took sync from main branch

devtron-labs · Aug 6, 2024 · 5cfc651 · 5cfc651
2 parents cd0953d + 17c870c
commit 5cfc651
Show file tree

Hide file tree

Showing 63 changed files with 5,572 additions and 474 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,4 +4,3 @@
 .env
 /cmd/external-app/devtron-ea
 devtron
-/vendor/github.com/argoproj/argo-cd/assets
diff --git a/Wire.go b/Wire.go
@@ -76,8 +76,10 @@ import (
 	"github.com/devtron-labs/devtron/cel"
 	"github.com/devtron-labs/devtron/client/argocdServer"
 	"github.com/devtron-labs/devtron/client/argocdServer/application"
+	"github.com/devtron-labs/devtron/client/argocdServer/certificate"
 	cluster2 "github.com/devtron-labs/devtron/client/argocdServer/cluster"
 	"github.com/devtron-labs/devtron/client/argocdServer/connection"
+	repocreds "github.com/devtron-labs/devtron/client/argocdServer/repocreds"
 	repository2 "github.com/devtron-labs/devtron/client/argocdServer/repository"
 	session2 "github.com/devtron-labs/devtron/client/argocdServer/session"
 	"github.com/devtron-labs/devtron/client/cron"
@@ -974,6 +976,9 @@ func InitializeApp() (*App, error) {
 		imageDigestPolicy.NewImageDigestPolicyServiceImpl,
 		wire.Bind(new(imageDigestPolicy.ImageDigestPolicyService), new(*imageDigestPolicy.ImageDigestPolicyServiceImpl)),
 
+		certificate.NewServiceClientImpl,
+		wire.Bind(new(certificate.Client), new(*certificate.ServiceClientImpl)),
+
 		appStoreRestHandler.AppStoreWireSet,
 
 		cel.NewCELServiceImpl,
@@ -984,6 +989,9 @@ func InitializeApp() (*App, error) {
 
 		common.NewDeploymentConfigServiceImpl,
 		wire.Bind(new(common.DeploymentConfigService), new(*common.DeploymentConfigServiceImpl)),
+
+		repocreds.NewServiceClientImpl,
+		wire.Bind(new(repocreds.ServiceClient), new(*repocreds.ServiceClientImpl)),
 	)
 	return &App{}, nil
 }
diff --git a/api/bean/gitOps/GitOpsConfig.go b/api/bean/gitOps/GitOpsConfig.go
@@ -16,21 +16,30 @@
 
 package gitOps
 
-import "time"
+import (
+	"github.com/devtron-labs/devtron/api/bean"
+	"time"
+)
 
 type GitOpsConfigDto struct {
-	Id                    int    `json:"id,omitempty"`
-	Provider              string `json:"provider" validate:"oneof=GITLAB GITHUB AZURE_DEVOPS BITBUCKET_CLOUD"`
-	Username              string `json:"username"`
-	Token                 string `json:"token"`
-	GitLabGroupId         string `json:"gitLabGroupId"`
-	GitHubOrgId           string `json:"gitHubOrgId"`
-	Host                  string `json:"host"`
-	Active                bool   `json:"active"`
-	AzureProjectName      string `json:"azureProjectName"`
-	BitBucketWorkspaceId  string `json:"bitBucketWorkspaceId"`
-	BitBucketProjectKey   string `json:"bitBucketProjectKey"`
-	AllowCustomRepository bool   `json:"allowCustomRepository"`
+	Id                    int             `json:"id,omitempty"`
+	Provider              string          `json:"provider" validate:"oneof=GITLAB GITHUB AZURE_DEVOPS BITBUCKET_CLOUD"`
+	Username              string          `json:"username"`
+	Token                 string          `json:"token"`
+	GitLabGroupId         string          `json:"gitLabGroupId"`
+	GitHubOrgId           string          `json:"gitHubOrgId"`
+	Host                  string          `json:"host"`
+	Active                bool            `json:"active"`
+	AzureProjectName      string          `json:"azureProjectName"`
+	BitBucketWorkspaceId  string          `json:"bitBucketWorkspaceId"`
+	BitBucketProjectKey   string          `json:"bitBucketProjectKey"`
+	AllowCustomRepository bool            `json:"allowCustomRepository"`
+	EnableTLSVerification bool            `json:"enableTLSVerification"`
+	TLSConfig             *bean.TLSConfig `json:"tlsConfig"`
+
+	IsCADataPresent      bool `json:"isCADataPresent"`
+	IsTLSCertDataPresent bool `json:"isTLSCertDataPresent"`
+	IsTLSKeyDataPresent  bool `json:"isTLSKeyDataPresent"`
 
