only use global.external-argo-cd.auth values if argo-cd.enabled is false

ATGardner · ATGardner · commit 7aa6da173ffc · 2025-10-08T15:51:26.000+03:00
diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_statefulset.yaml b/charts/gitops-runtime/templates/_components/cf-argocd-extras/event-reporter/_statefulset.yaml
@@ -15,16 +15,18 @@
   {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key"  (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }}
 {{- end }}
 
-{{- $argoCdAuth := (index .Values "global" "external-argo-cd" "auth") }}
-{{- if (eq $argoCdAuth.type "token") }}
-  {{- if $argoCdAuth.token }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
-  {{- else if $argoCdAuth.tokenSecretKeyRef }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
-  {{- else }}
-    {{ fail ".Values.global.external-argo-cd.auth.type is 'token' and .Values.global.external-argo-cd.auth.token or .Values.global.external-argo-cd.auth.tokenSecretKeyRef are not set" }}
+{{- if not (index .Values "argo-cd" "enabled") }}
+  {{- $argoCdAuth := (index .Values "global" "external-argo-cd" "auth") }}
+  {{- if (eq $argoCdAuth.type "token") }}
+    {{- if $argoCdAuth.token }}
+      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
+      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
+    {{- else if $argoCdAuth.tokenSecretKeyRef }}
+      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
+      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
+    {{- else }}
+      {{ fail ".Values.global.external-argo-cd.auth.type is 'token' and .Values.global.external-argo-cd.auth.token or .Values.global.external-argo-cd.auth.tokenSecretKeyRef are not set" }}
+    {{- end }}
   {{- end }}
 {{- end }}
 
diff --git a/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_deployment.yaml b/charts/gitops-runtime/templates/_components/cf-argocd-extras/sources-server/_deployment.yaml
@@ -15,16 +15,18 @@
   {{- $_ := set $context.Values.container.env.REDIS_PASSWORD.valueFrom.secretKeyRef "key"  (default "redis-password" $vals.externalRedis.existingSecretKeyRef.key) }}
 {{- end }}
 
-{{- $argoCdAuth := (index .Values "global" "external-argo-cd" "auth") }}
-{{- if (eq $argoCdAuth.type "token") }}
-  {{- if $argoCdAuth.token }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
-  {{- else if $argoCdAuth.tokenSecretKeyRef }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
-    {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
-  {{- else }}
-    {{ fail ".Values.global.external-argo-cd.auth.type is 'token' and .Values.global.external-argo-cd.auth.token or .Values.global.external-argo-cd.auth.tokenSecretKeyRef are not set" }}
+{{- if not (index .Values "argo-cd" "enabled") }}
+  {{- $argoCdAuth := (index .Values "global" "external-argo-cd" "auth") }}
+  {{- if (eq $argoCdAuth.type "token") }}
+    {{- if $argoCdAuth.token }}
+      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
+      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
+    {{- else if $argoCdAuth.tokenSecretKeyRef }}
+      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
+      {{- $_ := set $context.Values.container.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
+    {{- else }}
+      {{ fail ".Values.global.external-argo-cd.auth.type is 'token' and .Values.global.external-argo-cd.auth.token or .Values.global.external-argo-cd.auth.tokenSecretKeyRef are not set" }}
+    {{- end }}
   {{- end }}
 {{- end }}
 
diff --git a/charts/gitops-runtime/templates/_helpers.tpl b/charts/gitops-runtime/templates/_helpers.tpl
@@ -236,8 +236,20 @@ Determine argocd server url witout the protocol. Must be called with chart root
 {{- end}}
 
