feat: Support use of secrets for Route tls data (#1547)

* Use secret for route tls

Signed-off-by: Siddhesh Ghadi <[email protected]>

* Add e2e test

Signed-off-by: Siddhesh Ghadi <[email protected]>

* Fix lint and add gitleak ignore file

Signed-off-by: Siddhesh Ghadi <[email protected]>

* Update openshift api library to latest of 4.14

Signed-off-by: Siddhesh Ghadi <[email protected]>

* Implement custom logic for externalCertificate from latest Route API schema

Signed-off-by: Siddhesh Ghadi <[email protected]>

* Update comment

Signed-off-by: Siddhesh Ghadi <[email protected]>

---------

Signed-off-by: Siddhesh Ghadi <[email protected]>

.gitleaks.toml

@@ -0,0 +1,10 @@
+[allowlist]
+  description = "Global Allowlist"
+
+  # Ignore based on any subset of the file path
+  paths = [
+
+    # Ignore anything with the word anywhere in the path
+    '''1-005_validate_route_tls''',
+
+  ]

api/v1alpha1/argocd_conversion.go

@@ -13,7 +13,7 @@ var conversionLogger = ctrl.Log.WithName("conversion-webhook")
 
 // ConvertTo converts this (v1alpha1) ArgoCD to the Hub version (v1beta1).
 func (src *ArgoCD) ConvertTo(dstRaw conversion.Hub) error {
-	conversionLogger.Info("v1alpha1 to v1beta1 conversion requested.")
+	conversionLogger.V(1).Info("v1alpha1 to v1beta1 conversion requested.")
 	dst := dstRaw.(*v1beta1.ArgoCD)
 
 	// ObjectMeta conversion
@@ -105,7 +105,7 @@ func (src *ArgoCD) ConvertTo(dstRaw conversion.Hub) error {
 
 // ConvertFrom converts from the Hub version (v1beta1) to this (v1alpha1) version.
 func (dst *ArgoCD) ConvertFrom(srcRaw conversion.Hub) error {
-	conversionLogger.Info("v1beta1 to v1alpha1 conversion requested.")
+	conversionLogger.V(1).Info("v1beta1 to v1alpha1 conversion requested.")
 
 	src := srcRaw.(*v1beta1.ArgoCD)
 
@@ -263,10 +263,14 @@ func ConvertAlphaToBetaGrafana(src *ArgoCDGrafanaSpec) *v1beta1.ArgoCDGrafanaSpe
 	var dst *v1beta1.ArgoCDGrafanaSpec
 	if src != nil {
 		dst = &v1beta1.ArgoCDGrafanaSpec{
-			Enabled: src.Enabled,
-			Host:    src.Host,
-			Image:   src.Image,
-			Ingress: v1beta1.ArgoCDIngressSpec(src.Ingress),
+			Enabled:   src.Enabled,
+			Host:      src.Host,
+			Image:     src.Image,
+			Ingress:   v1beta1.ArgoCDIngressSpec(src.Ingress),
+			Resources: src.Resources,
+			Route:     v1beta1.ArgoCDRouteSpec(src.Route),
+			Size:      src.Size,
+			Version:   src.Version,
 		}
 	}
 	return dst
@@ -483,10 +487,14 @@ func ConvertBetaToAlphaGrafana(src *v1beta1.ArgoCDGrafanaSpec) *ArgoCDGrafanaSpe
 	var dst *ArgoCDGrafanaSpec
 	if src != nil {
 		dst = &ArgoCDGrafanaSpec{
-			Enabled: src.Enabled,
-			Host:    src.Host,
-			Image:   src.Image,
-			Ingress: ArgoCDIngressSpec(src.Ingress),
+			Enabled:   src.Enabled,
+			Host:      src.Host,
+			Image:     src.Image,
+			Ingress:   ArgoCDIngressSpec(src.Ingress),
+			Resources: src.Resources,
+			Route:     ArgoCDRouteSpec(src.Route),
+			Size:      src.Size,
+			Version:   src.Version,
 		}
 	}
 	return dst

api/v1alpha1/argocd_conversion_test.go

@@ -3,6 +3,7 @@ package v1alpha1
 import (
 	"testing"
 
