[CR-21153] 1.4.1 Adding CA_BUNDLE option

Signed-off-by: Laurent Rochette <[email protected]>
codefresh-io · Nov 1, 2023 · f694358 · f694358
1 parent bf70da3
commit f694358
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/incubating/argo-cd-sync/CHANGELOG.md b/incubating/argo-cd-sync/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## [1.4.1] - 2023-10-31
+### Changed
+Add CA_BUNDLE option
+
 ## [1.4.0] - 2023-10-30
 ### Changed
 Add INSECURE option

diff --git a/incubating/argo-cd-sync/argocd_sync.py b/incubating/argo-cd-sync/argocd_sync.py
@@ -26,6 +26,10 @@
 
 # Check the certificate or not accessing the API endpoint
 VERIFY      = True if os.getenv('INSECURE', "False").lower() == "true" else False
+CA_BUNDLE   = os.getenv('CA_BUNDLE')
+
+if CA_BUNDLE != None:
+    VERIFY='/root/bundle.pem'
 
 #######################################################################
 
@@ -41,7 +45,8 @@ def main():
     logging.debug("MAX CHECKS: %s", MAX_CHECKS)
     logging.debug("ROLLBACK: %s", ROLLBACK)
     logging.debug("VERIFY: %s", VERIFY)
-
+    logging.debug("BUNDLE: %s", CA_BUNDLE)
+
     ingress_host = get_runtime_ingress_host()
     execute_argocd_sync(ingress_host)
     namespace=get_runtime_ns()

diff --git a/incubating/argo-cd-sync/step.yaml b/incubating/argo-cd-sync/step.yaml
@@ -1,7 +1,7 @@
 kind: step-type
 metadata:
   name: argo-cd-sync
-  version: 1.4.0
+  version: 1.4.1
   isPublic: true
   description: Syncs Argo CD apps managed by our GitOps Runtimes
   sources:
@@ -99,6 +99,10 @@ spec:
           "description": "OPTIONAL - Wait for the app to be healthy after a rollback. Forces ROLLBACK to true",
           "default": false
         },
+        "CA_BUNDLE": {
+          "type": "string",
+          "description": "OPTIONAL - a base64 encoded stringnthat contain the complete CA Certificate Bundle"
+        },
         "INSECURE": {
           "type": "boolean",
           "description": "OPTIONAL - to allow the usage of a self-signed certificate in the chain to reach the API endpoint",
@@ -150,8 +154,15 @@ spec:
         - '[[ $key ]]=[[ $val ]]'
       [[- end ]]
       commands:
+      [[ if .Arguments.CA_BUNDLE ]]
+        - echo [[ .Arguments.CA_BUNDLE ]] | base64 -d >/root/bundle.pem
+      [[ end ]]
         - cd /app
         - python3 run.py
+      [[ if .Arguments.CA_BUNDLE ]]
+        - echo [[ .Arguments.CA_BUNDLE ]] | base64 -d >/root/bundle.pem
+      [[ end ]]
+
   delimiters:
     left: '[['
     right: ']]'