 	// TODO refactoring: create different struct for internal fields
 	GitRepoName string `json:"-"`

diff --git a/api/bean/tlsConfig.go b/api/bean/tlsConfig.go
@@ -0,0 +1,7 @@
+package bean
+
+type TLSConfig struct {
+	CaData      string `json:"caData"`
+	TLSCertData string `json:"tlsCertData"`
+	TLSKeyData  string `json:"tlsKeyData"`
+}
diff --git a/client/argocdServer/certificate/Certificate.go b/client/argocdServer/certificate/Certificate.go
@@ -0,0 +1,76 @@
+package certificate
+
+import (
+	"context"
+	"errors"
+	"github.com/argoproj/argo-cd/v2/pkg/apiclient/certificate"
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/devtron-labs/devtron/client/argocdServer/connection"
+	"github.com/devtron-labs/devtron/util/argo"
+	"go.uber.org/zap"
+	"google.golang.org/grpc"
+	"time"
+)
+
+type Client interface {
+	ListCertificates(ctx context.Context, query *certificate.RepositoryCertificateQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryCertificateList, error)
+	CreateCertificate(ctx context.Context, query *certificate.RepositoryCertificateCreateRequest) (*v1alpha1.RepositoryCertificateList, error)
+	DeleteCertificate(ctx context.Context, query *certificate.RepositoryCertificateQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryCertificateList, error)
+}
+
+type ServiceClientImpl struct {
+	logger                  *zap.SugaredLogger
+	argoCDConnectionManager connection.ArgoCDConnectionManager
+	argoUserService         argo.ArgoUserService
+}
+
+func NewServiceClientImpl(
+	logger *zap.SugaredLogger,
+	argoCDConnectionManager connection.ArgoCDConnectionManager,
+	argoUserService argo.ArgoUserService) *ServiceClientImpl {
+	return &ServiceClientImpl{
+		logger:                  logger,
+		argoCDConnectionManager: argoCDConnectionManager,
+		argoUserService:         argoUserService,
+	}
+}
+
+func (c *ServiceClientImpl) getService(ctx context.Context) (certificate.CertificateServiceClient, error) {
+	token, ok := ctx.Value("token").(string)
+	if !ok {
+		return nil, errors.New("Unauthorized")
+	}
+	conn := c.argoCDConnectionManager.GetConnection(token)
+	//defer conn.Close()
+	return certificate.NewCertificateServiceClient(conn), nil
+}
+
+func (c *ServiceClientImpl) ListCertificates(ctx context.Context, query *certificate.RepositoryCertificateQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryCertificateList, error) {
+	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	client, err := c.getService(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client.ListCertificates(ctx, query)
+}
+
+func (c *ServiceClientImpl) CreateCertificate(ctx context.Context, query *certificate.RepositoryCertificateCreateRequest) (*v1alpha1.RepositoryCertificateList, error) {
+	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	client, err := c.getService(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client.CreateCertificate(ctx, query)
+}
+
+func (c *ServiceClientImpl) DeleteCertificate(ctx context.Context, query *certificate.RepositoryCertificateQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryCertificateList, error) {
+	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	client, err := c.getService(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client.DeleteCertificate(ctx, query, opts...)
+}
diff --git a/client/argocdServer/repocreds/repocreds.go b/client/argocdServer/repocreds/repocreds.go
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2020-2024. Devtron Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package repository
+
+import (
+	"context"
+	"errors"
+	repocreds "github.com/argoproj/argo-cd/v2/pkg/apiclient/repocreds"
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoApplication "github.com/devtron-labs/devtron/client/argocdServer/bean"
+	"github.com/devtron-labs/devtron/client/argocdServer/connection"
+	"go.uber.org/zap"
+)
+
+type ServiceClient interface {
+	CreateRepoCreds(ctx context.Context, query *repocreds.RepoCredsCreateRequest) (*v1alpha1.RepoCreds, error)
+}
+
+type ServiceClientImpl struct {
+	logger                  *zap.SugaredLogger
+	argoCDConnectionManager connection.ArgoCDConnectionManager
+}
+
+func NewServiceClientImpl(logger *zap.SugaredLogger, argoCDConnectionManager connection.ArgoCDConnectionManager) *ServiceClientImpl {
+	return &ServiceClientImpl{
+		logger:                  logger,
+		argoCDConnectionManager: argoCDConnectionManager,
+	}
+}
+
+func (r ServiceClientImpl) getService(ctx context.Context) (repocreds.RepoCredsServiceClient, error) {
+	token, ok := ctx.Value("token").(string)
+	if !ok {
+		return nil, errors.New("Unauthorized")
+	}
+	conn := r.argoCDConnectionManager.GetConnection(token)
+	//defer conn.Close()
+	return repocreds.NewRepoCredsServiceClient(conn), nil
+}
+
+func (r ServiceClientImpl) CreateRepoCreds(ctx context.Context, query *repocreds.RepoCredsCreateRequest) (*v1alpha1.RepoCreds, error) {
+	ctx, cancel := context.WithTimeout(ctx, argoApplication.TimeoutSlow)
+	defer cancel()
+	client, err := r.getService(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client.CreateRepositoryCredentials(ctx, query)
+}
diff --git a/client/argocdServer/repository/Repository.go b/client/argocdServer/repository/Repository.go
@@ -36,7 +36,7 @@ type ServiceClient interface {
 	GetAppDetails(ctx context.Context, query *repository2.RepoAppDetailsQuery) (*apiclient.RepoAppDetailsResponse, error)
 	// Create creates a repo
 	Create(ctx context.Context, query *repository2.RepoCreateRequest) (*v1alpha1.Repository, error)
-	// Update updates a repo
+	// Create creates a repo
 	Update(ctx context.Context, query *repository2.RepoUpdateRequest) (*v1alpha1.Repository, error)
 	// Delete deletes a repo
 	Delete(ctx context.Context, query *repository2.RepoQuery) (*repository2.RepoResponse, error)

