Skip to content

Commit

Permalink
chore: deprecate argocd-cm plugins (#8117) (#10341)
Browse files Browse the repository at this point in the history
* chore: deprecate argocd-cm plugins (#8117)

Signed-off-by: CI <[email protected]>

* more warnings

Signed-off-by: CI <[email protected]>

* more warnings

Signed-off-by: CI <[email protected]>

Signed-off-by: CI <[email protected]>
  • Loading branch information
crenshaw-dev authored Aug 17, 2022
1 parent 68d0ef0 commit 6b08a23
Show file tree
Hide file tree
Showing 6 changed files with 238 additions and 8 deletions.
67 changes: 67 additions & 0 deletions cmd/argocd/commands/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import (

"github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless"
cmdutil "github.com/argoproj/argo-cd/v2/cmd/util"
argocommon "github.com/argoproj/argo-cd/v2/common"
"github.com/argoproj/argo-cd/v2/controller"
argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
"github.com/argoproj/argo-cd/v2/pkg/apiclient/application"
Expand Down Expand Up @@ -147,6 +148,9 @@ func NewApplicationCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.
c.HelpFunc()(c, args)
os.Exit(1)
}
if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}
if appNamespace != "" {
app.Namespace = appNamespace
}
Expand Down Expand Up @@ -288,6 +292,10 @@ func NewApplicationGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com
})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

pConn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie()
defer argoio.Close(pConn)
proj, err := projIf.Get(ctx, &projectpkg.ProjectQuery{Name: app.Spec.Project})
Expand Down Expand Up @@ -607,12 +615,18 @@ func NewApplicationSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com
defer argoio.Close(conn)
app, err := appIf.Get(ctx, &applicationpkg.ApplicationQuery{Name: &appName, AppNamespace: &appNs})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

visited := cmdutil.SetAppSpecOptions(c.Flags(), &app.Spec, &appOpts)
if visited == 0 {
log.Error("Please set at least one option to update")
c.HelpFunc()(c, args)
os.Exit(1)
}

setParameterOverrides(app, appOpts.Parameters)
_, err = appIf.UpdateSpec(ctx, &applicationpkg.ApplicationUpdateSpecRequest{
Name: &app.Name,
Expand Down Expand Up @@ -670,6 +684,10 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
app, err := appIf.Get(ctx, &applicationpkg.ApplicationQuery{Name: &appName, AppNamespace: &appNs})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

updated, nothingToUnset := unset(&app.Spec.Source, opts)
if nothingToUnset {
c.HelpFunc()(c, args)
Expand Down Expand Up @@ -901,6 +919,11 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
AppNamespace: &appNs,
})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

resources, err := appIf.ManagedResources(ctx, &applicationpkg.ResourcesQuery{ApplicationName: &appName, AppNamespace: &appNs})
errors.CheckError(err)
conn, settingsIf := clientset.NewSettingsClientOrDie()
Expand Down Expand Up @@ -1200,14 +1223,29 @@ func NewApplicationListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
Selector: pointer.String(selector),
AppNamespace: &appNamespace,
})

errors.CheckError(err)
appList := apps.Items

if len(projects) != 0 {
appList = argo.FilterByProjects(appList, projects)
}
if repo != "" {
appList = argo.FilterByRepo(appList, repo)
}

var appsWithDeprecatedPlugins []string
for _, app := range appList {
if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
appsWithDeprecatedPlugins = append(appsWithDeprecatedPlugins, app.Name)
}
}

if len(appsWithDeprecatedPlugins) > 0 {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
log.Warnf("The following Applications use deprecated plugins: %s", strings.Join(appsWithDeprecatedPlugins, ", "))
}

switch output {
case "yaml", "json":
err := PrintResourceList(appList, output, false)
Expand Down Expand Up @@ -1515,6 +1553,11 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
AppNamespace: &appNs,
})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

if app.Spec.SyncPolicy != nil && app.Spec.SyncPolicy.Automated != nil && !dryRun {
log.Fatal("Cannot use local sync when Automatic Sync Policy is enabled except with --dry-run")
}
Expand Down Expand Up @@ -1593,6 +1636,11 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
AppNamespace: &appNs,
})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

resources, err := appIf.ManagedResources(ctx, &applicationpkg.ResourcesQuery{
ApplicationName: &appName,
AppNamespace: &appNs,
Expand Down Expand Up @@ -2016,6 +2064,11 @@ func NewApplicationHistoryCommand(clientOpts *argocdclient.ClientOptions) *cobra
AppNamespace: &appNs,
})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

if output == "id" {
printApplicationHistoryIds(app.Status.History)
} else {
Expand Down Expand Up @@ -2076,6 +2129,10 @@ func NewApplicationRollbackCommand(clientOpts *argocdclient.ClientOptions) *cobr
})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

depInfo, err := findRevisionHistory(app, int64(depID))
errors.CheckError(err)

