ROX-25847: add argocd types

.golangci.yml

@@ -4,6 +4,7 @@ run:
     - internal/dinosaur/pkg/api/private
     - internal/dinosaur/pkg/api/admin/private
     - pkg/client/redhatsso/api
+    - argocd
   skip-files:
     - ".*_moq.go"
   # timeout for analysis, e.g. 30s, 5m, default is 1m

argocd/v1alpha1/README.md

@@ -0,0 +1,4 @@
+These types were copy-pasted from https://github.com/argoproj/argo-cd/tree/master/pkg/apis/application/v1alpha1
+
+We are not importing the ArgoCD dependency itself, because it would significantly
+complexify the go.mod, and might introduce conflicts with the stackrox dependencies.

argocd/v1alpha1/appproject_types.go

@@ -0,0 +1,31 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// AppProjectList is list of AppProject resources
+type AppProjectList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
+	Items           []AppProject `json:"items" protobuf:"bytes,2,rep,name=items"`
+}
+
+// AppProject provides a logical grouping of applications, providing controls for:
+// * where the apps may deploy to (cluster whitelist)
+// * what may be deployed (repository whitelist, resource whitelist/blacklist)
+// * who can access these applications (roles, OIDC group claims bindings)
+// * and what they can do (RBAC policies)
+// * automation access to these roles (JWT tokens)
+type AppProject struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
+	Spec              AppProjectSpec   `json:"spec" protobuf:"bytes,2,opt,name=spec"`
+	Status            AppProjectStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+}
+
+// AppProjectStatus contains status information for AppProject CRs
+type AppProjectStatus struct {
+	// JWTTokensByRole contains a list of JWT tokens issued for a given role
+	JWTTokensByRole map[string]JWTTokens `json:"jwtTokensByRole,omitempty" protobuf:"bytes,1,opt,name=jwtTokensByRole"`
+}

argocd/v1alpha1/register.go

@@ -0,0 +1,65 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const (
+	// API Group
+	Group string = "argoproj.io"
+
+	// Application constants
+	ApplicationKind      string = "Application"
+	ApplicationSingular  string = "application"
+	ApplicationPlural    string = "applications"
+	ApplicationShortName string = "app"
+	ApplicationFullName  string = ApplicationPlural + "." + Group
+
+	// AppProject constants
+	AppProjectKind      string = "AppProject"
+	AppProjectSingular  string = "appproject"
+	AppProjectPlural    string = "appprojects"
+	AppProjectShortName string = "appproject"
+	AppProjectFullName  string = AppProjectPlural + "." + Group
+
+	// ApplicationSet constants
+	ApplicationSetKind      string = "ApplicationSet"
+	ApplicationSetSingular  string = "applicationset"
+	ApplicationSetShortName string = "appset"
+	ApplicationSetPlural    string = "applicationsets"
+	ApplicationSetFullName  string = ApplicationSetPlural + "." + Group
+)
+
+var (
+	// SchemeGroupVersion is group version used to register these objects
+	SchemeGroupVersion                   = schema.GroupVersion{Group: Group, Version: "v1alpha1"}
+	ApplicationSchemaGroupVersionKind    = schema.GroupVersionKind{Group: Group, Version: "v1alpha1", Kind: ApplicationKind}
+	AppProjectSchemaGroupVersionKind     = schema.GroupVersionKind{Group: Group, Version: "v1alpha1", Kind: AppProjectKind}
+	ApplicationSetSchemaGroupVersionKind = schema.GroupVersionKind{Group: Group, Version: "v1alpha1", Kind: ApplicationSetKind}
+)
+
+// Resource takes an unqualified resource and returns a Group-qualified GroupResource.
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+// addKnownTypes adds the set of types defined in this package to the supplied scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&Application{},
+		&ApplicationList{},
+		&AppProject{},
+		&AppProjectList{},
+		&ApplicationSet{},
+		&ApplicationSetList{},
+	)
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

