fmt" "net/url" "regexp" "strings" @@ -35,11 +36,21 @@ func IsTruncatedCommitSHA(sha string) bool { // SameURL returns whether or not the two repository URLs are equivalent in location func SameURL(leftRepo, rightRepo string) bool { - normalLeft := NormalizeGitURL(leftRepo) - normalRight := NormalizeGitURL(rightRepo) + normalLeft := NormalizeGitURLAllowInvalid(leftRepo) + normalRight := NormalizeGitURLAllowInvalid(rightRepo) return normalLeft != "" && normalRight != "" && normalLeft == normalRight } +// Similar to NormalizeGitURL, except returning an original url if the url is invalid. +// Needed to allow a deletion of repos with invalid urls. See https://github.com/argoproj/argo-cd/issues/20921. +func NormalizeGitURLAllowInvalid(repo string) string { + normalized := NormalizeGitURL(repo) + if normalized == "" { + return repo + } + return normalized +} + // NormalizeGitURL normalizes a git URL for purposes of comparison, as well as preventing redundant // local clones (by normalizing various forms of a URL to a consistent location). // Prefer using SameURL() over this function when possible. This algorithm may change over time @@ -84,10 +95,13 @@ func IsHTTPURL(url string) bool { // TestRepo tests if a repo exists and is accessible with the given credentials func TestRepo(repo string, creds Creds, insecure bool, enableLfs bool, proxy string, noProxy string) error { - clnt, err := NewClient(repo, creds, insecure, enableLfs, proxy, noProxy) + client, err := NewClient(repo, creds, insecure, enableLfs, proxy, noProxy) + if err != nil { + return fmt.Errorf("unable to initialize git client: %w", err) + } + _, err = client.LsRemote("HEAD") if err != nil { - return err + return fmt.Errorf("unable to ls-remote HEAD on repository: %w", err) } - _, err = clnt.LsRemote("HEAD") - return err + return nil } diff --git a/util/git/git_test.go b/util/git/git_test.go index d507c728c0fde..d46265a879ab3 100644 --- a/util/git/git_test.go +++ b/util/git/git_test.go @@ -1,7 +1,6 @@ package git import ( - "fmt" "io" "net/http" "os" @@ -320,14 +319,14 @@ func TestLFSClient(t *testing.T) { err = client.Fetch("") require.NoError(t, err) - err = client.Checkout(commitSHA, true) + _, err = client.Checkout(commitSHA, true) require.NoError(t, err) largeFiles, err := client.LsLargeFiles() require.NoError(t, err) assert.Len(t, largeFiles, 3) - fileHandle, err := os.Open(fmt.Sprintf("%s/test3.yaml", tempDir)) + fileHandle, err := os.Open(tempDir + "/test3.yaml") require.NoError(t, err) if err == nil { defer func() { @@ -358,7 +357,7 @@ func TestVerifyCommitSignature(t *testing.T) { commitSHA, err := client.LsRemote("HEAD") require.NoError(t, err) - err = client.Checkout(commitSHA, true) + _, err = client.Checkout(commitSHA, true) require.NoError(t, err) // 28027897aad1262662096745f2ce2d4c74d02b7f is a commit that is signed in the repo @@ -415,7 +414,7 @@ func TestNewFactory(t *testing.T) { err = client.Fetch("") require.NoError(t, err) - err = client.Checkout(commitSHA, true) + _, err = client.Checkout(commitSHA, true) require.NoError(t, err) revisionMetadata, err := client.RevisionMetadata(commitSHA) diff --git a/util/git/mocks/Client.go b/util/git/mocks/Client.go index 490aa4e99b90d..9357264e3bdd6 100644 --- a/util/git/mocks/Client.go +++ b/util/git/mocks/Client.go @@ -43,21 +43,115 @@ func (_m *Client) ChangedFiles(revision string, targetRevision string) ([]string } // Checkout provides a mock function with given fields: revision, submoduleEnabled -func (_m *Client) Checkout(revision string, submoduleEnabled bool) error { +func (_m *Client) Checkout(revision string, submoduleEnabled bool) (string, error) { ret := _m.Called(revision, submoduleEnabled) if len(ret) == 0 { panic("no return value specified for Checkout") } - var r0 error - if rf, ok := ret.Get(0).(func(string, bool) error); ok { + var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string, bool) (string, error)); ok { + return rf(revision, submoduleEnabled) + } + if rf, ok := ret.Get(0).(func(string, bool) string); ok { r0 = rf(revision, submoduleEnabled) } else { - r0 = ret.Error(0) + r0 = ret.Get(0).(string) } - return r0 + if rf, ok := ret.Get(1).(func(string, bool) error); ok { + r1 = rf(revision, submoduleEnabled) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CheckoutOrNew provides a mock function with given fields: branch, base, submoduleEnabled +func (_m *Client) CheckoutOrNew(branch string, base string, submoduleEnabled bool) (string, error) { + ret := _m.Called(branch, base, submoduleEnabled) + + if len(ret) == 0 { + panic("no return value specified for CheckoutOrNew") + } + + var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string, string, bool) (string, error)); ok { + return rf(branch, base, submoduleEnabled) + } + if rf, ok := ret.Get(0).(func(string, string, bool) string); ok { + r0 = rf(branch, base, submoduleEnabled) + } else { + r0 = ret.Get(0).(string) + } + + if rf, ok := ret.Get(1).(func(string, string, bool) error); ok { + r1 = rf(branch, base, submoduleEnabled) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CheckoutOrOrphan provides a mock function with given fields: branch, submoduleEnabled +func (_m *Client) CheckoutOrOrphan(branch string, submoduleEnabled bool) (string, error) { + ret := _m.Called(branch, submoduleEnabled) + + if len(ret) == 0 { + panic("no return value specified for CheckoutOrOrphan") + } + + var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string, bool) (string, error)); ok { + return rf(branch, submoduleEnabled) + } + if rf, ok := ret.Get(0).(func(string, bool) string); ok { + r0 = rf(branch, submoduleEnabled) + } else { + r0 = ret.Get(0).(string) + } + + if rf, ok := ret.Get(1).(func(string, bool) error); ok { + r1 = rf(branch, submoduleEnabled) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CommitAndPush provides a mock function with given fields: branch, message +func (_m *Client) CommitAndPush(branch string, message string) (string, error) { + ret := _m.Called(branch, message) + + if len(ret) == 0 { + panic("no return value specified for CommitAndPush") + } + + var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string, string) (string, error)); ok { + return rf(branch, message) + } + if rf, ok := ret.Get(0).(func(string, string) string); ok { + r0 = rf(branch, message) + } else { + r0 = ret.Get(0).(string) + } + + if rf, ok := ret.Get(1).(func(string, string) error); ok { + r1 = rf(branch, message) + } else { + r1 = ret.Error(1) + } + + return r0, r1 } // CommitSHA provides a mock function with given fields: @@ -278,6 +372,34 @@ func (_m *Client) LsRemote(revision string) (string, error) { return r0, r1 } +// RemoveContents provides a mock function with given fields: +func (_m *Client) RemoveContents() (string, error) { + ret := _m.Called() + + if len(ret) == 0 { + panic("no return value specified for RemoveContents") + } + + var r0 string + var r1 error + if rf, ok := ret.Get(0).(func() (string, error)); ok { + return rf() + } + if rf, ok := ret.Get(0).(func() string); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(string) + } + + if rf, ok := ret.Get(1).