 {{- define "codefresh-gitops-runtime.argocd-auth" -}}
+  {{- $internalArgoCd := (index $.Values "argo-cd" "enabled") }}
   {{- $authValues := (index .Values "global" "external-argo-cd" "auth") }}
-  {{- if (eq $authValues.type "password") }}
+  {{- if $internalArgoCd }}
+ARGO_CD_USERNAME:
+  valueFrom:
+    configMapKeyRef:
+      name: cap-app-proxy-cm
+      key: argoCdUsername
+ARGO_CD_PASSWORD:
+  valueFrom:
+    secretKeyRef:
+      name: argocd-initial-admin-secret
+      key: password
+  {{- else if (eq $authValues.type "password") }}
 ARGO_CD_USERNAME:
   valueFrom:
     configMapKeyRef:
diff --git a/charts/gitops-runtime/templates/gitops-operator/deployment.yaml b/charts/gitops-runtime/templates/gitops-operator/deployment.yaml
@@ -8,16 +8,18 @@
 {{- $_ := set $context.Values "global" (deepCopy (get .Values "global")) }}
 {{- $_ := set $context.Values "app-proxy" (deepCopy (get .Values "app-proxy")) }}
 
-{{- $argoCdAuth := (index .Values "global" "external-argo-cd" "auth") }}
-{{- if (eq $argoCdAuth.type "token") }}
-  {{- if $argoCdAuth.token }}
-    {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
-    {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
-  {{- else if $argoCdAuth.tokenSecretKeyRef }}
-    {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
-    {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
-  {{- else }}
-    {{ fail ".Values.global.external-argo-cd.auth.type is 'token' and .Values.global.external-argo-cd.auth.token or .Values.global.external-argo-cd.auth.tokenSecretKeyRef are not set" }}
+{{- if not (index .Values "argo-cd" "enabled") }}
+  {{- $argoCdAuth := (index .Values "global" "external-argo-cd" "auth") }}
+  {{- if (eq $argoCdAuth.type "token") }}
+    {{- if $argoCdAuth.token }}
+      {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_NAME" "gitops-runtime-argo-cd-token" }}
+      {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_KEY" "token" }}
+    {{- else if $argoCdAuth.tokenSecretKeyRef }}
+      {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_NAME" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.name is required" $argoCdAuth.tokenSecretKeyRef.name) }}
+      {{- $_ := set $context.Values.env "ARGO_CD_TOKEN_SECRET_KEY" (required ".Values.global.external-argo-cd.auth.type is set to 'token' therefore .Values.global.external-argo-cd.auth.tokenSecretKeyRef.key is required" $argoCdAuth.tokenSecretKeyRef.key) }}
+    {{- else }}
+      {{ fail ".Values.global.external-argo-cd.auth.type is 'token' and .Values.global.external-argo-cd.auth.token or .Values.global.external-argo-cd.auth.tokenSecretKeyRef are not set" }}
+    {{- end }}
   {{- end }}
 {{- end }}
 
diff --git a/charts/gitops-runtime/tests/external_argocd_test.yaml b/charts/gitops-runtime/tests/external_argocd_test.yaml
@@ -117,6 +117,50 @@ tests:
                 key: password
                 name: argocd-initial-admin-secret
 
+  - it: app-proxy Deployment should have valid deafult ARGO_CD_USERNAME env var if auth.type is password with internal argo-cd
+    values:
+      - ./values/mandatory-values-ingress.yaml
+    set:
+      global:
+        external-argo-cd:
+          auth:
+            type: token
+            tokenSecretKeyRef:
+              name: my-argocd-token
+              key: my-token
+    template: app-proxy/deployment.yaml
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ARGO_CD_USERNAME
+            valueFrom:
+              configMapKeyRef:
+                key: argoCdUsername
+                name: cap-app-proxy-cm
+
+  - it: app-proxy Deployment should have valid deafult ARGO_CD_PASSWORD env var set via passwordSecretKeyRef with internal argo-cd
+    values:
+      - ./values/mandatory-values-ingress.yaml
+    set:
+      global:
+        external-argo-cd:
+          auth:
+            type: token
+            tokenSecretKeyRef:
+              name: my-argocd-token
+              key: my-token
+    template: app-proxy/deployment.yaml
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ARGO_CD_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: password
+                name: argocd-initial-admin-secret
+
   - it: app-proxy Deployment should have valid ARGO_CD_PASSWORD env var set via passwordSecretKeyRef override
     values:
       - ./values/mandatory-values-ingress.yaml
@@ -351,6 +395,44 @@ tests:
             name: ARGO_CD_TOKEN_SECRET_KEY
             value: token
 