argocd/v1alpha1/repository_types.go

@@ -0,0 +1,146 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// RepoCreds holds the definition for repository credentials
+type RepoCreds struct {
+	// URL is the URL to which these credentials match
+	URL string `json:"url" protobuf:"bytes,1,opt,name=url"`
+	// Username for authenticating at the repo server
+	Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"`
+	// Password for authenticating at the repo server
+	Password string `json:"password,omitempty" protobuf:"bytes,3,opt,name=password"`
+	// SSHPrivateKey contains the private key data for authenticating at the repo server using SSH (only Git repos)
+	SSHPrivateKey string `json:"sshPrivateKey,omitempty" protobuf:"bytes,4,opt,name=sshPrivateKey"`
+	// TLSClientCertData specifies the TLS client cert data for authenticating at the repo server
+	TLSClientCertData string `json:"tlsClientCertData,omitempty" protobuf:"bytes,5,opt,name=tlsClientCertData"`
+	// TLSClientCertKey specifies the TLS client cert key for authenticating at the repo server
+	TLSClientCertKey string `json:"tlsClientCertKey,omitempty" protobuf:"bytes,6,opt,name=tlsClientCertKey"`
+	// GithubAppPrivateKey specifies the private key PEM data for authentication via GitHub app
+	GithubAppPrivateKey string `json:"githubAppPrivateKey,omitempty" protobuf:"bytes,7,opt,name=githubAppPrivateKey"`
+	// GithubAppId specifies the Github App ID of the app used to access the repo for GitHub app authentication
+	GithubAppId int64 `json:"githubAppID,omitempty" protobuf:"bytes,8,opt,name=githubAppID"`
+	// GithubAppInstallationId specifies the ID of the installed GitHub App for GitHub app authentication
+	GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty" protobuf:"bytes,9,opt,name=githubAppInstallationID"`
+	// GithubAppEnterpriseBaseURL specifies the GitHub API URL for GitHub app authentication. If empty will default to https://api.github.com
+	GitHubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty" protobuf:"bytes,10,opt,name=githubAppEnterpriseBaseUrl"`
+	// EnableOCI specifies whether helm-oci support should be enabled for this repo
+	EnableOCI bool `json:"enableOCI,omitempty" protobuf:"bytes,11,opt,name=enableOCI"`
+	// Type specifies the type of the repoCreds. Can be either "git" or "helm. "git" is assumed if empty or absent.
+	Type string `json:"type,omitempty" protobuf:"bytes,12,opt,name=type"`
+	// GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos
+	GCPServiceAccountKey string `json:"gcpServiceAccountKey,omitempty" protobuf:"bytes,13,opt,name=gcpServiceAccountKey"`
+	// Proxy specifies the HTTP/HTTPS proxy used to access repos at the repo server
+	Proxy string `json:"proxy,omitempty" protobuf:"bytes,19,opt,name=proxy"`
+	// ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections
+	ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,20,opt,name=forceHttpBasicAuth"`
+}
+
+// Repository is a repository holding application configurations
+type Repository struct {
+	// Repo contains the URL to the remote repository
+	Repo string `json:"repo" protobuf:"bytes,1,opt,name=repo"`
+	// Username contains the user name used for authenticating at the remote repository
+	Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"`
+	// Password contains the password or PAT used for authenticating at the remote repository
+	Password string `json:"password,omitempty" protobuf:"bytes,3,opt,name=password"`
+	// SSHPrivateKey contains the PEM data for authenticating at the repo server. Only used with Git repos.
+	SSHPrivateKey string `json:"sshPrivateKey,omitempty" protobuf:"bytes,4,opt,name=sshPrivateKey"`
+	// ConnectionState contains information about the current state of connection to the repository server
+	ConnectionState ConnectionState `json:"connectionState,omitempty" protobuf:"bytes,5,opt,name=connectionState"`
+	// InsecureIgnoreHostKey should not be used anymore, Insecure is favoured
+	// Used only for Git repos
+	InsecureIgnoreHostKey bool `json:"insecureIgnoreHostKey,omitempty" protobuf:"bytes,6,opt,name=insecureIgnoreHostKey"`
+	// Insecure specifies whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys
+	Insecure bool `json:"insecure,omitempty" protobuf:"bytes,7,opt,name=insecure"`
+	// EnableLFS specifies whether git-lfs support should be enabled for this repo. Only valid for Git repositories.
+	EnableLFS bool `json:"enableLfs,omitempty" protobuf:"bytes,8,opt,name=enableLfs"`
+	// TLSClientCertData contains a certificate in PEM format for authenticating at the repo server
+	TLSClientCertData string `json:"tlsClientCertData,omitempty" protobuf:"bytes,9,opt,name=tlsClientCertData"`
+	// TLSClientCertKey contains a private key in PEM format for authenticating at the repo server
+	TLSClientCertKey string `json:"tlsClientCertKey,omitempty" protobuf:"bytes,10,opt,name=tlsClientCertKey"`
+	// Type specifies the type of the repo. Can be either "git" or "helm. "git" is assumed if empty or absent.