+	routev1 "github.com/openshift/api/route/v1"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/api/networking/v1"
@@ -443,6 +444,70 @@ func TestAlphaToBetaConversion(t *testing.T) {
 				}
 			}),
 		},
+		{
+			name: "ArgoCD Example - Route TLS",
+			input: makeTestArgoCDAlpha(func(cr *ArgoCD) {
+				cr.Spec.Server.Route = ArgoCDRouteSpec{
+					Enabled: true,
+					TLS: &routev1.TLSConfig{
+						Termination: routev1.TLSTerminationEdge,
+					},
+				}
+				cr.Spec.Prometheus.Route = ArgoCDRouteSpec{
+					Enabled: true,
+					TLS: &routev1.TLSConfig{
+						Termination: routev1.TLSTerminationEdge,
+					},
+				}
+				cr.Spec.Grafana.Route = ArgoCDRouteSpec{
+					Enabled: true,
+					TLS: &routev1.TLSConfig{
+						Termination: routev1.TLSTerminationEdge,
+					},
+				}
+				cr.Spec.ApplicationSet = &ArgoCDApplicationSet{
+					WebhookServer: WebhookServerSpec{
+						Route: ArgoCDRouteSpec{
+							Enabled: true,
+							TLS: &routev1.TLSConfig{
+								Termination: routev1.TLSTerminationEdge,
+							},
+						},
+					},
+				}
+			}),
+			expectedOutput: makeTestArgoCDBeta(func(cr *v1beta1.ArgoCD) {
+				cr.Spec.Server.Route = v1beta1.ArgoCDRouteSpec{
+					Enabled: true,
+					TLS: &routev1.TLSConfig{
+						Termination: routev1.TLSTerminationEdge,
+					},
+				}
+				cr.Spec.Prometheus.Route = v1beta1.ArgoCDRouteSpec{
+					Enabled: true,
+					TLS: &routev1.TLSConfig{
+						Termination: routev1.TLSTerminationEdge,
+					},
+				}
+				//nolint:staticcheck
+				cr.Spec.Grafana.Route = v1beta1.ArgoCDRouteSpec{
+					Enabled: true,
+					TLS: &routev1.TLSConfig{
+						Termination: routev1.TLSTerminationEdge,
+					},
+				}
+				cr.Spec.ApplicationSet = &v1beta1.ArgoCDApplicationSet{
+					WebhookServer: v1beta1.WebhookServerSpec{
+						Route: v1beta1.ArgoCDRouteSpec{
+							Enabled: true,
+							TLS: &routev1.TLSConfig{
+								Termination: routev1.TLSTerminationEdge,
+							},
+						},
+					},
+				}
+			}),
+		},
 	}
 
 	for _, test := range tests {

api/v1beta1/argocd_types.go

@@ -1110,3 +1110,11 @@ func (p SSOProviderType) ToLower() SSOProviderType {
 	str := string(p)
 	return SSOProviderType(strings.ToLower(str))
 }
+
+// UseExternalCertificate return true if .route.tls.externalCertificate is set
+func (r *ArgoCDRouteSpec) UseExternalCertificate() bool {
+	if r != nil && r.TLS != nil && r.TLS.ExternalCertificate != nil {
+		return true
+	}
+	return false
+}

bundle/manifests/argocd-operator.clusterserviceversion.yaml

@@ -247,7 +247,7 @@ metadata:
     capabilities: Deep Insights
     categories: Integration & Delivery
     certified: "false"
-    createdAt: "2024-09-04T11:54:58Z"
+    createdAt: "2024-09-27T05:27:12Z"
     description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
     operators.operatorframework.io/builder: operator-sdk-v1.35.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v4