Skip to content

Commit

Permalink
fix(plugin): remove git environment variables unavailable to plugin e…
Browse files Browse the repository at this point in the history
…xecution (#14998) (#15104)

* remove git creds environment variables unavailable to plugin execution

Signed-off-by: jmcshane <james.mcshane@superorbital.io>

* remove integration test asserting askpass is forwarded

Signed-off-by: jmcshane <james.mcshane@superorbital.io>

---------

Signed-off-by: jmcshane <james.mcshane@superorbital.io>
  • Loading branch information
jmcshane authored Oct 3, 2023
1 parent 72f7b14 commit 0b43069
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 28 deletions.
24 changes: 7 additions & 17 deletions reposerver/repository/repository.go
Original file line number Diff line number Diff line change
Expand Up @@ -1381,7 +1381,7 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string,
pluginName = q.ApplicationSource.Plugin.Name
}
// if pluginName is provided it has to be `<metadata.name>-<spec.version>` or just `<metadata.name>` if plugin version is empty
targetObjs, err = runConfigManagementPluginSidecars(ctx, appPath, repoRoot, pluginName, env, q, q.Repo.GetGitCreds(gitCredsStore), opt.cmpTarDoneCh, opt.cmpTarExcludedGlobs)
targetObjs, err = runConfigManagementPluginSidecars(ctx, appPath, repoRoot, pluginName, env, q, opt.cmpTarDoneCh, opt.cmpTarExcludedGlobs)
if err != nil {
err = fmt.Errorf("plugin sidecar failed. %s", err.Error())
}
Expand Down Expand Up @@ -1845,25 +1845,17 @@ func makeJsonnetVm(appPath string, repoRoot string, sourceJsonnet v1alpha1.Appli
return vm, nil
}

func getPluginEnvs(env *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds) ([]string, error) {
func getPluginEnvs(env *v1alpha1.Env, q *apiclient.ManifestRequest) ([]string, error) {
envVars := env.Environ()
envVars = append(envVars, "KUBE_VERSION="+text.SemVer(q.KubeVersion))
envVars = append(envVars, "KUBE_API_VERSIONS="+strings.Join(q.ApiVersions, ","))

return getPluginParamEnvs(envVars, q.ApplicationSource.Plugin, creds)
return getPluginParamEnvs(envVars, q.ApplicationSource.Plugin)
}

// getPluginParamEnvs gets environment variables for plugin parameter announcement generation.
func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlugin, creds git.Creds) ([]string, error) {
func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlugin) ([]string, error) {
env := envVars
if creds != nil {
closer, environ, err := creds.Environ()
if err != nil {
return nil, err
}
defer func() { _ = closer.Close() }()
env = append(env, environ...)
}

parsedEnv := make(v1alpha1.Env, len(env))
for i, v := range env {
Expand All @@ -1890,9 +1882,9 @@ func getPluginParamEnvs(envVars []string, plugin *v1alpha1.ApplicationSourcePlug
return env, nil
}

func runConfigManagementPluginSidecars(ctx context.Context, appPath, repoPath, pluginName string, envVars *v1alpha1.Env, q *apiclient.ManifestRequest, creds git.Creds, tarDoneCh chan<- bool, tarExcludedGlobs []string) ([]*unstructured.Unstructured, error) {
func runConfigManagementPluginSidecars(ctx context.Context, appPath, repoPath, pluginName string, envVars *v1alpha1.Env, q *apiclient.ManifestRequest, tarDoneCh chan<- bool, tarExcludedGlobs []string) ([]*unstructured.Unstructured, error) {
// compute variables.
env, err := getPluginEnvs(envVars, q, creds)
env, err := getPluginEnvs(envVars, q)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -2134,16 +2126,14 @@ func populateKustomizeAppDetails(res *apiclient.RepoAppDetailsResponse, q *apicl
func populatePluginAppDetails(ctx context.Context, res *apiclient.RepoAppDetailsResponse, appPath string, repoPath string, q *apiclient.RepoServerAppDetailsQuery, store git.CredsStore, tarExcludedGlobs []string) error {
res.Plugin = &apiclient.PluginAppSpec{}

creds := q.Repo.GetGitCreds(store)

envVars := []string{
fmt.Sprintf("ARGOCD_APP_NAME=%s", q.AppName),
fmt.Sprintf("ARGOCD_APP_SOURCE_REPO_URL=%s", q.Repo.Repo),
fmt.Sprintf("ARGOCD_APP_SOURCE_PATH=%s", q.Source.Path),
fmt.Sprintf("ARGOCD_APP_SOURCE_TARGET_REVISION=%s", q.Source.TargetRevision),
}

env, err := getPluginParamEnvs(envVars, q.Source.Plugin, creds)
env, err := getPluginParamEnvs(envVars, q.Source.Plugin)
if err != nil {
return fmt.Errorf("failed to get env vars for plugin: %w", err)
}
Expand Down
12 changes: 1 addition & 11 deletions test/e2e/custom_tool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,7 @@ func TestCustomToolWithGitCreds(t *testing.T) {
Then().
Expect(OperationPhaseIs(OperationSucceeded)).
Expect(SyncStatusIs(SyncStatusCodeSynced)).
Expect(HealthIs(health.HealthStatusHealthy)).
And(func(app *Application) {
output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.GitAskpass}")
assert.NoError(t, err)
assert.Equal(t, "argocd", output)
})
Expect(HealthIs(health.HealthStatusHealthy))
}

// make sure we can echo back the Git creds
Expand All @@ -70,11 +65,6 @@ func TestCustomToolWithGitCredsTemplate(t *testing.T) {
Expect(OperationPhaseIs(OperationSucceeded)).
Expect(SyncStatusIs(SyncStatusCodeSynced)).
Expect(HealthIs(health.HealthStatusHealthy)).
And(func(app *Application) {
output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.GitAskpass}")
assert.NoError(t, err)
assert.Equal(t, "argocd", output)
}).
And(func(app *Application) {
output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.GitUsername}")
assert.NoError(t, err)
Expand Down

0 comments on commit 0b43069

Please sign in to comment.