+	Type string `json:"type,omitempty" protobuf:"bytes,11,opt,name=type"`
+	// Name specifies a name to be used for this repo. Only used with Helm repos
+	Name string `json:"name,omitempty" protobuf:"bytes,12,opt,name=name"`
+	// Whether credentials were inherited from a credential set
+	InheritedCreds bool `json:"inheritedCreds,omitempty" protobuf:"bytes,13,opt,name=inheritedCreds"`
+	// EnableOCI specifies whether helm-oci support should be enabled for this repo
+	EnableOCI bool `json:"enableOCI,omitempty" protobuf:"bytes,14,opt,name=enableOCI"`
+	// Github App Private Key PEM data
+	GithubAppPrivateKey string `json:"githubAppPrivateKey,omitempty" protobuf:"bytes,15,opt,name=githubAppPrivateKey"`
+	// GithubAppId specifies the ID of the GitHub app used to access the repo
+	GithubAppId int64 `json:"githubAppID,omitempty" protobuf:"bytes,16,opt,name=githubAppID"`
+	// GithubAppInstallationId specifies the installation ID of the GitHub App used to access the repo
+	GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty" protobuf:"bytes,17,opt,name=githubAppInstallationID"`
+	// GithubAppEnterpriseBaseURL specifies the base URL of GitHub Enterprise installation. If empty will default to https://api.github.com
+	GitHubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty" protobuf:"bytes,18,opt,name=githubAppEnterpriseBaseUrl"`
+	// Proxy specifies the HTTP/HTTPS proxy used to access the repo
+	Proxy string `json:"proxy,omitempty" protobuf:"bytes,19,opt,name=proxy"`
+	// Reference between project and repository that allows it to be automatically added as an item inside SourceRepos project entity
+	Project string `json:"project,omitempty" protobuf:"bytes,20,opt,name=project"`
+	// GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos
+	GCPServiceAccountKey string `json:"gcpServiceAccountKey,omitempty" protobuf:"bytes,21,opt,name=gcpServiceAccountKey"`
+	// ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections
+	ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty" protobuf:"bytes,22,opt,name=forceHttpBasicAuth"`
+}
+
+// Repositories defines a list of Repository configurations
+type Repositories []*Repository
+
+// RepositoryList is a collection of Repositories.
+type RepositoryList struct {
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	Items           Repositories `json:"items" protobuf:"bytes,2,rep,name=items"`
+}
+
+// RepositoryList is a collection of Repositories.
+type RepoCredsList struct {
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	Items           []RepoCreds `json:"items" protobuf:"bytes,2,rep,name=items"`
+}
+
+// A RepositoryCertificate is either SSH known hosts entry or TLS certificate
+type RepositoryCertificate struct {
+	// ServerName specifies the DNS name of the server this certificate is intended for
+	ServerName string `json:"serverName" protobuf:"bytes,1,opt,name=serverName"`
+	// CertType specifies the type of the certificate - currently one of "https" or "ssh"
+	CertType string `json:"certType" protobuf:"bytes,2,opt,name=certType"`
+	// CertSubType specifies the sub type of the cert, i.e. "ssh-rsa"
+	CertSubType string `json:"certSubType" protobuf:"bytes,3,opt,name=certSubType"`
+	// CertData contains the actual certificate data, dependent on the certificate type
+	CertData []byte `json:"certData" protobuf:"bytes,4,opt,name=certData"`
+	// CertInfo will hold additional certificate info, depdendent on the certificate type (e.g. SSH fingerprint, X509 CommonName)
+	CertInfo string `json:"certInfo" protobuf:"bytes,5,opt,name=certInfo"`
+}
+
+// RepositoryCertificateList is a collection of RepositoryCertificates
+type RepositoryCertificateList struct {
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	// List of certificates to be processed
+	Items []RepositoryCertificate `json:"items" protobuf:"bytes,2,rep,name=items"`
+}
+
+// GnuPGPublicKey is a representation of a GnuPG public key
+type GnuPGPublicKey struct {
+	// KeyID specifies the key ID, in hexadecimal string format
+	KeyID string `json:"keyID" protobuf:"bytes,1,opt,name=keyID"`
+	// Fingerprint is the fingerprint of the key
+	Fingerprint string `json:"fingerprint,omitempty" protobuf:"bytes,2,opt,name=fingerprint"`
+	// Owner holds the owner identification, e.g. a name and e-mail address
+	Owner string `json:"owner,omitempty" protobuf:"bytes,3,opt,name=owner"`
+	// Trust holds the level of trust assigned to this key
+	Trust string `json:"trust,omitempty" protobuf:"bytes,4,opt,name=trust"`
+	// SubType holds the key's sub type (e.g. rsa4096)
+	SubType string `json:"subType,omitempty" protobuf:"bytes,5,opt,name=subType"`
+	// KeyData holds the raw key data, in base64 encoded format
+	KeyData string `json:"keyData,omitempty" protobuf:"bytes,6,opt,name=keyData"`
+}
+
+// GnuPGPublicKeyList is a collection of GnuPGPublicKey objects
+type GnuPGPublicKeyList struct {
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	Items           []GnuPGPublicKey `json:"items" protobuf:"bytes,2,rep,name=items"`
+}