(func() error); ok { + r1 = rf() + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // RevisionMetadata provides a mock function with given fields: revision func (_m *Client) RevisionMetadata(revision string) (*git.RevisionMetadata, error) { ret := _m.Called(revision) @@ -326,6 +448,34 @@ func (_m *Client) Root() string { return r0 } +// SetAuthor provides a mock function with given fields: name, email +func (_m *Client) SetAuthor(name string, email string) (string, error) { + ret := _m.Called(name, email) + + if len(ret) == 0 { + panic("no return value specified for SetAuthor") + } + + var r0 string + var r1 error + if rf, ok := ret.Get(0).(func(string, string) (string, error)); ok { + return rf(name, email) + } + if rf, ok := ret.Get(0).(func(string, string) string); ok { + r0 = rf(name, email) + } else { + r0 = ret.Get(0).(string) + } + + if rf, ok := ret.Get(1).(func(string, string) error); ok { + r1 = rf(name, email) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // Submodule provides a mock function with given fields: func (_m *Client) Submodule() error { ret := _m.Called() diff --git a/util/gpg/gpg.go b/util/gpg/gpg.go index 100a6e7b68899..4e402d645f1cb 100644 --- a/util/gpg/gpg.go +++ b/util/gpg/gpg.go @@ -150,7 +150,7 @@ const MaxVerificationLinesToParse = 40 // Helper function to append GNUPGHOME for a command execution environment func getGPGEnviron() []string { - return append(os.Environ(), fmt.Sprintf("GNUPGHOME=%s", common.GetGnuPGHomePath()), "LANG=C") + return append(os.Environ(), "GNUPGHOME="+common.GetGnuPGHomePath(), "LANG=C") } // Helper function to write some data to a temp file and return its path @@ -617,7 +617,7 @@ func ParseGitCommitVerification(signature string) PGPVerifyResult { result.Cipher = keyID[1] result.KeyID = KeyID(keyID[2]) if result.KeyID == "" { - return unknownResult(fmt.Sprintf("Invalid PGP key ID found in verification result: %s", result.KeyID)) + return unknownResult("Invalid PGP key ID found in verification result: " + result.KeyID) } // What was the result of signature verification? diff --git a/util/gpg/gpg_test.go b/util/gpg/gpg_test.go index e279f1e9ad554..e6f3093e42d18 100644 --- a/util/gpg/gpg_test.go +++ b/util/gpg/gpg_test.go @@ -79,7 +79,7 @@ func Test_GPG_InitializeGnuPG(t *testing.T) { // During unit-tests, we need to also kill gpg-agent so we can create a new key. // In real world scenario -- i.e. container crash -- gpg-agent is not running yet. cmd := exec.Command("gpgconf", "--kill", "gpg-agent") - cmd.Env = []string{fmt.Sprintf("GNUPGHOME=%s", p)} + cmd.Env = []string{"GNUPGHOME=" + p} err = cmd.Run() require.NoError(t, err) @@ -104,7 +104,7 @@ func Test_GPG_InitializeGnuPG(t *testing.T) { t.Run("Unaccessible GNUPGHOME", func(t *testing.T) { p := initTempDir(t) - fp := fmt.Sprintf("%s/gpg", p) + fp := p + "/gpg" err = os.Mkdir(fp, 0o000) if err != nil { panic(err.Error()) diff --git a/util/grpc/logging.go b/util/grpc/logging.go index 37dfc286caaed..271111977473b 100644 --- a/util/grpc/logging.go +++ b/util/grpc/logging.go @@ -76,7 +76,7 @@ func PayloadStreamServerInterceptor(entry *logrus.Entry, logClaims bool, decider return handler(srv, stream) } logEntry := entry.WithFields(ctx_logrus.Extract(stream.Context()).Data) - newStream := &loggingServerStream{ServerStream: stream, entry: logEntry, logClaims: logClaims, info: fmt.Sprintf("received streaming call %s", info.FullMethod)} + newStream := &loggingServerStream{ServerStream: stream, entry: logEntry, logClaims: logClaims, info: "received streaming call " + info.FullMethod} return handler(srv, newStream) } } @@ -87,7 +87,7 @@ func PayloadUnaryServerInterceptor(entry *logrus.Entry, logClaims bool, decider return handler(ctx, req) } logEntry := entry.WithFields(ctx_logrus.Extract(ctx).Data) - logRequest(logEntry, fmt.Sprintf("received unary call %s", info.FullMethod), req, ctx, logClaims) + logRequest(logEntry, "received unary call "+info.FullMethod, req, ctx, logClaims) resp, err := handler(ctx, req) return resp, err } diff --git a/util/helm/client_test.go b/util/helm/client_test.go index 97c27d6c1f62c..00362ee06b699 100644 --- a/util/helm/client_test.go +++ b/util/helm/client_test.go @@ -257,7 +257,7 @@ func TestGetTagsFromURLPrivateRepoAuthentication(t *testing.T) { }, { name: "should login correctly when the repo path is not in the server root with http scheme", - repoURL: fmt.Sprintf("%s/my-repo", server.URL), + repoURL: server.URL + "/my-repo", }, { name: "should login correctly when the repo path is in the server root without http scheme", @@ -265,7 +265,7 @@ func TestGetTagsFromURLPrivateRepoAuthentication(t *testing.T) { }, { name: "should login correctly when the repo path is not in the server root without http scheme", - repoURL: fmt.Sprintf("%s/my-repo", serverURL.Host), + repoURL: serverURL.Host + "/my-repo", }, } @@ -342,7 +342,7 @@ func TestGetTagsFromURLEnvironmentAuthentication(t *testing.T) { }, { name: "should login correctly when the repo path is not in the server root with http scheme", - repoURL: fmt.Sprintf("%s/my-repo", server.URL), + repoURL: server.URL + "/my-repo", }, { name: "should login correctly when the repo path is in the server root without http scheme", @@ -350,7 +350,7 @@ func TestGetTagsFromURLEnvironmentAuthentication(t *testing.T) { }, { name: "should login correctly when the repo path is not in the server root without http scheme", - repoURL: fmt.Sprintf("%s/my-repo", serverURL.Host), + repoURL: serverURL.Host + "/my-repo", }, } diff --git a/util/helm/cmd.go b/util/helm/cmd.go index 9a5ba948c3779..28b458fa51c88 100644 --- a/util/helm/cmd.go +++ b/util/helm/cmd.go @@ -338,9 +338,10 @@ type TemplateOpts struct { Values []pathutil.ResolvedFilePath // ExtraValues is the randomly-generated path to the temporary values file holding the contents of // spec.source.helm.values/valuesObject. - ExtraValues pathutil.ResolvedFilePath - SkipCrds bool - SkipTests bool + ExtraValues pathutil.ResolvedFilePath + SkipCrds bool + SkipSchemaValidation bool + SkipTests bool } func cleanSetParameters(val string) string { @@ -409,6 +410,9 @@ func (c *Cmd) template(chartPath string, opts *TemplateOpts) (string, string, er if !opts.SkipCrds { args = append(args, "--include-crds") } + if opts.SkipSchemaValidation { + args = append(args, "--skip-schema-validation") + } if opts.SkipTests { args = append(args, "--skip-tests") } diff --git a/util/io/files/secure_mkdir_default.go b/util/io/files/secure_mkdir_default.go new file mode 100644 index 0000000000000..fe7733e2d071f --- /dev/null +++ b/util/io/files/secure_mkdir_default.go @@ -0,0 +1,25 @@ +//go:build !linux + +package files + +import ( + "fmt" + "os" + + securejoin "github.com/cyphar/filepath-securejoin" +) + +// SecureMkdirAll creates a directory with the given mode and returns the full path to the directory. It prevents +// directory traversal attacks by ensuring the path is within the root directory. The path is constructed as if the +// given root is the root of the filesystem. So anything traversing outside the root is simply removed from the path. +func SecureMkdirAll(root, unsafePath string, mode os.FileMode) (string, error) { + fullPath, err := securejoin.SecureJoin(root, unsafePath) + if err != nil { + return "", fmt.Errorf("failed to construct secure path: %w", err) + } + err = os.MkdirAll(fullPath, mode) + if err != nil { + return "", fmt.Errorf("failed to create directory: %w", err) + } + return fullPath, nil +} diff --git a/util/io/files/secure_mkdir_linux.go b/util/io/files/secure_mkdir_linux.go new file mode 100644 index 0000000000000..14f727dda480d --- /dev/null +++ b/util/io/files/secure_mkdir_linux.go @@ -0,0 +1,25 @@ +//go:build linux + +package files + +import ( + "fmt" + "os" + + securejoin "github.com/cyphar/filepath-securejoin" +) + +// SecureMkdirAll creates a directory with the given mode and returns the full path to the directory. It prevents +// directory traversal attacks by ensuring the path is within the root directory. The path is constructed as if the +// given root is the root of the filesystem. So anything traversing outside the root is simply removed from the path. +func SecureMkdirAll(root, unsafePath string, mode os.FileMode) (string, error) { + err := securejoin.MkdirAll(root, unsafePath, int(mode)) + if err != nil { + return "", fmt.Errorf("failed to make directory: %w", err) + } + fullPath, err := securejoin.SecureJoin(root, unsafePath) + if err != nil { + return "", fmt.Errorf("failed to construct secure path: %w", err) + } + return fullPath, nil +} diff --git a/util/io/files/secure_mkdir_test.go b/util/io/files/secure_mkdir_test.go new file mode 100644 index 0000000000000..e696629235404 --- /dev/null +++ b/util/io/files/secure_mkdir_test.go @@ -0,0 +1,67 @@ +package files + +import ( + "os" + "path" + "path/filepath" + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestSecureMkdirAllDefault(t *testing.T) { + root := t.TempDir() + + unsafePath := "test/dir" + fullPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm) + require.NoError(t, err) + + expectedPath := path.Join(root, unsafePath) + assert.Equal(t, expectedPath, fullPath) +} + +func TestSecureMkdirAllWithExistingDir(t *testing.T) { + root := t.TempDir() + unsafePath := "existing/dir" + + fullPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm) + require.NoError(t, err) + + newPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm) + require.NoError(t, err) + assert.Equal(t, fullPath, newPath) +} + +func TestSecureMkdirAllWithFile(t *testing.T) { + root := t.TempDir() + unsafePath := "file.txt" + + filePath := filepath.Join(root, unsafePath) + err := os.WriteFile(filePath, []byte("test"), os.ModePerm) + require.NoError(t, err) + + // Should fail because there is a file at the path + _, err = SecureMkdirAll(root, unsafePath, os.ModePerm) + require.Error(t, err) +} + +func TestSecureMkdirAllDotDotPath(t *testing.T) { + root := t.TempDir() + unsafePath := "../outside" + + fullPath, err := SecureMkdirAll(root, unsafePath, os.ModePerm) + require.NoError(t, err) + + expectedPath := filepath.Join(root, "outside") + assert.Equal(t, expectedPath, fullPath) + + info, err := os.Stat(fullPath) + require.NoError(t, err) + assert.True(t, info.IsDir()) + + relPath, err := filepath.Rel(root, fullPath) + require.NoError(t, err) + assert.False(t, strings.HasPrefix(relPath, "..")) +} diff --git a/util/kube/util_test.go b/util/kube/util_test.go index a8a674bdda741..ac3e5a35276e4 100644 --- a/util/kube/util_test.go +++ b/util/kube/util_test.go @@ -47,7 +47,7 @@ func Test_CreateOrUpdateSecretField(t *testing.T) { "annotation3": "foo", } - client := fake.NewSimpleClientset(secret) + client := fake.NewClientset(secret) t.Run("Change field in existing secret", func(t *testing.T) { ku := NewKubeUtil(client, context.TODO()) @@ -133,7 +133,7 @@ func Test_CreateOrUpdateSecretData(t *testing.T) { "password": []byte("foobarbaz"), } - client := fake.NewSimpleClientset(secret) + client := fake.NewClientset(secret) t.Run("Change data in existing secret with merge", func(t *testing.T) { ku := NewKubeUtil(client, context.TODO()) diff --git a/util/kustomize/kustomize.go b/util/kustomize/kustomize.go index 3509f4689de96..226a07a09c8de 100644 --- a/util/kustomize/kustomize.go +++ b/util/kustomize/kustomize.go @@ -130,7 +130,7 @@ func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize, kustomizeOp log.Debugf("No caCert found for repo %s", parsedURL.Host) } else { // Make Git use CA bundle - environ = append(environ, fmt.Sprintf("GIT_SSL_CAINFO=%s", caPath)) + environ = append(environ, "GIT_SSL_CAINFO="+caPath) } } } diff --git a/util/log/logrus_test.go b/util/log/logrus_test.go index 0613d4ced0af0..881e5c94fccf4 100644 --- a/util/log/logrus_test.go +++ b/util/log/logrus_test.go @@ -1,7 +1,6 @@ package log import ( - "fmt" "testing" "github.com/sirupsen/logrus" @@ -26,12 +25,12 @@ func TestCreateFormatter(t *testing.T) { result := CreateFormatter("text") assert.Equal(t, &logrus.TextFormatter{}, result) }) - t.Run(fmt.Sprintf("%s == 1", common.EnvLogFormatEnableFullTimestamp), func(t *testing.T) { + t.Run(common.EnvLogFormatEnableFullTimestamp+" == 1", func(t *testing.T) { t.Setenv(common.EnvLogFormatEnableFullTimestamp, "1") result := CreateFormatter("text") assert.Equal(t, &logrus.TextFormatter{FullTimestamp: true}, result) }) - t.Run(fmt.Sprintf("%s != 1", common.EnvLogFormatEnableFullTimestamp), func(t *testing.T) { + t.Run(common.EnvLogFormatEnableFullTimestamp+" != 1", func(t *testing.T) { t.Setenv(common.EnvLogFormatEnableFullTimestamp, "0") result := CreateFormatter("text") assert.Equal(t, &logrus.TextFormatter{}, result) diff --git a/util/lua/custom_actions_test.go b/util/lua/custom_actions_test.go index ba1bbbf0d0b43..4b7a06bf7dc7e 100644 --- a/util/lua/custom_actions_test.go +++ b/util/lua/custom_actions_test.go @@ -110,15 +110,14 @@ func TestLuaResourceActionsScript(t *testing.T) { } require.NoError(t, err) dir := filepath.Dir(path) - // TODO: Change to path - yamlBytes, err := os.ReadFile(dir + "/action_test.yaml") + yamlBytes, err := os.ReadFile(filepath.Join(dir, "action_test.yaml")) require.NoError(t, err) var resourceTest ActionTestStructure err = yaml.Unmarshal(yamlBytes, &resourceTest) require.NoError(t, err) for i := range resourceTest.DiscoveryTests { test := resourceTest.DiscoveryTests[i] - testName := fmt.Sprintf("discovery/%s", test.InputPath) + testName := "discovery/" + test.InputPath t.Run(testName, func(t *testing.T) { vm := VM{ UseOpenLibs: true, diff --git a/util/lua/lua.go b/util/lua/lua.go index 5183d018f84a4..215d8041ac626 100644 --- a/util/lua/lua.go +++ b/util/lua/lua.go @@ -396,7 +396,7 @@ func (vm VM) GetResourceActionDiscovery(obj *unstructured.Unstructured) ([]strin } // Fetch predefined Lua scripts - discoveryKey := fmt.Sprintf("%s/actions/", key) + discoveryKey := key + "/actions/" discoveryScript, err := vm.getPredefinedLuaScripts(discoveryKey, actionDiscoveryScriptFile) // Ignore the error if the script does not exist. diff --git a/util/notification/expression/strings/strings_test.go b/util/notification/expression/strings/strings_test.go index 660ec66aa4cf2..76cb57606b2f6 100644 --- a/util/notification/expression/strings/strings_test.go +++ b/util/notification/expression/strings/strings_test.go @@ -1,7 +1,6 @@ package strings import ( - "fmt" "testing" "github.com/stretchr/testify/assert" @@ -50,7 +49,7 @@ func TestUpperAndLower(t *testing.T) { exprs := NewExprs() for _, testCase := range testCases { - t.Run(fmt.Sprintf("With success case: Func: %s", testCase.fn), func(tc *testing.T) { + t.Run("With success case: Func: "+testCase.fn, func(tc *testing.T) { toUpperFn, ok := exprs[testCase.fn].