refactor: rename insecure oci field to insecureOciForceHttp

Signed-off-by: Blake Pettersson <[email protected]>

cmd/argocd/commands/repo.go

@@ -186,8 +186,8 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 				errors.CheckError(fmt.Errorf("Must specify --name for repos of type 'helm'"))
 			}
 
-			if repoOpts.Repo.Type == "oci" && repoOpts.InsecureOCI {
-				repoOpts.Repo.InsecureOCIHttpOnly = repoOpts.InsecureOCI
+			if repoOpts.Repo.Type == "oci" && repoOpts.InsecureOCIForceHttp {
+				repoOpts.Repo.InsecureOCIForceHttp = repoOpts.InsecureOCIForceHttp
 			}
 
 			conn, repoIf := headless.NewClientOrDie(clientOpts, c).NewRepoClientOrDie()
@@ -200,7 +200,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			}
 
 			// We let the server check access to the repository before adding it. If
-			// it is a private repo, but we cannot access with with the credentials
+			// it is a private repo, but we cannot access with the credentials
 			// that were supplied, we bail out.
 			//
 			// Skip validation if we are just adding credentials template, chances
@@ -225,7 +225,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 				Project:                    repoOpts.Repo.Project,
 				GcpServiceAccountKey:       repoOpts.Repo.GCPServiceAccountKey,
 				ForceHttpBasicAuth:         repoOpts.Repo.ForceHttpBasicAuth,
-				InsecureOciHttpOnly:        repoOpts.Repo.InsecureOCIHttpOnly,
+				InsecureOciForceHttp:       repoOpts.Repo.InsecureOCIForceHttp,
 			}
 			_, err := repoIf.ValidateAccess(ctx, &repoAccessReq)
 			errors.CheckError(err)
@@ -241,7 +241,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 		},
 	}
 	command.Flags().BoolVar(&repoOpts.Upsert, "upsert", false, "Override an existing repository with the same name even if the spec differs")
-	command.Flags().BoolVar(&repoOpts.InsecureOCI, "insecure-oci", false, "Use http when accessing an OCI repository")
+	command.Flags().BoolVar(&repoOpts.InsecureOCIForceHttp, "insecure-oci-force-http", false, "Use http when accessing an OCI repository")
 	cmdutil.AddRepoFlags(command, &repoOpts)
 	return command
 }

cmd/util/repo.go

@@ -11,7 +11,7 @@ type RepoOptions struct {
 	Repo                           appsv1.Repository
 	Upsert                         bool
 	SshPrivateKeyPath              string
-	InsecureOCI                    bool
+	InsecureOCIForceHttp           bool
 	InsecureIgnoreHostKey          bool
 	InsecureSkipServerVerification bool
 	TlsClientCertPath              string

pkg/apis/application/v1alpha1/repository_types.go

@@ -100,13 +100,13 @@ type Repository struct {
 	ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,22,opt,name=forceHttpBasicAuth"`
 	// NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied
 	NoProxy string `json:"noProxy,omitempty" protobuf:"bytes,23,opt,name=noProxy"`
-	// InsecureOCIHttpOnly specifies whether the connection to the repository uses TLS at _all_. If true, no TLS. This flag is applicable for OCI repos only.
-	InsecureOCIHttpOnly bool `json:"insecureOCIHttpOnly,omitempty" protobuf:"bytes,24,opt,name=insecureOCIHttpOnly"`
+	// InsecureOCIForceHttp specifies whether the connection to the repository uses TLS at _all_. If true, no TLS. This flag is applicable for OCI repos only.
+	InsecureOCIForceHttp bool `json:"insecureOCIForceHttp,omitempty" protobuf:"bytes,24,opt,name=insecureOCIForceHttp"`
 }
 
 // IsInsecure returns true if the repository has been configured to skip server verification or set to HTTP only
 func (repo *Repository) IsInsecure() bool {
-	return repo.InsecureIgnoreHostKey || repo.Insecure || repo.InsecureOCIHttpOnly
+	return repo.InsecureIgnoreHostKey || repo.Insecure || repo.InsecureOCIForceHttp
 }
 
 // IsLFSEnabled returns true if LFS support is enabled on repository
@@ -152,7 +152,7 @@ func (repo *Repository) CopyCredentialsFromRepo(source *Repository) {
 		if repo.GCPServiceAccountKey == "" {
 			repo.GCPServiceAccountKey = source.GCPServiceAccountKey
 		}
-		repo.InsecureOCIHttpOnly = source.InsecureOCIHttpOnly
+		repo.InsecureOCIForceHttp = source.InsecureOCIForceHttp
 		repo.ForceHttpBasicAuth = source.ForceHttpBasicAuth
 	}
 }
@@ -241,7 +241,7 @@ func (repo *Repository) GetOCICreds() oci.Creds {
 		CertData:           []byte(repo.TLSClientCertData),
 		KeyData:            []byte(repo.TLSClientCertKey),
 		InsecureSkipVerify: repo.Insecure,
-		InsecureHttpOnly:   repo.InsecureOCIHttpOnly,
+		InsecureHttpOnly:   repo.InsecureOCIForceHttp,
 	}
 }
 

server/repository/repository.go

@@ -548,7 +548,7 @@ func (s *Server) ValidateAccess(ctx context.Context, q *repositorypkg.RepoAccess
 		GitHubAppEnterpriseBaseURL: q.GithubAppEnterpriseBaseUrl,
 		Proxy:                      q.Proxy,
 		GCPServiceAccountKey:       q.GcpServiceAccountKey,
-		InsecureOCIHttpOnly:        q.InsecureOciHttpOnly,
+		InsecureOCIForceHttp:       q.InsecureOciForceHttp,
 	}
 