diff --git a/client/gitSensor/GitSensorGrpcClient.go b/client/gitSensor/GitSensorGrpcClient.go
@@ -114,15 +114,19 @@ func (client *GrpcApiClientImpl) SaveGitProvider(ctx context.Context, provider *
 	}
 	// map req
 	req := &pb.GitProvider{
-		Id:            int64(provider.Id),
-		Name:          provider.Name,
-		Url:           provider.Url,
-		UserName:      provider.UserName,
-		Password:      provider.Password,
-		AccessToken:   provider.AccessToken,
-		SshPrivateKey: provider.SshPrivateKey,
-		AuthMode:      string(provider.AuthMode),
-		Active:        provider.Active,
+		Id:                    int64(provider.Id),
+		Name:                  provider.Name,
+		Url:                   provider.Url,
+		UserName:              provider.UserName,
+		Password:              provider.Password,
+		SshPrivateKey:         provider.SshPrivateKey,
+		AccessToken:           provider.AccessToken,
+		AuthMode:              string(provider.AuthMode),
+		Active:                provider.Active,
+		TlsCert:               provider.TlsCert,
+		TlsKey:                provider.TlsKey,
+		CaCert:                provider.CaCert,
+		EnableTLSVerification: provider.EnableTlsVerification,
 	}
 
 	// fetch

diff --git a/client/gitSensor/GitSensorRestClient.go b/client/gitSensor/GitSensorRestClient.go
@@ -90,15 +90,19 @@ type GitMaterial struct {
 	CloningMode      string
 }
 type GitProvider struct {
-	Id            int
-	Name          string
-	Url           string
-	UserName      string
-	Password      string
-	SshPrivateKey string
-	AccessToken   string
-	Active        bool
-	AuthMode      repository.AuthMode
+	Id                    int
+	Name                  string
+	Url                   string
+	UserName              string
+	Password              string
+	SshPrivateKey         string
+	AccessToken           string
+	Active                bool
+	AuthMode              repository.AuthMode
+	EnableTlsVerification bool
+	CaCert                string
+	TlsCert               string
+	TlsKey                string
 }
 
 type GitCommit struct {

diff --git a/cmd/external-app/wire_gen.go b/cmd/external-app/wire_gen.go
diff --git a/docs/user-guide/plugins/copacetic.md b/docs/user-guide/plugins/copacetic.md
@@ -1,11 +1,11 @@
 # Copacetic
 
 ## Introduction
-The Copacetic plugin of Devtron helps you patch your container image vulnerabilities traced by the security scan Devtron performed on your container image. By integrating the **Copacetic** plugin into your workflow, and enabling the **Scan for vulnerabilities** at your **Build stage** you can:
-- Trace the vulnerabilities of your container images and the **Copacetic** plugin will automatically patch the contaier image vulnerabilities for you.
+The Copacetic plugin of Devtron helps you patch your container image vulnerabilities traced by the security scan Devtron performed on your container image. By integrating the **Copacetic** plugin into your workflow and enabling the **Scan for vulnerabilities** at your **Build stage**, you can:
+- Trace the vulnerabilities of your container images, and the **Copacetic** plugin will automatically patch the container image vulnerabilities for you.
 