(func(s string) string) assert.True(t, ok) diff --git a/util/notification/k8s/informers.go b/util/notification/k8s/informers.go index 4289df21e021c..361453da0dfc0 100644 --- a/util/notification/k8s/informers.go +++ b/util/notification/k8s/informers.go @@ -1,7 +1,6 @@ package k8s import ( - "fmt" "time" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -16,12 +15,12 @@ const ( func NewSecretInformer(clientset kubernetes.Interface, namespace string, secretName string) cache.SharedIndexInformer { return corev1.NewFilteredSecretInformer(clientset, namespace, settingsResyncDuration, cache.Indexers{}, func(options *metav1.ListOptions) { - options.FieldSelector = fmt.Sprintf("metadata.name=%s", secretName) + options.FieldSelector = "metadata.name=" + secretName }) } func NewConfigMapInformer(clientset kubernetes.Interface, namespace string, configMapName string) cache.SharedIndexInformer { return corev1.NewFilteredConfigMapInformer(clientset, namespace, settingsResyncDuration, cache.Indexers{}, func(options *metav1.ListOptions) { - options.FieldSelector = fmt.Sprintf("metadata.name=%s", configMapName) + options.FieldSelector = "metadata.name=" + configMapName }) } diff --git a/util/notification/settings/settings_test.go b/util/notification/settings/settings_test.go index c80a50142ceaa..8c3a8c5bf9ddb 100644 --- a/util/notification/settings/settings_test.go +++ b/util/notification/settings/settings_test.go @@ -44,7 +44,7 @@ func TestInitGetVars(t *testing.T) { "notification-secret": []byte("secret-value"), }, } - kubeclientset := fake.NewSimpleClientset(&corev1.ConfigMap{ + kubeclientset := fake.NewClientset(&corev1.ConfigMap{ ObjectMeta: v1.ObjectMeta{ Namespace: testNamespace, Name: "argocd-notifications-cm", diff --git a/util/oidc/oidc.go b/util/oidc/oidc.go index 2f01dc167e3d4..6b475d01c6a81 100644 --- a/util/oidc/oidc.go +++ b/util/oidc/oidc.go @@ -383,7 +383,7 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) { if a.baseHRef != "" { path = strings.TrimRight(strings.TrimLeft(a.baseHRef, "/"), "/") } - cookiePath := fmt.Sprintf("path=/%s", path) + cookiePath := "path=/" + path flags := []string{cookiePath, "SameSite=lax", "httpOnly"} if a.secureCookie { flags = append(flags, "Secure") diff --git a/util/oidc/provider.go b/util/oidc/provider.go index 36601314d00f4..87e9f1f730b10 100644 --- a/util/oidc/provider.go +++ b/util/oidc/provider.go @@ -82,7 +82,7 @@ func (t tokenVerificationError) Error() string { for aud, err := range t.errorsByAudience { errorStrings = append(errorStrings, fmt.Sprintf("error for aud %q: %v", aud, err)) } - return fmt.Sprintf("token verification failed for all audiences: %s", strings.Join(errorStrings, ", ")) + return "token verification failed for all audiences: " + strings.Join(errorStrings, ", ") } func (p *providerImpl) Verify(tokenString string, argoSettings *settings.ArgoCDSettings) (*gooidc.IDToken, error) { diff --git a/util/proxy/proxy.go b/util/proxy/proxy.go index bef4ce47b81dc..c4349e8ad48e3 100644 --- a/util/proxy/proxy.go +++ b/util/proxy/proxy.go @@ -1,7 +1,6 @@ package proxy import ( - "fmt" "net/http" "net/url" "os/exec" @@ -47,13 +46,13 @@ func GetCallback(proxy string, noProxy string) func(*http.Request) (*url.URL, er } func httpProxy(url string) string { - return fmt.Sprintf("http_proxy=%s", url) + return "http_proxy=" + url } func httpsProxy(url string) string { - return fmt.Sprintf("https_proxy=%s", url) + return "https_proxy=" + url } func noProxyVar(noProxy string) string { - return fmt.Sprintf("no_proxy=%s", noProxy) + return "no_proxy=" + noProxy } diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go index ab45cf5c0d69f..1446620d58bd0 100644 --- a/util/rbac/rbac.go +++ b/util/rbac/rbac.go @@ -256,10 +256,10 @@ func (e *Enforcer) EnforceErr(rvals ...interface{}) error { break } if sub := jwtutil.StringField(claims, "sub"); sub != "" { - rvalsStrs = append(rvalsStrs, fmt.Sprintf("sub: %s", sub)) + rvalsStrs = append(rvalsStrs, "sub: "+sub) } if issuedAtTime, err := jwtutil.IssuedAtTime(claims); err == nil { - rvalsStrs = append(rvalsStrs, fmt.Sprintf("iat: %s", issuedAtTime.Format(time.RFC3339))) + rvalsStrs = append(rvalsStrs, "iat: "+issuedAtTime.Format(time.RFC3339)) } } errMsg = fmt.Sprintf("%s: %s", errMsg, strings.Join(rvalsStrs, ", ")) @@ -337,7 +337,7 @@ func (e *Enforcer) SetUserPolicy(policy string) error { // newInformers returns an informer which watches updates on the rbac configmap func (e *Enforcer) newInformer() cache.SharedIndexInformer { tweakConfigMap := func(options *metav1.ListOptions) { - cmFieldSelector := fields.ParseSelectorOrDie(fmt.Sprintf("metadata.name=%s", e.configmap)) + cmFieldSelector := fields.ParseSelectorOrDie("metadata.name=" + e.configmap) options.FieldSelector = cmFieldSelector.String() } indexers := cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc} diff --git a/util/rbac/rbac_norace_test.go b/util/rbac/rbac_norace_test.go index 41503746cd540..80314d04f3420 100644 --- a/util/rbac/rbac_norace_test.go +++ b/util/rbac/rbac_norace_test.go @@ -26,7 +26,7 @@ func TestPolicyInformer(t *testing.T) { cm := fakeConfigMap() cm.Data[ConfigMapPolicyCSVKey] = "p, admin, applications, delete, */*, allow" - kubeclientset := fake.NewSimpleClientset(cm) + kubeclientset := fake.NewClientset(cm) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) ctx := context.Background() @@ -58,7 +58,7 @@ func TestResourceActionWildcards(t *testing.T) { // !race: // Same as TestPolicyInformer - kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) + kubeclientset := fake.NewClientset(fakeConfigMap()) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) policy := ` p, alice, *, get, foo/obj, allow diff --git a/util/rbac/rbac_test.go b/util/rbac/rbac_test.go index f0843952cd2e9..686d283a3ee50 100644 --- a/util/rbac/rbac_test.go +++ b/util/rbac/rbac_test.go @@ -2,7 +2,6 @@ package rbac import ( "context" - "fmt" "strings" "testing" "time" @@ -106,7 +105,7 @@ func TestPolicyCSV(t *testing.T) { // TestBuiltinPolicyEnforcer tests the builtin policy rules func TestBuiltinPolicyEnforcer(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) @@ -142,7 +141,7 @@ func TestBuiltinPolicyEnforcer(t *testing.T) { // TestProjectIsolationEnforcement verifies the ability to create Project specific policies func TestProjectIsolationEnforcement(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) + kubeclientset := fake.NewClientset(fakeConfigMap()) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) policy := ` p, role:foo-admin, *, *, foo/*, allow @@ -162,7 +161,7 @@ g, bob, role:bar-admin // TestProjectReadOnly verifies the ability to have a read only role in a Project func TestProjectReadOnly(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) + kubeclientset := fake.NewClientset(fakeConfigMap()) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) policy := ` p, role:foo-readonly, *, get, foo/*, allow @@ -178,7 +177,7 @@ g, alice, role:foo-readonly // TestDefaultRole tests the ability to set a default role func TestDefaultRole(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) _ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV) @@ -191,7 +190,7 @@ func TestDefaultRole(t *testing.T) { // TestURLAsObjectName tests the ability to have a URL as an object name func TestURLAsObjectName(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) policy := ` @@ -209,7 +208,7 @@ p, cathy, repositories, *, foo/*, allow } func TestEnableDisableEnforce(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) + kubeclientset := fake.NewClientset(fakeConfigMap()) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) policy := ` p, alice, *, get, foo/obj, allow @@ -237,7 +236,7 @@ p, mike, *, get, foo/obj, deny } func TestUpdatePolicy(t *testing.T) { - kubeclientset := fake.NewSimpleClientset(fakeConfigMap()) + kubeclientset := fake.NewClientset(fakeConfigMap()) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) _ = enf.SetUserPolicy("p, alice, *, get, foo/obj, allow") @@ -267,14 +266,14 @@ func TestUpdatePolicy(t *testing.T) { func TestNoPolicy(t *testing.T) { cm := fakeConfigMap() - kubeclientset := fake.NewSimpleClientset(cm) + kubeclientset := fake.NewClientset(cm) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) assert.False(t, enf.Enforce("admin", "applications", "delete", "foo/bar")) } // TestClaimsEnforcerFunc tests func TestClaimsEnforcerFunc(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) claims := jwt.RegisteredClaims{ Subject: "foo", @@ -289,7 +288,7 @@ func TestClaimsEnforcerFunc(t *testing.T) { // TestDefaultRoleWithRuntimePolicy tests the ability for a default role to still take affect when // enforcing a runtime policy func TestDefaultRoleWithRuntimePolicy(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) runtimePolicy := assets.BuiltinPolicyCSV @@ -301,7 +300,7 @@ func TestDefaultRoleWithRuntimePolicy(t *testing.T) { // TestClaimsEnforcerFuncWithRuntimePolicy tests the ability for claims enforcer function to still // take effect when enforcing a runtime policy func TestClaimsEnforcerFuncWithRuntimePolicy(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) runtimePolicy := assets.BuiltinPolicyCSV @@ -318,7 +317,7 @@ func TestClaimsEnforcerFuncWithRuntimePolicy(t *testing.T) { // TestInvalidRuntimePolicy tests when an invalid policy is supplied, it falls back to normal enforcement func TestInvalidRuntimePolicy(t *testing.T) { cm := fakeConfigMap() - kubeclientset := fake.NewSimpleClientset(cm) + kubeclientset := fake.NewClientset(cm) enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) _ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV) @@ -351,7 +350,7 @@ func TestValidatePolicy(t *testing.T) { // TestEnforceErrorMessage ensures we give descriptive error message func TestEnforceErrorMessage(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) err := enf.syncUpdate(fakeConfigMap(), noOpUpdate) require.NoError(t, err) @@ -371,7 +370,7 @@ func TestEnforceErrorMessage(t *testing.T) { assert.Equal(t, "rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin", err.Error()) iat := time.Unix(int64(1593035962), 0).Format(time.RFC3339) - exp := fmt.Sprintf("rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin, iat: %s", iat) + exp := "rpc error: code = PermissionDenied desc = permission denied: project, sub: proj:default:admin, iat: " + iat // nolint:staticcheck ctx = context.WithValue(context.Background(), "claims", &jwt.RegisteredClaims{Subject: "proj:default:admin", IssuedAt: jwt.NewNumericDate(time.Unix(int64(1593035962), 0))}) err = enf.EnforceErr(ctx.Value("claims"), "project") @@ -392,7 +391,7 @@ func TestEnforceErrorMessage(t *testing.T) { } func TestDefaultGlobMatchMode(t *testing.T) { - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(fakeConfigMap(), noOpUpdate)) policy := ` @@ -407,7 +406,7 @@ p, alice, clusters, get, "https://github.com/*/*.git", allow func TestGlobMatchMode(t *testing.T) { cm := fakeConfigMap() cm.Data[ConfigMapMatchModeKey] = GlobMatchMode - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(cm, noOpUpdate)) policy := ` @@ -422,7 +421,7 @@ p, alice, clusters, get, "https://github.com/*/*.git", allow func TestRegexMatchMode(t *testing.T) { cm := fakeConfigMap() cm.Data[ConfigMapMatchModeKey] = RegexMatchMode - kubeclientset := fake.NewSimpleClientset() + kubeclientset := fake.NewClientset() enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfigMapName, nil) require.NoError(t, enf.syncUpdate(cm, noOpUpdate)) policy := ` diff --git a/util/session/sessionmanager_test.go b/util/session/sessionmanager_test.go index 1ef496706feb9..efee1951e7899 100644 --- a/util/session/sessionmanager_test.go +++ b/util/session/sessionmanager_test.go @@ -52,7 +52,7 @@ func getKubeClient(pass string, enabled bool, capabilities ...settings.AccountCa capabilitiesStr = append(capabilitiesStr, string(capabilities[i])) } - return fake.NewSimpleClientset(&corev1.ConfigMap{ + return fake.NewClientset(&corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "argocd-cm", Namespace: "argocd", @@ -101,7 +101,7 @@ func TestSessionManager_AdminToken(t *testing.T) { mapClaims := *(claims.(*jwt.MapClaims)) subject := mapClaims["sub"].(string) if subject != "admin" { - t.Errorf("Token claim subject \"%s\" does not match expected subject \"%s\".", subject, "admin") + t.Errorf("Token claim subject %q does not match expected subject %q.", subject, "admin") } } @@ -577,7 +577,7 @@ func getKubeClientWithConfig(config map[string]string, secretConfig map[string][ mergedSecretConfig[key] = value } - return fake.NewSimpleClientset(&corev1.ConfigMap{ + return fake.NewClientset(&corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "argocd-cm", Namespace: "argocd", @@ -689,7 +689,7 @@ rootCA: | mgr.verificationDelayNoiseEnabled = false claims := jwt.RegisteredClaims{Audience: jwt.ClaimStrings{"test-client"}, Subject: "admin", ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24))} - claims.Issuer = fmt.Sprintf("%s/api/dex", dexTestServer.URL) + claims.Issuer = dexTestServer.URL + "/api/dex" token := jwt.NewWithClaims(jwt.SigningMethodRS512, claims) key, err := jwt.ParseRSAPrivateKeyFromPEM(utiltest.PrivateKey) require.NoError(t, err) @@ -759,7 +759,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL), mgr.verificationDelayNoiseEnabled = false claims := jwt.RegisteredClaims{Audience: jwt.ClaimStrings{"test-client"}, Subject: "admin", ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24))} - claims.Issuer = fmt.Sprintf("%s/api/dex", dexTestServer.URL) + claims.Issuer = dexTestServer.URL + "/api/dex" token := jwt.NewWithClaims(jwt.SigningMethodRS512, claims) key, err := jwt.ParseRSAPrivateKeyFromPEM(utiltest.PrivateKey) require.NoError(t, err) diff --git a/util/session/state.go b/util/session/state.go index b4117c0d1733f..db8eda5020ee3 100644 --- a/util/session/state.go +++ b/util/session/state.go @@ -125,6 +125,10 @@ func (storage *userStateStorage) IsTokenRevoked(id