Skip to content

Commit

Permalink
Merge branch 'release-2.8' of github.com:codefresh-io/argo-cd into CR…
Browse files Browse the repository at this point in the history
…-cluster-details-sec-vuln
  • Loading branch information
pasha-codefresh committed Sep 11, 2023
2 parents ed8ad27 + d00461d commit f4f64b9
Show file tree
Hide file tree
Showing 24 changed files with 1,239 additions and 698 deletions.
14 changes: 14 additions & 0 deletions assets/swagger.json
Original file line number Diff line number Diff line change
Expand Up @@ -8415,6 +8415,13 @@
"type": "object",
"title": "ResourceNode contains information about live resource and its children\nTODO: describe members of this type",
"properties": {
"annotations": {
"type": "object",
"title": "available for managed resource without k8s-last-applied-configuration",
"additionalProperties": {
"type": "string"
}
},
"createdAt": {
"$ref": "#/definitions/v1Time"
},
Expand All @@ -8433,6 +8440,13 @@
"$ref": "#/definitions/v1alpha1InfoItem"
}
},
"labels": {
"type": "object",
"title": "available for managed resource",
"additionalProperties": {
"type": "string"
}
},
"networkingInfo": {
"$ref": "#/definitions/v1alpha1ResourceNetworkingInfo"
},
Expand Down
8 changes: 8 additions & 0 deletions cmd/argocd-repo-server/commands/argocd_repo_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,8 @@ func NewCommand() *cobra.Command {
allowOutOfBoundsSymlinks bool
streamedManifestMaxTarSize string
streamedManifestMaxExtractedSize string
helmManifestMaxExtractedSize string
disableManifestMaxExtractedSize bool
)
var command = cobra.Command{
Use: cliName,
Expand Down Expand Up @@ -120,6 +122,9 @@ func NewCommand() *cobra.Command {
streamedManifestMaxExtractedSizeQuantity, err := resource.ParseQuantity(streamedManifestMaxExtractedSize)
errors.CheckError(err)

helmManifestMaxExtractedSizeQuantity, err := resource.ParseQuantity(helmManifestMaxExtractedSize)
errors.CheckError(err)

askPassServer := askpass.NewServer()
metricsServer := metrics.NewMetricsServer()
cacheutil.CollectMetrics(redisClient, metricsServer)
Expand All @@ -134,6 +139,7 @@ func NewCommand() *cobra.Command {
AllowOutOfBoundsSymlinks: allowOutOfBoundsSymlinks,
StreamedManifestMaxExtractedSize: streamedManifestMaxExtractedSizeQuantity.ToDec().Value(),
StreamedManifestMaxTarSize: streamedManifestMaxTarSizeQuantity.ToDec().Value(),
HelmManifestMaxExtractedSize: helmManifestMaxExtractedSizeQuantity.ToDec().Value(),
}, askPassServer)
errors.CheckError(err)

Expand Down Expand Up @@ -216,6 +222,8 @@ func NewCommand() *cobra.Command {
command.Flags().BoolVar(&allowOutOfBoundsSymlinks, "allow-oob-symlinks", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS", false), "Allow out-of-bounds symlinks in repositories (not recommended)")
command.Flags().StringVar(&streamedManifestMaxTarSize, "streamed-manifest-max-tar-size", env.StringFromEnv("ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE", "100M"), "Maximum size of streamed manifest archives")
command.Flags().StringVar(&streamedManifestMaxExtractedSize, "streamed-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of streamed manifest archives when extracted")
command.Flags().StringVar(&helmManifestMaxExtractedSize, "helm-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of helm manifest archives when extracted")
command.Flags().BoolVar(&disableManifestMaxExtractedSize, "disable-helm-manifest-max-extracted-size", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE", false), "Disable maximum size of helm manifest archives when extracted")
tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command)
cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
redisClient = client
Expand Down
13 changes: 11 additions & 2 deletions controller/appcontroller.go
Original file line number Diff line number Diff line change
Expand Up @@ -455,15 +455,24 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed
}

if live == nil {
nodes = append(nodes, appv1.ResourceNode{
newNode := appv1.ResourceNode{
ResourceRef: appv1.ResourceRef{
Version: target.GroupVersionKind().Version,
Name: managedResource.Name,
Kind: managedResource.Kind,
Group: managedResource.Group,
Namespace: managedResource.Namespace,
},
})
}

if targetLabels := target.GetLabels(); targetLabels != nil {
newNode.Labels = targetLabels
}
if targetAnnotations := target.GetAnnotations(); targetAnnotations != nil {
newNode.Annotations = targetAnnotations
}

nodes = append(nodes, newNode)
} else {
err := ctrl.stateCache.IterateHierarchy(a.Spec.Destination.Server, kube.GetResourceKey(live), func(child appv1.ResourceNode, appName string) bool {
permitted, _ := proj.IsResourcePermitted(schema.GroupKind{Group: child.ResourceRef.Group, Kind: child.ResourceRef.Kind}, child.Namespace, a.Spec.Destination, func(project string) ([]*appv1.Cluster, error) {
Expand Down
3 changes: 3 additions & 0 deletions controller/appcontroller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -885,6 +885,9 @@ func TestGetResourceTree_HasOrphanedResources(t *testing.T) {

managedDeploy := v1alpha1.ResourceNode{
ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "nginx-deployment", Version: "v1"},
Labels: map[string]string{
"app": "nginx",
},
}
orphanedDeploy1 := v1alpha1.ResourceNode{
ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy1"},
Expand Down
14 changes: 13 additions & 1 deletion controller/cache/cache.go
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,7 @@ func asResourceNode(r *clustercache.Resource) appv1.ResourceNode {
if resourceInfo.Health != nil {
resHealth = &appv1.HealthStatus{Status: resourceInfo.Health.Status, Message: resourceInfo.Health.Message}
}
return appv1.ResourceNode{
result := appv1.ResourceNode{
ResourceRef: appv1.ResourceRef{
UID: string(r.Ref.UID),
Name: r.Ref.Name,
Expand All @@ -265,6 +265,18 @@ func asResourceNode(r *clustercache.Resource) appv1.ResourceNode {
Health: resHealth,
CreatedAt: r.CreationTimestamp,
}

if r.Resource != nil {
if labels := r.Resource.GetLabels(); labels != nil {
result.Labels = labels
}
if annotations := r.Resource.GetAnnotations(); annotations != nil {
delete(annotations, "kubectl.kubernetes.io/last-applied-configuration")
result.Annotations = annotations
}
}

return result
}

func resInfo(r *clustercache.Resource) *ResourceInfo {
Expand Down
2 changes: 2 additions & 0 deletions docs/operator-manual/server-commands/argocd-repo-server.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ argocd-repo-server [flags]
--address string Listen on given address for incoming connections (default "0.0.0.0")
--allow-oob-symlinks Allow out-of-bounds symlinks in repositories (not recommended)
--default-cache-expiration duration Cache expiration default (default 24h0m0s)
--disable-helm-manifest-max-extracted-size Disable maximum size of helm manifest archives when extracted
--disable-tls Disable TLS on the gRPC endpoint
--helm-manifest-max-extracted-size string Maximum size of helm manifest archives when extracted (default "1G")
-h, --help help for argocd-repo-server
--logformat string Set the logging format. One of: text|json (default "text")
--loglevel string Set the logging level. One of: debug|info|warn|error (default "info")
Expand Down
2 changes: 1 addition & 1 deletion manifests/base/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: Kustomization
images:
- name: quay.io/argoproj/argocd
newName: quay.io/codefresh/argocd
newTag: v2.8.1-cap-CR-19754-deletion-fix
newTag: latest
resources:
- ./application-controller
- ./dex
Expand Down
12 changes: 12 additions & 0 deletions manifests/base/repo-server/argocd-repo-server-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,18 @@ spec:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
name: argocd-cmd-params-cm
key: reposerver.disable.helm.manifest.max.extracted.size
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
Expand Down
18 changes: 15 additions & 3 deletions manifests/core-install.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19565,6 +19565,18 @@ spec:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.disable.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
Expand All @@ -19577,7 +19589,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -19629,7 +19641,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
name: copyutil
securityContext:
allowPrivilegeEscalation: false
Expand Down Expand Up @@ -19847,7 +19859,7 @@ spec:
key: controller.kubectl.parallelism.limit
name: argocd-cmd-params-cm
optional: true
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
name: argocd-application-controller
ports:
Expand Down
2 changes: 1 addition & 1 deletion manifests/core-install/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@ resources:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/codefresh/argocd
newTag: v2.8.1-cap-CR-19754-deletion-fix
newTag: latest
2 changes: 1 addition & 1 deletion manifests/ha/base/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ patches:
images:
- name: quay.io/argoproj/argocd
newName: quay.io/codefresh/argocd
newTag: v2.8.1-cap-CR-19754-deletion-fix
newTag: latest
resources:
- ../../base/application-controller
- ../../base/applicationset-controller
Expand Down
22 changes: 17 additions & 5 deletions manifests/ha/install.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20543,7 +20543,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
name: copyutil
securityContext:
Expand Down Expand Up @@ -20843,6 +20843,18 @@ spec:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.disable.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
Expand All @@ -20855,7 +20867,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -20907,7 +20919,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
name: copyutil
securityContext:
allowPrivilegeEscalation: false
Expand Down Expand Up @@ -21202,7 +21214,7 @@ spec:
key: server.enable.proxy.extension
name: argocd-cmd-params-cm
optional: true
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
livenessProbe:
httpGet:
Expand Down Expand Up @@ -21450,7 +21462,7 @@ spec:
key: controller.kubectl.parallelism.limit
name: argocd-cmd-params-cm
optional: true
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
name: argocd-application-controller
ports:
Expand Down
22 changes: 17 additions & 5 deletions manifests/ha/namespace-install.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1644,7 +1644,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
name: copyutil
securityContext:
Expand Down Expand Up @@ -1944,6 +1944,18 @@ spec:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.disable.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
Expand All @@ -1956,7 +1968,7 @@ spec:
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -2008,7 +2020,7 @@ spec:
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
name: copyutil
securityContext:
allowPrivilegeEscalation: false
Expand Down Expand Up @@ -2303,7 +2315,7 @@ spec:
key: server.enable.proxy.extension
name: argocd-cmd-params-cm
optional: true
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
livenessProbe:
httpGet:
Expand Down Expand Up @@ -2551,7 +2563,7 @@ spec:
key: controller.kubectl.parallelism.limit
name: argocd-cmd-params-cm
optional: true
image: quay.io/codefresh/argocd:v2.8.1-cap-CR-19754-deletion-fix
image: quay.io/codefresh/argocd:latest
imagePullPolicy: Always
name: argocd-application-controller
ports:
Expand Down
Loading

0 comments on commit f4f64b9

Please sign in to comment.