Expand Down Expand Up @@ -2159,6 +2216,10 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob
app, err := appIf.Get(context.Background(), &applicationpkg.ApplicationQuery{Name: &appName})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

settingsConn, settingsIf := clientset.NewSettingsClientOrDie()
defer argoio.Close(settingsConn)
argoSettings, err := settingsIf.Get(context.Background(), &settingspkg.SettingsQuery{})
Expand All @@ -2178,6 +2239,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob
}
res, err := appIf.GetManifests(ctx, &q)
errors.CheckError(err)

for _, mfst := range res.Manifests {
obj, err := argoappv1.UnmarshalToUnstructured(mfst)
errors.CheckError(err)
Expand Down Expand Up @@ -2256,6 +2318,11 @@ func NewApplicationEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
AppNamespace: &appNs,
})
errors.CheckError(err)

if app.Spec.Source.Plugin != nil && app.Spec.Source.Plugin.Name != "" {
log.Warnf(argocommon.ConfigMapPluginCLIDeprecationWarning)
}

appData, err := json.Marshal(app.Spec)
errors.CheckError(err)
appData, err = yaml.JSONToYAML(appData)
Expand Down
8 changes: 8 additions & 0 deletions common/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,14 @@ const (

// DefaultCMPWorkDirName defines the work directory name used by the cmp-server
DefaultCMPWorkDirName = "_cmp_server"

ConfigMapPluginDeprecationWarning = "argocd-cm plugins are deprecated, and support will be removed in v2.6. Upgrade your plugin to be installed via sidecar. https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/"

ConfigMapPluginCLIDeprecationWarning = "spec.plugin.name is set, which means this Application uses a plugin installed in the " +
"argocd-cm ConfigMap. Installing plugins via that ConfigMap is deprecated in Argo CD v2.5. " +
"Starting in Argo CD v2.6, this Application will fail to sync. Contact your Argo CD admin " +
"to make sure an upgrade plan is in place. More info: " +
"https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.4-2.5/"
)

const (
Expand Down
18 changes: 18 additions & 0 deletions docs/operator-manual/upgrading/2.4-2.5.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,23 @@
# v2.4 to 2.5

## argocd-cm plugins (CMPs) are deprecated

Starting with Argo CD v2.5, installing config management plugins (CMPs) via the `argocd-cm` ConfigMap is deprecated.
Support will be removed in v2.6.

You can continue to use the plugins by [installing them as sidecars](https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/)
on the repo-server Deployment.

Sidecar plugins are significantly more secure. Plugin code runs in its own container with an almost completely-isolated
filesystem. If an attacker compromises a plugin, the attacker's ability to cause harm is significantly mitigated.

To determine whether argocd-cm plugins are still in use, scan your argocd-repo-server and argocd-server logs for the
following message:

> argocd-cm plugins are deprecated, and support will be removed in v2.6. Upgrade your plugin to be installed via sidecar. https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
If you run `argocd app list` as admin, the list of Applications using deprecated plugins will be logged as a warning.

## Dex server TLS configuration

In order to secure the communications between the dex server and the Argo CD API server, TLS is now enabled by default on the dex server.
Expand Down
5 changes: 5 additions & 0 deletions reposerver/repository/repository.go
Original file line number Diff line number Diff line change
Expand Up @@ -975,6 +975,11 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string,
targetObjs, _, err = k.Build(q.ApplicationSource.Kustomize, q.KustomizeOptions, env)
case v1alpha1.ApplicationSourceTypePlugin:
if q.ApplicationSource.Plugin != nil && q.ApplicationSource.Plugin.Name != "" {
log.WithFields(map[string]interface{}{
"application": q.AppName,
"plugin": q.ApplicationSource.Plugin.Name,
}).Warnf(common.ConfigMapPluginDeprecationWarning)

targetObjs, err = runConfigManagementPlugin(appPath, repoRoot, env, q, q.Repo.GetGitCreds(gitCredsStore))
} else {
targetObjs, err = runConfigManagementPluginSidecars(ctx, appPath, repoRoot, env, q, q.Repo.GetGitCreds(gitCredsStore), opt.cmpTarDoneCh, opt.cmpTarExcludedGlobs)
Expand Down
Loading

0 comments on commit 6b08a23

Please sign in to comment.