string) bool { return storage.revokedTokens[id] } +func (storage *userStateStorage) GetLockObject() *sync.RWMutex { + return &storage.lock +} + type UserStateStorage interface { Init(ctx context.Context) // GetLoginAttempts return number of concurrent login attempts @@ -135,4 +139,6 @@ type UserStateStorage interface { RevokeToken(ctx context.Context, id string, expiringAt time.Duration) error // IsTokenRevoked checks if given token is revoked IsTokenRevoked(id string) bool + // GetLockObject returns a lock used by the storage + GetLockObject() *sync.RWMutex } diff --git a/util/settings/accounts.go b/util/settings/accounts.go index 2972d1911e9e9..f172b6c83b19c 100644 --- a/util/settings/accounts.go +++ b/util/settings/accounts.go @@ -145,15 +145,11 @@ func (mgr *SettingsManager) UpdateAccount(name string, callback func(account *Ac // GetAccounts returns list of configured accounts func (mgr *SettingsManager) GetAccounts() (map[string]Account, error) { - err := mgr.ensureSynced(false) + cm, err := mgr.getConfigMap() if err != nil { return nil, err } - secret, err := mgr.secrets.Secrets(mgr.namespace).Get(common.ArgoCDSecretName) - if err != nil { - return nil, err - } - cm, err := mgr.configmaps.ConfigMaps(mgr.namespace).Get(common.ArgoCDConfigMapName) + secret, err := mgr.getSecret() if err != nil { return nil, err } @@ -241,7 +237,7 @@ func parseAccounts(secret *v1.Secret, cm *v1.ConfigMap) (map[string]Account, err } for key, v := range cm.Data { - if !strings.HasPrefix(key, fmt.Sprintf("%s.", accountsKeyPrefix)) { + if !strings.HasPrefix(key, accountsKeyPrefix+".") { continue } diff --git a/util/settings/settings.go b/util/settings/settings.go index 60b78f405d4eb..c9ec3573e1562 100644 --- a/util/settings/settings.go +++ b/util/settings/settings.go @@ -261,9 +261,10 @@ var ( } return nil, nil } - ByProjectClusterIndexer = "byProjectCluster" - ByProjectRepoIndexer = "byProjectRepo" - byProjectIndexerFunc = func(secretType string) func(obj interface{}) ([]string, error) { + ByProjectClusterIndexer = "byProjectCluster" + ByProjectRepoIndexer = "byProjectRepo" + ByProjectRepoWriteIndexer = "byProjectRepoWrite" + byProjectIndexerFunc = func(secretType string) func(obj interface{}) ([]string, error) { return func(obj interface{}) ([]string, error) { s, ok := obj.(*apiv1.Secret) if !ok { @@ -537,8 +538,8 @@ const ( ) const ( - // default max webhook payload size is 1GB - defaultMaxWebhookPayloadSize = int64(1) * 1024 * 1024 * 1024 + // default max webhook payload size is 50MB + defaultMaxWebhookPayloadSize = int64(50) * 1024 * 1024 // application sync with impersonation feature is disabled by default. defaultImpersonationEnabledFlag = false @@ -638,11 +639,7 @@ func (mgr *SettingsManager) GetSecretsInformer() (cache.SharedIndexInformer, err } func (mgr *SettingsManager) updateSecret(callback func(*apiv1.Secret) error) error { - err := mgr.ensureSynced(false) - if err != nil { - return err - } - argoCDSecret, err := mgr.secrets.Secrets(mgr.namespace).Get(common.ArgoCDSecretName) + argoCDSecret, err := mgr.getSecret() createSecret := false if err != nil { if !apierr.IsNotFound(err) { @@ -656,24 +653,21 @@ func (mgr *SettingsManager) updateSecret(callback func(*apiv1.Secret) error) err } createSecret = true } - if argoCDSecret.Data == nil { - argoCDSecret.Data = make(map[string][]byte) - } - updatedSecret := argoCDSecret.DeepCopy() - err = callback(updatedSecret) + beforeUpdate := argoCDSecret.DeepCopy() + err = callback(argoCDSecret) if err != nil { return err } - if !createSecret && reflect.DeepEqual(argoCDSecret.Data, updatedSecret.Data) { + if !createSecret && reflect.DeepEqual(beforeUpdate.Data, argoCDSecret.Data) { return nil } if createSecret { - _, err = mgr.clientset.CoreV1().Secrets(mgr.namespace).Create(context.Background(), updatedSecret, metav1.CreateOptions{}) + _, err = mgr.clientset.CoreV1().Secrets(mgr.namespace).Create(context.Background(), argoCDSecret, metav1.CreateOptions{}) } else { - _, err = mgr.clientset.CoreV1().Secrets(mgr.namespace).Update(context.Background(), updatedSecret, metav1.UpdateOptions{}) + _, err = mgr.clientset.CoreV1().Secrets(mgr.namespace).Update(context.Background(), argoCDSecret, metav1.UpdateOptions{}) } if err != nil { return err @@ -693,18 +687,17 @@ func (mgr *SettingsManager) updateConfigMap(callback func(*apiv1.ConfigMap) erro ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, }, + Data: make(map[string]string), } createCM = true } - if argoCDCM.Data == nil { - argoCDCM.Data = make(map[string]string) - } + beforeUpdate := argoCDCM.DeepCopy() err = callback(argoCDCM) if err != nil { return err } - if reflect.DeepEqual(beforeUpdate.Data, argoCDCM.Data) { + if !createCM && reflect.DeepEqual(beforeUpdate.Data, argoCDCM.Data) { return nil } @@ -724,33 +717,68 @@ func (mgr *SettingsManager) updateConfigMap(callback func(*apiv1.ConfigMap) erro } func (mgr *SettingsManager) getConfigMap() (*apiv1.ConfigMap, error) { + return mgr.GetConfigMapByName(common.ArgoCDConfigMapName) +} + +// Returns the ConfigMap with the given name from the cluster. +// The ConfigMap must be labeled with "app.kubernetes.io/part-of: argocd" in +// order to be retrievable. +func (mgr *SettingsManager) GetConfigMapByName(configMapName string) (*apiv1.ConfigMap, error) { err := mgr.ensureSynced(false) if err != nil { return nil, err } - argoCDCM, err := mgr.configmaps.ConfigMaps(mgr.namespace).Get(common.ArgoCDConfigMapName) + configMap, err := mgr.configmaps.ConfigMaps(mgr.namespace).Get(configMapName) if err != nil { return nil, err } - if argoCDCM.Data == nil { - argoCDCM.Data = make(map[string]string) + cmCopy := configMap.DeepCopy() + if cmCopy.Data == nil { + cmCopy.Data = make(map[string]string) } - return argoCDCM, err + return cmCopy, err } -// Returns the ConfigMap with the given name from the cluster. -// The ConfigMap must be labeled with "app.kubernetes.io/part-of: argocd" in -// order to be retrievable. -func (mgr *SettingsManager) GetConfigMapByName(configMapName string) (*apiv1.ConfigMap, error) { +func (mgr *SettingsManager) getSecret() (*apiv1.Secret, error) { + return mgr.GetSecretByName(common.ArgoCDSecretName) +} + +// Returns the Secret with the given name from the cluster. +func (mgr *SettingsManager) GetSecretByName(secretName string) (*apiv1.Secret, error) { err := mgr.ensureSynced(false) if err != nil { return nil, err } - configMap, err := mgr.configmaps.ConfigMaps(mgr.namespace).Get(configMapName) + secret, err := mgr.secrets.Secrets(mgr.namespace).Get(secretName) + if err != nil { + return nil, err + } + secretCopy := secret.DeepCopy() + if secretCopy.Data == nil { + secretCopy.Data = make(map[string][]byte) + } + return secretCopy, err +} + +func (mgr *SettingsManager) getSecrets() ([]*apiv1.Secret, error) { + err := mgr.ensureSynced(false) + if err != nil { + return nil, err + } + + selector, err := labels.Parse(partOfArgoCDSelector) + if err != nil { + return nil, fmt.Errorf("error parsing Argo CD selector %w", err) + } + secrets, err := mgr.secrets.Secrets(mgr.namespace).List(selector) if err != nil { return nil, err } - return configMap, err + // SecretNamespaceLister