fix: Remove dependency on argocd-redis secret

Signed-off-by: Jayendra Parsai <[email protected]>

Author: jparsai

controllers/argocdagent/deployment.go

@@ -370,7 +370,7 @@ func buildPrincipalContainerEnv(cr *argoproj.ArgoCD) []corev1.EnvVar {
 				SecretKeyRef: &corev1.SecretKeySelector{
 					Key: PrincipalRedisPasswordKey,
 					LocalObjectReference: corev1.LocalObjectReference{
-						Name: "argocd-redis",
+						Name: PrincipalRedisSecretname,
 					},
 					Optional: ptr.To(true),
 				},
@@ -411,7 +411,8 @@ const (
 	EnvArgoCDPrincipalJwtSecretName             = "ARGOCD_PRINCIPAL_JWT_SECRET_NAME"
 	EnvArgoCDPrincipalImage                     = "ARGOCD_PRINCIPAL_IMAGE"
 	EnvRedisPassword                            = "REDIS_PASSWORD"
-	PrincipalRedisPasswordKey                   = "auth"
+	PrincipalRedisPasswordKey                   = "admin.password"
+	PrincipalRedisSecretname                    = "argocd-redis-initial-password" // #nosec G101
 )
 
 // Logging Configuration

controllers/argocdagent/deployment_test.go

@@ -396,8 +396,8 @@ func TestReconcilePrincipalDeployment_VerifyDeploymentSpec(t *testing.T) {
 		if env.Name == "REDIS_PASSWORD" {
 			assert.NotNil(t, env.ValueFrom, "REDIS_PASSWORD should reference a secret")
 			assert.NotNil(t, env.ValueFrom.SecretKeyRef, "REDIS_PASSWORD should reference a secret key")
-			assert.Equal(t, "argocd-redis", env.ValueFrom.SecretKeyRef.Name)
-			assert.Equal(t, "auth", env.ValueFrom.SecretKeyRef.Key)
+			assert.Equal(t, PrincipalRedisSecretname, env.ValueFrom.SecretKeyRef.Name)
+			assert.Equal(t, "admin.password", env.ValueFrom.SecretKeyRef.Key)
 		} else {
 			// All other environment variables should have direct values, not references
 			assert.Nil(t, env.ValueFrom, "Environment variable %s should have direct value, not reference", env.Name)

controllers/argocdagent/scripts/create-agent-config.sh

@@ -22,9 +22,6 @@ export ARGOCD_AGENT_PRINCIPAL_NAMESPACE=argocd # Should be same as ArgoCD instan
 KUBECTL=$(which kubectl)
 OPENSSL=$(which openssl)
 
-# Create a secret for the redis password
-${KUBECTL} create secret generic argocd-redis -n argocd --from-literal=auth="$(${KUBECTL} get secret argocd-redis-initial-password -n argocd -o jsonpath='{.data.admin\.password}' | base64 -d)"
-
 IPADDR=""
 if test "$IPADDR" = ""; then
        IPADDR=$(kubectl -n ${ARGOCD_AGENT_PRINCIPAL_NAMESPACE} get svc argocd-agent-principal -o jsonpath='{.spec.clusterIP}')

tests/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go

@@ -29,7 +29,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/google/uuid"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	appsv1 "k8s.io/api/apps/v1"
@@ -160,6 +159,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 				"argocd-agent-principal-tls",
 				"argocd-agent-ca",
 				"argocd-agent-resource-proxy-tls",
+				"example-redis-initial-password",
 			}
 
 			serviceNames = []string{argoCDAgentPrincipalName, fmt.Sprintf("%s-agent-principal-metrics", argoCDName), fmt.Sprintf("%s-redis", argoCDName), fmt.Sprintf("%s-repo-server", argoCDName), fmt.Sprintf("%s-server", argoCDName), fmt.Sprintf("%s-agent-principal-resource-proxy", argoCDName), fmt.Sprintf("%s-agent-principal-healthz", argoCDName)}
@@ -309,25 +309,16 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 				}
 				Expect(k8sClient.Create(ctx, tlsSecret)).To(Succeed())
 			}
-
-			// Create argocd-redis secret
-			redisSecret := &corev1.Secret{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "argocd-redis",
-					Namespace: ns.Name,
-				},
-				Data: map[string][]byte{
-					"auth": []byte(uuid.New().String()),
-				},
-			}
-			Expect(k8sClient.Create(ctx, redisSecret)).To(Succeed())
 		}
 
