fix: Remove dependency on argocd-redis secret

Signed-off-by: Jayendra Parsai <[email protected]>

Author: jparsai

controllers/argocdagent/deployment.go

@@ -370,7 +370,7 @@ func buildPrincipalContainerEnv(cr *argoproj.ArgoCD) []corev1.EnvVar {
 				SecretKeyRef: &corev1.SecretKeySelector{
 					Key: PrincipalRedisPasswordKey,
 					LocalObjectReference: corev1.LocalObjectReference{
-						Name: "argocd-redis",
+						Name: PrincipalRedisSecretname,
 					},
 					Optional: ptr.To(true),
 				},
@@ -411,7 +411,8 @@ const (
 	EnvArgoCDPrincipalJwtSecretName             = "ARGOCD_PRINCIPAL_JWT_SECRET_NAME"
 	EnvArgoCDPrincipalImage                     = "ARGOCD_PRINCIPAL_IMAGE"
 	EnvRedisPassword                            = "REDIS_PASSWORD"
-	PrincipalRedisPasswordKey                   = "auth"
+	PrincipalRedisPasswordKey                   = "admin.password"
+	PrincipalRedisSecretname                    = "argocd-redis-initial-password" // #nosec G101
 )
 
 // Logging Configuration

controllers/argocdagent/deployment_test.go

@@ -396,8 +396,8 @@ func TestReconcilePrincipalDeployment_VerifyDeploymentSpec(t *testing.T) {
 		if env.Name == "REDIS_PASSWORD" {
 			assert.NotNil(t, env.ValueFrom, "REDIS_PASSWORD should reference a secret")
 			assert.NotNil(t, env.ValueFrom.SecretKeyRef, "REDIS_PASSWORD should reference a secret key")
-			assert.Equal(t, "argocd-redis", env.ValueFrom.SecretKeyRef.Name)
-			assert.Equal(t, "auth", env.ValueFrom.SecretKeyRef.Key)
+			assert.Equal(t, PrincipalRedisSecretname, env.ValueFrom.SecretKeyRef.Name)
+			assert.Equal(t, "admin.password", env.ValueFrom.SecretKeyRef.Key)
 		} else {
 			// All other environment variables should have direct values, not references
 			assert.Nil(t, env.ValueFrom, "Environment variable %s should have direct value, not reference", env.Name)

tests/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go

@@ -313,11 +313,11 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() {
 			// Create argocd-redis secret
 			redisSecret := &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
-					Name:      "argocd-redis",
+					Name:      argocdagent.PrincipalRedisSecretname,
 					Namespace: ns.Name,
 				},
 				Data: map[string][]byte{
-					"auth": []byte(uuid.New().String()),
+					argocdagent.PrincipalRedisPasswordKey: []byte(uuid.New().String()),
 				},
 			}
 			Expect(k8sClient.Create(ctx, redisSecret)).To(Succeed())

tests/k8s/1-051_validate_argocd_agent_principal/01-assert.yaml

@@ -193,7 +193,7 @@ spec:
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
-              key: auth
-              name: argocd-redis
+              key: admin.password
+              name: argocd-redis-initial-password
               optional: true
 

tests/k8s/1-051_validate_argocd_agent_principal/05-create-agent-secrets.yaml

@@ -8,7 +8,7 @@ commands:
   - command: kubectl wait --for=condition=progressing --timeout=60s deployment/argocd-agent-principal -n argocd-e2e-cluster-config
 
   # Create the minimal required secrets
-  - command: kubectl create secret generic argocd-redis -n argocd-e2e-cluster-config --from-literal=auth=testpassword
+  - command: kubectl create secret generic argocd-redis-initial-password -n argocd-e2e-cluster-config --from-literal=admin.password=testpassword
   - command: kubectl create secret generic argocd-agent-jwt -n argocd-e2e-cluster-config --from-literal=jwt.key="dummy-key"
 
   # Generate real TLS certificates using temporary files in current directory