 	// If repo does not have credentials, check if there are credentials stored

server/repository/repository.proto

@@ -90,7 +90,7 @@ message RepoAccessQuery {
 	// Whether to force HTTP basic auth
 	bool forceHttpBasicAuth = 19;
 	// Whether https should be disabled for an OCI repo
-	bool insecureOciHttpOnly = 20;
+	bool insecureOciForceHttp = 20;
 }
 
 message RepoResponse {}

test/e2e/fixture/repos/repos.go

@@ -87,7 +87,7 @@ func AddOCIRepo(name, imagePath string) {
 		fmt.Sprintf("%s/%s", fixture.OCIHostURL, imagePath),
 		"--type", "oci",
 		"--name", name,
-		"--insecure-oci",
+		"--insecure-oci-force-http",
 	}
 	errors.FailOnErr(fixture.RunCli(args...))
 }

ui/src/app/settings/components/repo-details/repo-details.tsx

@@ -73,7 +73,7 @@ export const RepoDetails = (props: {repo: models.Repository; save?: (params: New
         project: repo.project || '',
         enableOCI: repo.enableOCI || false,
         forceHttpBasicAuth: repo.forceHttpBasicAuth || false,
-        insecureOCIHttpOnly: repo.insecureOCIHttpOnly || false
+        insecureOCIForceHttp: repo.insecureOCIForceHttp || false
     };
 
     return (

ui/src/app/settings/components/repos-list/repos-list.tsx

@@ -40,7 +40,7 @@ export interface NewHTTPSRepoParams {
     project?: string;
     forceHttpBasicAuth?: boolean;
     enableOCI: boolean;
-    insecureOCIHttpOnly: boolean;
+    insecureOCIForceHttp: boolean;
 }
 
 interface NewGitHubAppRepoParams {
@@ -542,7 +542,7 @@ export class ReposList extends React.Component<
                                                         {formApi.getFormState().values.type !== 'oci' ? (
                                                             <FormField formApi={formApi} label='Enable OCI' field='enableOCI' component={CheckboxField} />
                                                         ) : (
-                                                            <FormField formApi={formApi} label='Insecure HTTP Only' field='insecureOCIHttpOnly' component={CheckboxField} />
+                                                            <FormField formApi={formApi} label='Insecure HTTP Only' field='insecureOCIForceHttp' component={CheckboxField} />
                                                         )}
                                                     </div>
                                                 </div>

ui/src/app/shared/models.ts

@@ -563,7 +563,7 @@ export interface Repository {
     enableLfs?: boolean;
     githubAppId?: string;
     forceHttpBasicAuth?: boolean;
-    insecureOCIHttpOnly?: boolean;
+    insecureOCIForceHttp?: boolean;
     enableOCI: boolean;
 }
 

ui/src/app/shared/services/repo-service.ts

@@ -31,7 +31,7 @@ export class RepositoriesService {
         project,
         forceHttpBasicAuth,
         enableOCI,
-        insecureOCIHttpOnly
+        insecureOCIForceHttp
     }: {
         type: string;
         name: string;
@@ -47,7 +47,7 @@ export class RepositoriesService {
         project?: string;
         forceHttpBasicAuth?: boolean;
         enableOCI: boolean;
-        insecureOCIHttpOnly: boolean;
+        insecureOCIForceHttp: boolean;
     }): Promise<models.Repository> {
         return requests
             .post('/repositories')
@@ -66,7 +66,7 @@ export class RepositoriesService {
                 project,
                 forceHttpBasicAuth,
                 enableOCI,
-                insecureOCIHttpOnly
+                insecureOCIForceHttp
             })
             .then(res => res.body as models.Repository);
     }

util/db/repository_secrets.go

@@ -341,11 +341,11 @@ func secretToRepository(secret *corev1.Secret) (*appsv1.Repository, error) {
 	}
 	repository.EnableOCI = enableOCI
 
-	insecureHttpOnly, err := boolOrFalse(secret, "insecureHttpOnly")
+	insecureOCIForceHttp, err := boolOrFalse(secret, "insecureOCIForceHttp")
 	if err != nil {
 		return repository, err
 	}
-	repository.InsecureOCIHttpOnly = insecureHttpOnly
+	repository.InsecureOCIForceHttp = insecureOCIForceHttp
 
 	githubAppID, err := intOrZero(secret, "githubAppID")
 	if err != nil {
@@ -380,7 +380,7 @@ func repositoryToSecret(repository *appsv1.Repository, secret *corev1.Secret) {
 	updateSecretString(secret, "password", repository.Password)
 	updateSecretString(secret, "sshPrivateKey", repository.SSHPrivateKey)
 	updateSecretBool(secret, "enableOCI", repository.EnableOCI)
-	updateSecretBool(secret, "insecureHttpOnly", repository.InsecureOCIHttpOnly)
+	updateSecretBool(secret, "insecureOCIForceHttp", repository.InsecureOCIForceHttp)
 	updateSecretString(secret, "tlsClientCertData", repository.TLSClientCertData)
 	updateSecretString(secret, "tlsClientCertKey", repository.TLSClientCertKey)
 	updateSecretString(secret, "type", repository.Type)