lists all Secrets in the indexer for a given namespace. + // Objects returned by the lister must be treated as read-only. + // To allow us to modify the secrets, make a copy + secrets = util.SecretCopy(secrets) + return secrets, nil } func (mgr *SettingsManager) GetResourcesFilter() (*ResourcesFilter, error) { @@ -1319,30 +1347,19 @@ func (mgr *SettingsManager) GetHelp() (*Help, error) { // GetSettings retrieves settings from the ArgoCDConfigMap and secret. func (mgr *SettingsManager) GetSettings() (*ArgoCDSettings, error) { - err := mgr.ensureSynced(false) - if err != nil { - return nil, err - } - argoCDCM, err := mgr.configmaps.ConfigMaps(mgr.namespace).Get(common.ArgoCDConfigMapName) + argoCDCM, err := mgr.getConfigMap() if err != nil { return nil, fmt.Errorf("error retrieving argocd-cm: %w", err) } - argoCDSecret, err := mgr.secrets.Secrets(mgr.namespace).Get(common.ArgoCDSecretName) + argoCDSecret, err := mgr.getSecret() if err != nil { return nil, fmt.Errorf("error retrieving argocd-secret: %w", err) } - selector, err := labels.Parse(partOfArgoCDSelector) + secrets, err := mgr.getSecrets() if err != nil { - return nil, fmt.Errorf("error parsing Argo CD selector %w", err) - } - secrets, err := mgr.secrets.Secrets(mgr.namespace).List(selector) - if err != nil { - return nil, err + return nil, fmt.Errorf("error retrieving argocd secrets: %w", err) } - // SecretNamespaceLister lists all Secrets in the indexer for a given namespace. - // Objects returned by the lister must be treated as read-only. - // To allow us to modify the secrets, make a copy - secrets = util.SecretCopy(secrets) + var settings ArgoCDSettings var errs []error updateSettingsFromConfigMap(&settings, argoCDCM) @@ -1384,11 +1401,12 @@ func (mgr *SettingsManager) initialize(ctx context.Context) error { }, } indexers := cache.Indexers{ - cache.NamespaceIndex: cache.MetaNamespaceIndexFunc, - ByClusterURLIndexer: byClusterURLIndexerFunc, - ByClusterNameIndexer: byClusterNameIndexerFunc, - ByProjectClusterIndexer: byProjectIndexerFunc(common.LabelValueSecretTypeCluster), - ByProjectRepoIndexer: byProjectIndexerFunc(common.LabelValueSecretTypeRepository), + cache.NamespaceIndex: cache.MetaNamespaceIndexFunc, + ByClusterURLIndexer: byClusterURLIndexerFunc, + ByClusterNameIndexer: byClusterNameIndexerFunc, + ByProjectClusterIndexer: byProjectIndexerFunc(common.LabelValueSecretTypeCluster), + ByProjectRepoIndexer: byProjectIndexerFunc(common.LabelValueSecretTypeRepository), + ByProjectRepoWriteIndexer: byProjectIndexerFunc(common.LabelValueSecretTypeRepositoryWrite), } cmInformer := v1.NewFilteredConfigMapInformer(mgr.clientset, mgr.namespace, 3*time.Minute, indexers, tweakConfigMap) secretsInformer := v1.NewSecretInformer(mgr.clientset, mgr.namespace, 3*time.Minute, indexers) @@ -1638,7 +1656,7 @@ func (mgr *SettingsManager) updateSettingsFromSecret(settings *ArgoCDSettings, a // return values are nil, no external secret has been configured. func (mgr *SettingsManager) externalServerTLSCertificate() (*tls.Certificate, error) { var cert tls.Certificate - secret, err := mgr.secrets.Secrets(mgr.namespace).Get(externalServerTLSSecretName) + secret, err := mgr.GetSecretByName(externalServerTLSSecretName) if err != nil { if apierr.IsNotFound(err) { return nil, nil @@ -1731,20 +1749,11 @@ func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error { // Save the SSH known host data into the corresponding ConfigMap func (mgr *SettingsManager) SaveSSHKnownHostsData(ctx context.Context, knownHostsList []string) error { - err := mgr.ensureSynced(false) - if err != nil { - return err - } - certCM, err := mgr.GetConfigMapByName(common.ArgoCDKnownHostsConfigMapName) if err != nil { return err } - if certCM.Data == nil { - certCM.Data = make(map[string]string) - } - sshKnownHostsData := strings.Join(knownHostsList, "\n") + "\n" certCM.Data["ssh_known_hosts"] = sshKnownHostsData _, err = mgr.clientset.CoreV1().ConfigMaps(mgr.namespace).Update(ctx, certCM, metav1.UpdateOptions{}) @@ -1756,11 +1765,6 @@ func (mgr *SettingsManager) SaveSSHKnownHostsData(ctx context.Context, knownHost } func (mgr *SettingsManager) SaveTLSCertificateData(ctx context.Context, tlsCertificates map[string]string) error { - err := mgr.ensureSynced(false) - if err != nil { - return err - } - certCM, err := mgr.GetConfigMapByName(common.ArgoCDTLSCertsConfigMapName) if err != nil { return err @@ -1776,11 +1780,6 @@ func (mgr *SettingsManager) SaveTLSCertificateData(ctx context.Context, tlsCerti } func (mgr *SettingsManager) SaveGPGPublicKeyData(ctx context.Context, gpgPublicKeys map[string]string) error { - err := mgr.ensureSynced(false) - if err != nil { - return err - } - keysCM, err := mgr.GetConfigMapByName(common.ArgoCDGPGKeysConfigMapName) if err != nil { return err @@ -2205,7 +2204,7 @@ func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoC hosts := []string{ "localhost", "argocd-server", - fmt.Sprintf("argocd-server.%s", mgr.namespace), + "argocd-server." + mgr.namespace, fmt.Sprintf("argocd-server.%s.svc", mgr.namespace), fmt.Sprintf("argocd-server.%s.svc.cluster.local", mgr.namespace), } diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go index 1a220bc2f063a..8822793364038 100644 --- a/util/settings/settings_test.go +++ b/util/settings/settings_test.go @@ -50,7 +50,7 @@ func fixtures(data map[string]string, opts ...func(secret *v1.Secret)) (*fake.Cl for i := range opts { opts[i](secret) } - kubeClient := fake.NewSimpleClientset(cm, secret) + kubeClient := fake.NewClientset(cm, secret) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") return kubeClient, settingsManager @@ -66,6 +66,42 @@ func TestDocumentedArgoCDConfigMapIsValid(t *testing.T) { updateSettingsFromConfigMap(&settings, argocdCM) } +func TestGetConfigMapByName(t *testing.T) { + t.Run("data is never nil", func(t *testing.T) { + _, settingsManager := fixtures(nil) + cm, err := settingsManager.GetConfigMapByName(common.ArgoCDConfigMapName) + require.NoError(t, err) + assert.NotNil(t, cm.Data) + }) + t.Run("cannot update informer value", func(t *testing.T) { + _, settingsManager := fixtures(nil) + cm1, err := settingsManager.GetConfigMapByName(common.ArgoCDConfigMapName) + require.NoError(t, err) + cm1.Data["test"] = "invalid" + cm2, err := settingsManager.GetConfigMapByName(common.ArgoCDConfigMapName) + require.NoError(t, err) + assert.NotContains(t, cm2.Data, "test") + }) +} + +func TestGetSecretByName(t *testing.T) { + t.Run("data is never nil", func(t *testing.T) { + _, settingsManager := fixtures(nil, func(secret *v1.Secret) { secret.Data = nil }) + secret, err := settingsManager.GetSecretByName(common.ArgoCDSecretName) + require.NoError(t, err) + assert.NotNil(t, secret.Data) + }) + t.Run("cannot update informer value", func(t *testing.T) { + _, settingsManager := fixtures(nil) + s1, err := settingsManager.GetSecretByName(common.ArgoCDSecretName) + require.NoError(t, err) + s1.Data["test"] = []byte("invalid") + s2, err := settingsManager.GetSecretByName(common.ArgoCDSecretName) + require.NoError(t, err) + assert.NotContains(t, s2.Data, "test") + }) +} + func TestGetRepositories(t *testing.T) { _, settingsManager := fixtures(map[string]string{ "repositories": "\n - url: http://foo\n", @@ -98,8 +134,8 @@ func TestGetExtensionConfigs(t *testing.T) { name: "will return main and additional config successfully", expectedLen: 2, input: map[string]string{ - extensionConfig: "main config", - fmt.Sprintf("%s.anotherExtension", extensionConfig): "another config", + extensionConfig: "main config", + extensionConfig + ".anotherExtension": "another config", }, expected: map[string]string{ "": "main config", @@ -135,7 +171,7 @@ func TestSaveRepositories(t *testing.T) { } func TestSaveRepositoriesNoConfigMap(t *testing.T) { - kubeClient := fake.NewSimpleClientset() + kubeClient := fake.NewClientset() settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") err := settingsManager.SaveRepositories([]Repository{{URL: "http://foo"}}) @@ -198,7 +234,7 @@ func TestInClusterServerAddressEnabled(t *testing.T) { } func TestInClusterServerAddressEnabledByDefault(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -920,7 +956,7 @@ func TestSettingsManager_GetHelp(t *testing.T) { func TestSettingsManager_GetSettings(t *testing.T) { t.Run("UserSessionDurationNotProvided", func(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -950,7 +986,7 @@ func TestSettingsManager_GetSettings(t *testing.T) { assert.Equal(t, time.Hour*24, s.UserSessionDuration) }) t.Run("UserSessionDurationInvalidFormat", func(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -982,7 +1018,7 @@ func TestSettingsManager_GetSettings(t *testing.T) { assert.Equal(t, time.Hour*24, s.UserSessionDuration) }) t.Run("UserSessionDurationProvided", func(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -1016,7 +1052,7 @@ func TestSettingsManager_GetSettings(t *testing.T) { } func TestGetOIDCConfig(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -1096,7 +1132,7 @@ func Test_validateExternalURL(t *testing.T) { } func TestGetOIDCSecretTrim(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -1142,7 +1178,7 @@ func getCNFromCertificate(cert *tls.Certificate) string { func Test_GetTLSConfiguration(t *testing.T) { t.Run("Valid external TLS secret with success", func(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -1188,7 +1224,7 @@ func Test_GetTLSConfiguration(t *testing.T) { }) t.Run("Valid external TLS secret overrides argocd-secret", func(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -1235,7 +1271,7 @@ func Test_GetTLSConfiguration(t *testing.T) { assert.Contains(t, getCNFromCertificate(settings.Certificate), "localhost") }) t.Run("Invalid external TLS secret", func(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -1278,7 +1314,7 @@ func Test_GetTLSConfiguration(t *testing.T) { assert.NotNil(t, settings) }) t.Run("No external TLS secret", func(t *testing.T) { - kubeClient := fake.NewSimpleClientset( + kubeClient := fake.NewClientset( &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDConfigMapName, @@ -1385,7 +1421,7 @@ requestedIDTokenClaims: {"groups": {"essential": true}}`, "webhook.github.secret": []byte("mywebhooksecret"), }, } - kubeClient := fake.NewSimpleClientset(cm, secret, argocdSecret) + kubeClient := fake.NewClientset(cm, secret, argocdSecret) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") settings, err := settingsManager.GetSettings() @@ -1443,7 +1479,7 @@ func TestGetEnableManifestGeneration(t *testing.T) { }, } - kubeClient := fake.NewSimpleClientset(cm, argocdSecret) + kubeClient := fake.NewClientset(cm, argocdSecret) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") enableManifestGeneration, err := settingsManager.GetEnabledSourceTypes() @@ -1512,7 +1548,7 @@ func TestGetHelmSettings(t *testing.T) { "clientSecret": []byte("deadbeef"), }, } - kubeClient := fake.NewSimpleClientset(cm, secret, argocdSecret) + kubeClient := fake.NewClientset(cm, secret, argocdSecret) settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") helmSettings, err := settingsManager.GetHelmSettings() @@ -1781,7 +1817,7 @@ func TestRedirectAdditionalURLs(t *testing.T) { func TestIsImpersonationEnabled(t *testing.T) { // When there is no argocd-cm itself, // Then IsImpersonationEnabled() must return false (default value) and an error with appropriate error message. - kubeClient := fake.NewSimpleClientset() + kubeClient := fake.NewClientset() settingsManager := NewSettingsManager(context.Background(), kubeClient, "default") featureFlag, err := settingsManager.IsImpersonationEnabled() require.False(t, featureFlag, diff --git a/util/tls/tls_test.go b/util/tls/tls_test.go index d164c68b233f1..6ce46af940a5b 100644 --- a/util/tls/tls_test.go +++ b/util/tls/tls_test.go @@ -145,7 +145,7 @@ func TestGetTLSVersionByString(t *testing.T) { func TestGetTLSCipherSuitesByString(t *testing.T) { suites := make([]string, 0) for _, s := range tls.CipherSuites() { - t.Run(fmt.Sprintf("Test for valid suite %s", s.Name), func(t *testing.T) { + t.Run("Test for valid suite "+s.Name, func(t *testing.T) { ids, err := getTLSCipherSuitesByString(s.Name) require.NoError(t, err) assert.Len(t, ids, 1) @@ -203,7 +203,7 @@ func TestGenerate(t *testing.T) { }) for _, curve := range []string{"P224", "P256", "P384", "P521"} { - t.Run(fmt.Sprintf("Create certificate with curve %s", curve), func(t *testing.T) { + t.Run("Create certificate with curve "+curve, func(t *testing.T) { opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ECDSACurve: curve} _, _, err := generate(opts) require.NoError(t, err) diff --git a/util/webhook/webhook.go b/util/webhook/webhook.go index df5c1fecc1273..f56a25a4c4217 100644 --- a/util/webhook/webhook.go +++ b/util/webhook/webhook.go @@ -465,7 +465,7 @@ func (a *ArgoCDWebhookHandler) Handler(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { status = http.StatusMethodNotAllowed } - http.Error(w, fmt.Sprintf("Webhook processing failed: %s", html.EscapeString(err.Error())), status) + http.Error(w, "Webhook processing failed: "+html.EscapeString(err.Error()), status) return } diff --git a/util/webhook/webhook_test.go b/util/webhook/webhook_test.go index 892fbea2038f6..9dd4695918e30 100644 --- a/util/webhook/webhook_test.go +++ b/util/webhook/webhook_test.go @@ -60,7 +60,7 @@ type reactorDef struct { } func NewMockHandler(reactor *reactorDef, applicationNamespaces []string, objects ...runtime.Object) *ArgoCDWebhookHandler { - defaultMaxPayloadSize := int64(1) * 1024 * 1024 * 1024 + defaultMaxPayloadSize := int64(50) * 1024 * 1024 return NewMockHandlerWithPayloadLimit(reactor, applicationNamespaces, defaultMaxPayloadSize, objects...) } @@ -428,7 +428,7 @@ func TestInvalidEvent(t *testing.T) { close(h.queue) h.Wait() assert.Equal(t, http.StatusBadRequest, w.Code) - expectedLogResult := "Webhook processing failed: The payload is either too large or corrupted. Please check the payload size (must be under 1024 MB) and ensure it is valid JSON" + expectedLogResult := "Webhook processing failed: The payload is either too large or corrupted. Please check the payload size (must be under 50 MB) and ensure it is valid JSON" assert.Equal(t, expectedLogResult, hook.LastEntry().Message) assert.Equal(t, expectedLogResult+"\n", w.Body.String()) hook.Reset()