+  - it: gitops-operator Deployment should have valid default ARGO_CD_TOKEN_SECRET_NAME env var with internal argo-cd
+    values:
+      - ./values/mandatory-values-ingress.yaml
+    set:
+      global:
+        external-argo-cd:
+          auth:
+            type: token
+            tokenSecretKeyRef:
+              name: my-argocd-token
+              key: my-token
+    template: gitops-operator/deployment.yaml
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ARGO_CD_TOKEN_SECRET_NAME
+            value: argocd-token
+
+  - it: gitops-operator Deployment should have valid default ARGO_CD_TOKEN_SECRET_KEY env var with internal argo-cd
+    values:
+      - ./values/mandatory-values-ingress.yaml
+    set:
+      global:
+        external-argo-cd:
+          auth:
+            type: token
+            tokenSecretKeyRef:
+              name: my-argocd-token
+              key: my-token
+    template: gitops-operator/deployment.yaml
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ARGO_CD_TOKEN_SECRET_KEY
+            value: token
+
   - it: gitops-operator Deployment should have valid ARGO_CD_URL env var
     values:
       - ./values/mandatory-values-ingress.yaml
@@ -427,6 +509,44 @@ tests:
             name: ARGO_CD_TOKEN_SECRET_KEY
             value: token
 
+  - it: event-reporter StatefulSet should have valid default ARGO_CD_TOKEN_SECRET_NAME env var with internal argo-cd
+    template: cf-argocd-extras/event-reporter/statefulset.yaml
+    values:
+      - ./values/mandatory-values-ingress.yaml
+    set:
+      global:
+        external-argo-cd:
+          auth:
+            type: token
+            tokenSecretKeyRef:
+              name: my-argocd-token
+              key: my-token
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ARGO_CD_TOKEN_SECRET_NAME
+            value: argocd-token
+
+  - it: event-reporter StatefulSet should have valid default ARGO_CD_TOKEN_SECRET_KEY env var
+    template: cf-argocd-extras/event-reporter/statefulset.yaml
+    values:
+      - ./values/mandatory-values-ingress.yaml
+    set:
+      global:
+        external-argo-cd:
+          auth:
+            type: token
+            tokenSecretKeyRef:
+              name: my-argocd-token
+              key: my-token
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ARGO_CD_TOKEN_SECRET_KEY
+            value: token
+
   - it: event-reporter StatefulSet should have valid ARGO_CD_TOKEN_SECRET_NAME env var set via tokenSecretKeyRef
     template: cf-argocd-extras/event-reporter/statefulset.yaml
     values:
@@ -557,6 +677,44 @@ tests:
             name: ARGO_CD_TOKEN_SECRET_KEY
             value: token
 
+  - it: sources-server Deployment should have valid default ARGO_CD_TOKEN_SECRET_NAME env var with internal argo-cd
+    template: cf-argocd-extras/sources-server/deployment.yaml
+    values:
+      - ./values/mandatory-values-ingress.yaml
+    set:
+      global:
+        external-argo-cd:
+          auth:
+            type: token
+            tokenSecretKeyRef:
+              name: my-argocd-token
+              key: my-token
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ARGO_CD_TOKEN_SECRET_NAME
+            value: argocd-token
+
+  - it: sources-server Deployment should have valid default ARGO_CD_TOKEN_SECRET_KEY env var with internal argo-cd
+    template: cf-argocd-extras/sources-server/deployment.yaml
+    values:
+      - ./values/mandatory-values-ingress.yaml
+    set:
+      global:
+        external-argo-cd:
+          auth:
+            type: token
+            tokenSecretKeyRef:
+              name: my-argocd-token
+              key: my-token
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ARGO_CD_TOKEN_SECRET_KEY
+            value: token
+
   - it: sources-server Deployment should have valid ARGO_CD_TOKEN_SECRET_NAME env var set via tokenSecretKeyRef
     template: cf-argocd-extras/sources-server/deployment.yaml
     values:
@@ -822,3 +980,4 @@ tests:
     asserts:
       - failedTemplate:
           errorMessage: "ArgoCD is not enabled and .Values.global.external-argo-cd.server is not set"
+
