From 0c6256413ebc36953dbeaf5de76f6fe0c5498d28 Mon Sep 17 00:00:00 2001
From: cmoulliard <cmoulliard@redhat.com>
Date: Tue, 12 Nov 2024 11:11:01 +0100
Subject: [PATCH] Include needed argocd k8s resources and change the code to
 set the developer's password. #441

Signed-off-by: cmoulliard <cmoulliard@redhat.com>
---
 hack/argo-cd/argocd-cm.yaml                   |  1 +
 hack/argo-cd/argocd-rbac-dev.yaml             | 12 +++++
 hack/argo-cd/kustomization.yaml               |  1 +
 pkg/controllers/localbuild/argo.go            | 52 ++++++++++---------
 .../localbuild/resources/argo/install.yaml    | 14 +++++
 5 files changed, 55 insertions(+), 25 deletions(-)
 create mode 100644 hack/argo-cd/argocd-rbac-dev.yaml

diff --git a/hack/argo-cd/argocd-cm.yaml b/hack/argo-cd/argocd-cm.yaml
index 8b191064..1ccf0702 100644
--- a/hack/argo-cd/argocd-cm.yaml
+++ b/hack/argo-cd/argocd-cm.yaml
@@ -4,6 +4,7 @@ metadata:
   name: argocd-cm
 data:
   application.resourceTrackingMethod: annotation
+  accounts.developer: apiKey, login
   timeout.reconciliation: 60s
   resource.exclusions: |
     - kinds:
diff --git a/hack/argo-cd/argocd-rbac-dev.yaml b/hack/argo-cd/argocd-rbac-dev.yaml
new file mode 100644
index 00000000..37e3c105
--- /dev/null
+++ b/hack/argo-cd/argocd-rbac-dev.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-rbac-cm
+    app.kubernetes.io/part-of: argocd
+  name: argocd-rbac-cm
+  namespace: argocd
+data:
+  policy.csv: |
+    p, role:developer, applications, *, *, allow
+    g, developer, role:developer
\ No newline at end of file
diff --git a/hack/argo-cd/kustomization.yaml b/hack/argo-cd/kustomization.yaml
index 25872b10..8f4672f3 100644
--- a/hack/argo-cd/kustomization.yaml
+++ b/hack/argo-cd/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - https://raw.githubusercontent.com/argoproj/argo-cd/v2.10.7/manifests/install.yaml
+  - argocd-rbac-dev.yaml
 
 patches:
   - path: dex-server.yaml
diff --git a/pkg/controllers/localbuild/argo.go b/pkg/controllers/localbuild/argo.go
index 79017914..b0f82aa1 100644
--- a/pkg/controllers/localbuild/argo.go
+++ b/pkg/controllers/localbuild/argo.go
@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"golang.org/x/crypto/bcrypt"
 	v1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"time"
@@ -83,8 +82,8 @@ func (r *LocalbuildReconciler) ReconcileArgo(ctx context.Context, req ctrl.Reque
 		// Prepare the patch for the Secret's `stringData` field
 		patchData := map[string]interface{}{
 			"stringData": map[string]string{
-				"admin.password":      string(hashedPassword),
-				"admin.passwordMtime": time.Now().Format(time.RFC3339),
+				"account.developer.password":      string(hashedPassword),
+				"account.developer.passwordMtime": time.Now().Format(time.RFC3339),
 			},
 		}
 		// Convert patch data to JSON
@@ -105,33 +104,36 @@ func (r *LocalbuildReconciler) ReconcileArgo(ctx context.Context, req ctrl.Reque
 			return ctrl.Result{}, fmt.Errorf("getting argocd secret: %w", err)
 		}
 
-		// Patching the argocd-secret with the hashed password
+		// Patching the argocd-secret with the user's hashed password
 		err = kubeClient.Patch(ctx, &s, client.RawPatch(types.StrategicMergePatchType, patchBytes))
 		if err != nil {
 			return ctrl.Result{}, fmt.Errorf("Error patching the Secret: %w", err)
 		}
 
-		adminSecret := v1.Secret{
-			TypeMeta: metav1.TypeMeta{
-				Kind:       "Secret",
-				APIVersion: "v1",
-			},
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      argocdInitialAdminSecretName,
-				Namespace: argocdNamespace,
-			},
-			StringData: map[string]string{
-				argocdInitialAdminPasswordKey: argocdDevModePassword,
-			},
-		}
-
-		// Re-creating the initial admin password secret: argocd-initial-admin-secret as used with "idpbuilder get secrets -p argocd"
-		err = kubeClient.Create(ctx, &adminSecret)
-		if err != nil {
-			return ctrl.Result{}, fmt.Errorf("Error creating the initial admin secret: %w", err)
-		} else {
-			return ctrl.Result{}, nil
-		}
+		/*
+			   This is not needed as we will not generate a new admin password
+
+			   adminSecret := v1.Secret{
+					TypeMeta: metav1.TypeMeta{
+						Kind:       "Secret",
+						APIVersion: "v1",
+					},
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      argocdInitialAdminSecretName,
+						Namespace: argocdNamespace,
+					},
+					StringData: map[string]string{
+						argocdInitialAdminPasswordKey: argocdDevModePassword,
+					},
+				}
+
+				// Re-creating the initial admin password secret: argocd-initial-admin-secret as used with "idpbuilder get secrets -p argocd"
+				err = kubeClient.Create(ctx, &adminSecret)
+				if err != nil {
+					return ctrl.Result{}, fmt.Errorf("Error creating the initial admin secret: %w", err)
+				} else {
+					return ctrl.Result{}, nil
+				}*/
 
 	}
 
diff --git a/pkg/controllers/localbuild/resources/argo/install.yaml b/pkg/controllers/localbuild/resources/argo/install.yaml
index 28dae6ce..6eea371d 100644
--- a/pkg/controllers/localbuild/resources/argo/install.yaml
+++ b/pkg/controllers/localbuild/resources/argo/install.yaml
@@ -21081,6 +21081,20 @@ subjects:
 ---
 apiVersion: v1
 data:
+  policy.csv: |-
+    p, role:developer, applications, *, *, allow
+    g, developer, role:developer
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-rbac-cm
+    app.kubernetes.io/part-of: argocd
+  name: argocd-rbac-cm
+  namespace: argocd
+---
+apiVersion: v1
+data:
+  accounts.developer: apiKey, login
   application.resourceTrackingMethod: annotation
   resource.exclusions: |
     - kinds: