Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(appset): improve git generator repourl fallback #21167

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

fix(appset): improve git generator repourl fallback #21167

wants to merge 4 commits into from
+732 −132

Conversation

blakepettersson
Copy link
Member

@blakepettersson blakepettersson commented Dec 13, 2024
edited
Loading

With #18388, we added the possibility of being able to create a repository credential with the same URL per AppProject (previously it was only possible to create one credential globally for the same URL). Sadly, this caused a regression in regards to ApplicationSets using Git Generators. Now, any credential that is used for an appset needs to have an unset appproject - which leads to a lot of hard to diagnose errors from users that are inadvertently using a repo cred that is scoped to a project.

This PR fixes it by using similar semantics as the API server (used when doing argocd repo get or argocd repo delete):

* If there is only one repo credential with the given URL - use that.
* If there are multiple repo credentials with the same URL - first find a repo cred with an unset approject
* Otherwise, If there are multiple repo credentials with the same URL - use the first one found (order undefined)
* Otherwise, fail with an error

This has a provision to be extended with a project field on the Git generator itself. This would require CRD changes; for the sake of expediency we'll punt this for another PR.

This PR addresses this by sending in the project field of an appset into db.GetRepository. This has similar semantics to what already exists when the app controller is trying to resolve a repository credential for an Application.

  1. Attempt to look up a repository credential with a matching project and url
  2. Otherwise attempt to look up a repository credential with a matching url, with an empty project (as today)

This should only apply if the project field is not templated (i.e it does not contain {{) - otherwise only a repository credential with an unset project can be used with the given appset (as today).

This should be backported to 2.12 - 2.14.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

@bunnyshell Bunnyshell
Copy link

bunnyshell bot commented Dec 13, 2024
edited
Loading

❗ Preview Environment deployment failed on Bunnyshell

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

  • 🚀 /bns:deploy to redeploy the environment
  • /bns:delete to remove the environment

@blakepettersson blakepettersson changed the title feat: use project-scoped repos in git generators feat(appset): use project-scoped repos in git generators Dec 13, 2024
@blakepettersson blakepettersson changed the title feat(appset): use project-scoped repos in git generators feat(appset): allow usage of project-scoped repos in git generators Dec 13, 2024
@blakepettersson blakepettersson force-pushed the fix/project-scoped-git-generator branch 7 times, most recently from 390fcca to 6205485 Compare December 15, 2024 11:54
@codecov Codecov
Copy link

codecov bot commented Dec 15, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 82.85714% with 6 lines in your changes missing coverage. Please review.

Project coverage is 55.21%. Comparing base (5e30858) to head (4ac4211).
Report is 25 commits behind head on master.

Files with missing lines Patch % Lines
applicationset/services/repo_service.go 77.77% 4 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #21167      +/-   ##
==========================================
+ Coverage   55.20%   55.21%   +0.01%     
==========================================
  Files         338      337       -1     
  Lines       57090    57056      -34     
==========================================
- Hits        31516    31506      -10     
+ Misses      22878    22857      -21     
+ Partials     2696     2693       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@blakepettersson blakepettersson force-pushed the fix/project-scoped-git-generator branch from 6205485 to 63c7a0f Compare December 16, 2024 10:12
@blakepettersson blakepettersson changed the title feat(appset): allow usage of project-scoped repos in git generators fix(appset): improve git generator repourl fallback Dec 16, 2024
gdsoumya
gdsoumya requested changes Dec 16, 2024
View reviewed changes
util/repository/repository.go Outdated
Comment on lines 30 to 32
if len(foundRepos) == 1 && appProject == "" {
return foundRepos[0], nil
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are already returning any matching repo cred whether it has a project specified or not in case appProject is empty and there's only one rep cred found so i think in the case where we have more than 1 matching repos we should still return one of the repo creds we find instead of throwing an error. We can add an extra step to prioritise the repo cred that's missing the project but if that doesn't exist we should just return the first matching cred.

@blakepettersson blakepettersson force-pushed the fix/project-scoped-git-generator branch from cf3b175 to b727302 Compare December 18, 2024 12:41
@blakepettersson blakepettersson marked this pull request as ready for review December 18, 2024 12:43
@blakepettersson blakepettersson requested a review from a team as a code owner December 18, 2024 12:43
@blakepettersson
feat(appset): allow usage of project-scoped repos in git generators
1ec09bb 
With argoproj#18388, we added the possibility of being able to create a
repository credential with the same URL per AppProject (previously one
could only create one credential globally for the same URL). Sadly, this
caused a regression in regards to ApplicationSets. Now, any credential
that is used for an appset needs to have an unset appproject.

This fixes it by using the same semantics as the API server (used
when doing `argocd repo get` or `argocd repo delete`:

* If there is only one repo credential with the given URL and there is
  no AppProject set on the Git genertor - use that.
* If an AppProject is specified on the Git generator and the single repo
  cred does not match it, return an error.
* If there are multiple repo credentials with the same URL, return an
  error if none matches the given project passed in from the git
generator

This could potentially be split into two PRs; one to allow for a more
flexible retrieval of a _single_ URL, which can be backported to 2.12 -
2.13, and another with the CRD changes which would allow a project to
be specified on the Git generator, which would go in 2.14+.

Signed-off-by: Blake Pettersson <[email protected]>
@blakepettersson
chore: punt the crd changes for now
52add39 
For now, let's focus on unblocking users which have issues using git
generators. There is a provision to easily extend this by adding a
project field to the Git Generator, but this needs more discussion.

Signed-off-by: Blake Pettersson <[email protected]>
@blakepettersson
fix: fallback to the first matching repo
ffd629a 
In case there is no repo with a matching url and an empty project,
return the first repo matching the repo url.

Signed-off-by: Blake Pettersson <[email protected]>
@blakepettersson blakepettersson force-pushed the fix/project-scoped-git-generator branch 3 times, most recently from 05f0764 to bd4c647 Compare December 21, 2024 21:20
@blakepettersson
chore: partial revert
4ac4211 
Stick to using getrepository and pass through the project values from
`appSet.Spec.Template.Spec.Project`.

Signed-off-by: Blake Pettersson <[email protected]>
@blakepettersson blakepettersson force-pushed the fix/project-scoped-git-generator branch from bd4c647 to 4ac4211 Compare December 25, 2024 22:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gdsoumya gdsoumya gdsoumya requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@blakepettersson @gdsoumya