 ### Prerequisites
-No prerequisites are required for integrating **Copacetic** plugin.
+Before integrating the **Copacetic** plugin, install the `Vulnerability Scanning (Trivy/Clair)` integration from Devtron Stack Manager. Once the integration is installed, make sure you have enabled **Scan for vulnerabilities** at the **Build stage** or integrated the [Code-Scan](./code-scan.md) plugin in the **Pre-build stage**.
 
 ---
 

diff --git a/go.mod b/go.mod
@@ -22,9 +22,9 @@ require (
 	github.com/davecgh/go-spew v1.1.1
 	github.com/deckarep/golang-set v1.8.0
 	github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1
-	github.com/devtron-labs/common-lib v0.0.25-0.20240726165557-8dad78ef6731
+	github.com/devtron-labs/common-lib v0.0.25-0.20240802103040-a6b975ffa69e
 	github.com/devtron-labs/go-bitbucket v0.9.60-beta
-	github.com/devtron-labs/protos v0.0.3-0.20240726064057-dd2990c91e41
+	github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80
 	github.com/evanphx/json-patch v5.7.0+incompatible
 	github.com/gammazero/workerpool v1.1.3
 	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32

diff --git a/go.sum b/go.sum
@@ -197,12 +197,12 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1 h1:qdkpTAo2Kr0ZicZIVXfNwsGSshpc9OB9j9RzmKYdIwY=
 github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1/go.mod h1:IkKPPEfgLCMR29he5yv2OCC6iM2R7K5/0AA3k8b9XNc=
-github.com/devtron-labs/common-lib v0.0.25-0.20240726165557-8dad78ef6731 h1:BF6RTdwkT0qVqLvvJHZ6CaRV94GxlOj+n6JkEExEKyo=
-github.com/devtron-labs/common-lib v0.0.25-0.20240726165557-8dad78ef6731/go.mod h1:UZGPt1ep9Tnd9Ak2sibGSiLr7p3ijO2/JLT+h+pqBuU=
+github.com/devtron-labs/common-lib v0.0.25-0.20240802103040-a6b975ffa69e h1:oC1KJ4jeIebSRWtBarETQPmSVhbK06EWAE49g9VukEY=
+github.com/devtron-labs/common-lib v0.0.25-0.20240802103040-a6b975ffa69e/go.mod h1:3GN9TABx4D+hVuF69vGYUUx+H8/WelcKw0lUt8aELok=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta/go.mod h1:GnuiCesvh8xyHeMCb+twm8lBR/kQzJYSKL28ZfObp1Y=
-github.com/devtron-labs/protos v0.0.3-0.20240726064057-dd2990c91e41 h1:tIoWy1PDAC6enSBohRt0qroiRXq+bR7qlqk73JlQ9R4=
-github.com/devtron-labs/protos v0.0.3-0.20240726064057-dd2990c91e41/go.mod h1:ypUknVph8Ph4dxSlrFoouf7wLedQxHku2LQwgRrdgS4=
+github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80 h1:xwbTeijNTf4/j1v+tSfwVqwLVnReas/NqEKeQHvSTys=
+github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80/go.mod h1:ypUknVph8Ph4dxSlrFoouf7wLedQxHku2LQwgRrdgS4=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=

diff --git a/internal/constants/InternalErrorCode.go b/internal/constants/InternalErrorCode.go
@@ -65,6 +65,7 @@ const (
 	DockerRegDeleteFailedInDb            string = "3009"
 	DockerRegDeleteFailedInGocd          string = "3010"
 	GitProviderUpdateFailedInSync        string = "3011"
+	GitProviderUpdateRequestIsInvalid    string = "3012"
 	// For conflicts use 900 series
 	GitOpsConfigValidationConflict string = "3900"
 

diff --git a/internal/sql/repository/GitOpsConfigRepository.go b/internal/sql/repository/GitOpsConfigRepository.go
@@ -54,6 +54,10 @@ type GitOpsConfig struct {
 	BitBucketWorkspaceId  string   `sql:"bitbucket_workspace_id"`
 	BitBucketProjectKey   string   `sql:"bitbucket_project_key"`
 	EmailId               string   `sql:"email_id"`
+	EnableTLSVerification bool     `sql:"enable_tls_verification"`
+	TlsCert               string   `sql:"tls_cert"`
+	TlsKey                string   `sql:"tls_key"`
+	CaCert                string   `sql:"ca_cert"`
 	sql.AuditLog
 }