Merge pull request #203 from projectsyn/feat/support-oauth

Support overriding configuration for syn-argocd

class/defaults.yml

@@ -2,23 +2,30 @@
 parameters:
   argocd:
     namespace: syn
+
     distribution: ${facts:distribution}
+
     network_policies:
       enabled: true
       allow_from_namespaces: []
+
     monitoring:
       enabled: true
       dashboards: false
       prometheus_rule_labels:
         prometheus: platform
         cluster_id: ${cluster:name}
         tenant_id: ${cluster:tenant}
+
     resync_time: 3m0s
+
     log_format:
       default: text
     log_level:
       default: info
 
+    override: {}
+
     images:
       kubectl:
         registry: docker.io

component/argocd.jsonnet

@@ -213,6 +213,8 @@ local repoServer = {
   ],
 };
 
+local argocdOverride = com.makeMergeable({ spec: params.override });
+
 local argocd(name) =
   kube._Object('argoproj.io/v1beta1', 'ArgoCD', name) {
     metadata+: {
@@ -368,7 +370,7 @@ local argocd(name) =
       repo: repoServer,
       server: server,
     },
-  };
+  } + if std.length(params.override) > 0 then argocdOverride else {};
 
 local ssh_secret = kube._Object('v1', 'Secret', 'argo-ssh-key') {
   type: 'Opaque',

docs/modules/ROOT/pages/references/parameters.adoc

@@ -91,6 +91,12 @@ default:: []
 
 Additional namespaces which should be able to access ArgoCD.
 
+== `override`
+[horizontal]
+type:: dictionary
+default:: {}
+
+Override specs of the ProjectSyn ArgoCD instance.
 
 == `images`
 

tests/golden/openshift/argocd/argocd/30_argocd/10_argocd.yaml

@@ -42,6 +42,12 @@ spec:
       gitlab-dev.syn.tools ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDybOH3scUSfAJFkskpVn1VcL1mPNSiV05asrCCjDTzSJOeJuCE99KkHf7eTA29as9NaqtMtJcCxhptLfNaRzUR3zf29eUuPhkh2B5PUaqLpsbm6330QxvWsZNJyI8Cf7i78O3qe4dv7p2Fe78ayLKX/q3dRj0PZnl7kMj7YpCfY7VCndqoIKEOlIEqNjzAFhHLgHEMJ8f8cM5s4qorgc3TdCqORGVs5vqkeNm977yz2hMxB7iEET4O2jfBUHzzZ68T5h5AtrL5YVBMP0xTgaLskk7/QnoEsfKAgTXo/AaUuXbzM6N0nIjH00Ll0s6P2fWyRVXz05eauZZhBS85GQTD
       gitlab-dev.syn.tools ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCz/gtGxqX+WS6E9/NLYTkRLkM7r7JHU5N7vz2kJjRbjhR91JvP7NaHtuN5aPm5Wv9rtPKSackQ9B78VCkr6GLw=
       gitlab-dev.syn.tools ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKtv4stHQjApa7wkgvgo4dB52qLzI/zN2Us+89cQXXm0
+  rbac:
+    defaultPolicy: role:readonly
+    policy: |-
+      g, openshiftroot, role:admin
+      g, openshiftrootswissonly, role:admin
+    scopes: '[groups]'
   redis:
     image: docker.io/library/redis
     resources:
@@ -238,11 +244,26 @@ spec:
         group: apiextensions.k8s.io
         kind: CustomResourceDefinition
   server:
-    insecure: true
+    host: syn-argocd.example.com
+    ingress:
+      enabled: false
+    insecure: false
     logFormat: text
     logLevel: info
     resources:
       requests:
         cpu: 10m
         memory: 32Mi
+    route:
+      enabled: true
+      tls:
+        insecureEdgeTerminationPolicy: Redirect
+        termination: reencrypt
+  sso:
+    dex:
+      groups:
+        - openshiftroot
+        - openshiftrootswissonly
+      openShiftOAuth: true
+    provider: dex
   version: v2.11.12

tests/openshift.yml

@@ -28,3 +28,28 @@ parameters:
   argocd:
     network_policies:
       enabled: true
+
+    override:
+      rbac:
+        defaultPolicy: 'role:readonly'
+        policy: |-
+          g, openshiftroot, role:admin
+          g, openshiftrootswissonly, role:admin
+        scopes: '[groups]'
+      sso:
+        provider: dex
+        dex:
+          openShiftOAuth: true
+          groups:
+            - openshiftroot
+            - openshiftrootswissonly
+      server:
+        host: syn-argocd.example.com
+        insecure: false
+        ingress:
+          enabled: false
+        route:
+          enabled: true
+          tls:
+            insecureEdgeTerminationPolicy: Redirect
+            termination: reencrypt