 		// verifyExpectedResourcesExist will verify that the resources that are created for principal and ArgoCD are created.
 		verifyExpectedResourcesExist := func(ns *corev1.Namespace) {
 
 			By("verifying expected resources exist")
-
+			Eventually(&corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: secretNames[4], Namespace: ns.Name,
+				}}, "30s", "2s").Should(k8sFixture.ExistByName())
 			Eventually(serviceAccount).Should(k8sFixture.ExistByName())
 			Eventually(role).Should(k8sFixture.ExistByName())
 			Eventually(roleBinding).Should(k8sFixture.ExistByName())
@@ -537,6 +528,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 
 			By("Create ArgoCD instance")
 
+			argoCD.Spec.ArgoCDAgent.Principal.Server.Image = "quay.io/jparsai/argocd-agent:test"
 			Expect(k8sClient.Create(ctx, argoCD)).To(Succeed())
 
 			By("Verify expected resources are created for principal pod")
@@ -547,7 +539,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 
 			container := deploymentFixture.GetTemplateSpecContainerByName(argoCDAgentPrincipalName, *principalDeployment)
 			Expect(container).ToNot(BeNil())
-			Expect(container.Image).To(Equal("quay.io/argoprojlabs/argocd-agent:v0.3.2"))
+			Expect(container.Image).To(Equal("quay.io/jparsai/argocd-agent:test"))
 
 			By("Verify environment variables are set correctly")
 
@@ -566,7 +558,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 				ac.Spec.ArgoCDAgent.Principal.Server.LogFormat = "json"
 				ac.Spec.ArgoCDAgent.Principal.Server.KeepAliveMinInterval = "60s"
 				ac.Spec.ArgoCDAgent.Principal.Server.EnableWebSocket = ptr.To(true)
-				ac.Spec.ArgoCDAgent.Principal.Server.Image = "quay.io/argoprojlabs/argocd-agent:v0.4.0"
+				ac.Spec.ArgoCDAgent.Principal.Server.Image = "quay.io/jparsai/argocd-agent:test1"
 
 				ac.Spec.ArgoCDAgent.Principal.Namespace.AllowedNamespaces = []string{"agent-managed", "agent-autonomous"}
 				ac.Spec.ArgoCDAgent.Principal.Namespace.EnableNamespaceCreate = ptr.To(true)
@@ -608,7 +600,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 					if container == nil {
 						return false
 					}
-					return container.Image == "quay.io/argoprojlabs/argocd-agent:v0.4.0"
+					return container.Image == "quay.io/jparsai/argocd-agent:test1"
 				}, "120s", "5s").Should(BeTrue(), "Principal deployment should have the updated image")
 
 			By("verify that deployment is in Ready state")

tests/k8s/1-051_validate_argocd_agent_principal/01-assert.yaml

@@ -193,7 +193,7 @@ spec:
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
-              key: auth
-              name: argocd-redis
+              key: admin.password
+              name: argocd-redis-initial-password
               optional: true
 

tests/k8s/1-051_validate_argocd_agent_principal/05-create-agent-secrets.yaml

@@ -8,7 +8,6 @@ commands:
   - command: kubectl wait --for=condition=progressing --timeout=60s deployment/argocd-agent-principal -n argocd-e2e-cluster-config
 
   # Create the minimal required secrets
-  - command: kubectl create secret generic argocd-redis -n argocd-e2e-cluster-config --from-literal=auth=testpassword
   - command: kubectl create secret generic argocd-agent-jwt -n argocd-e2e-cluster-config --from-literal=jwt.key="dummy-key"
 
   # Generate real TLS certificates using temporary files in current directory