Extend valid resources for project-scoped role policy #207
Conversation
Support for `ksonnet` was dropped in ArgoCD 2.4. As such, this has been removed from the `argocd_application` resource in this provider as well.
`1.19` is long past EOL so we should upgrade the default cluster version. I did consider `1.22` but as this is approaching EOL in 1 month (https://kubernetes.io/releases/), I figured we may as well jump straight to `1.23`.
Aligns with the minimum version run by the GitHub Actions.
Ensures that role policy can be provisioned for clusters, repositories, exec and logs.
onematchfox
force-pushed
the
deps/argo-cd-2.4.12
branch
from
d0cdd7b
to
931d54f
Compare
Resolves following build error resulting from dependency updates: ``` ../../../go/pkg/mod/github.com/argoproj/argo-cd/[email protected]/pkg/apiclient/apiclient.go:53:2: //go:build comment without // +build comment ```
onematchfox
force-pushed
the
deps/argo-cd-2.4.12
branch
from
6e2ec97
to
bdeadde
Compare
|
@oboukili is it just me or are the tests a bit flaky? Will leave this PR as is for now. Let me know if there's anything I need to do about the tests (in addition to any review comments of course 😄) |
|
I need features of 2.4 version of ArgoCD. (rbac from projects). Could you please fix the issue and publish the new version ? PS : I am wondering if support of 2.1 is still needed ? (it not supported anymore according to documentation) |
I'm afraid there's not much I can do here - I'm waiting on a review. I'm sure @oboukili will get to this when he has the time.
🤔 this is a fair point - even by the providers own compatibility promise versions 2.1 and 2.2 are unsupported. So, I could drop the tests for these versions. But, I would rather wait for a maintainer's thoughts on the matter than make that call myself. |
scripts/testacc_prepare_env.sh
Outdated
| fi | ||
|
|
||
| echo "\n--- Install ArgoCD ${ARGOCD_VERSION:-v1.8.7}\n" | ||
| curl https://raw.githubusercontent.com/argoproj/argo-cd/${ARGOCD_VERSION:-v1.8.7}/manifests/install.yaml > manifests/install/argocd.yml && | ||
| echo "\n--- Install ArgoCD ${ARGOCD_VERSION:-v2.1.10}\n" |
There was a problem hiding this comment.
Let's drop support for 2.1.x, as per the compatibility promise, and let's raise this to the latest 2.3.x.
| StateUpgraders: []schema.StateUpgrader{ | ||
| { | ||
| Type: resourceArgoCDApplicationV0().CoreConfigSchema().ImpliedType(), | ||
| Upgrade: resourceArgoCDApplicationStateUpgradeV0, | ||
| Version: 0, | ||
| }, | ||
| { | ||
| Type: resourceArgoCDApplicationV1().CoreConfigSchema().ImpliedType(), |
There was a problem hiding this comment.
Could you add a schemaUpgrader test? If something goes wrong, we'll have to release hotfixes under pressure (already experienced that ;) )
There was a problem hiding this comment.
Good catch :) Added as requested.
|
Hi there, |
Minimum supported version is now `2.3.x` as per ArgoCD itself.
onematchfox
force-pushed
the
deps/argo-cd-2.4.12
branch
from
6df7960
to
71895f2
Compare
Thanks so much for the review. Have now completed the changes as requested.
I'm by no means an expert in Terraform providers 😄 but yes sure, I'd be more than happy to help out wherever possible if it would lighten your load. |
argocd/utils.go
Outdated
| @@ -97,9 +97,17 @@ func validatePolicy(project string, role string, policy string) error { | |||
| return fmt.Errorf("invalid policy rule '%s': policy subject must be: '%s', not '%s'", policy, expectedSubject, subject) | |||
| } | |||
| // resource | |||
| // See https://github.com/muma378/argo-cd/blob/6fd4c6f44acc06f934061ce7848d72454366345b/pkg/apis/application/v1alpha1/types.go#L1555-L1561 | |||
There was a problem hiding this comment.
There is a comment to refactor this using a data structure rbac.ResourceApplications data structure maintained upstream, did you consider that instead?
There was a problem hiding this comment.
I hadn't... Glossed over it because of the related comment for validActions at https://github.com/argoproj/argo-cd/blob/c99669e088b5f25c8ce8faff6df25797a8beb5ba/pkg/apis/application/v1alpha1/types.go#L1527
But now that you mention it, this module won't have any "import cycle" issues. So I have gone ahead and adjusted to reference rbacpolicy instead of hard-coding the strings (handled actions as well while I was at it)
No worries, I'll set this up. Cheers! |
Co-authored-by: Olivier Boukili <[email protected]>
onematchfox
force-pushed
the
deps/argo-cd-2.4.12
branch
from
8a3e0e0
to
64bd2ec
Compare
onematchfox
force-pushed
the
deps/argo-cd-2.4.12
branch
from
64bd2ec
to
1b1cf8e
Compare
|
@oboukili Changes now made. Acceptance Tests on Edit: and all passing now. 🎉 |
|
Awesome, thanks :) |
|
Guys how do I fix this? Just remove it from state file ? |
|
Were/are you using
Yes, that should do the trick. |
|
Worked, thanks @onematchfox |
|
Good point, we should have shipped a state migrator with the latest major release! |
Enables the ability to create project-role policies for the resources
clusters,applications,execandlogs.Notes:
argo-cdgo dependency required dropping support forksonnetas per the2.4release notes. Not sure quite how you want to handle this from the perspective of this provider given that it could definitely be seen as a breaking change. Let me know if anything is needed from my side.