From 118e9721b121026285d433462f778cde0ae4f42a Mon Sep 17 00:00:00 2001 From: PagesCoffy Date: Mon, 21 Oct 2024 18:05:47 +0000 Subject: [PATCH] [Integration][ArgoCD] - Option to bypass SSL cert validation when connecting to ArgoCD (#1083) # Description What - Added option to bypass SSL cert validation when making connections to ArgoCD server. Why - Some customers want to try the integration against their local argocd instance before rolling it out to their main server. On local clusters such as docker desktop or minikube, they are unable to see entities ingested because of SSL verification checks. They get this error `Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1006) ` How - Added a customer httpx client and set `verify=False` when `allow_insecure=true` filter is passed to the integration ## Type of change Please leave one option from the following and delete the rest: - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] New Integration (non-breaking change which adds a new integration) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] Non-breaking change (fix of existing functionality that will not change current behavior) - [ ] Documentation (added/updated documentation)

All tests should be run against the port production environment(using a testing org).

### Core testing checklist - [ ] Integration able to create all default resources from scratch - [ ] Resync finishes successfully - [ ] Resync able to create entities - [ ] Resync able to update entities - [ ] Resync able to detect and delete entities - [ ] Scheduled resync able to abort existing resync and start a new one - [ ] Tested with at least 2 integrations from scratch - [ ] Tested with Kafka and Polling event listeners - [ ] Tested deletion of entities that don't pass the selector ### Integration testing checklist - [ ] Integration able to create all default resources from scratch - [ ] Resync able to create entities - [ ] Resync able to update entities - [ ] Resync able to detect and delete entities - [ ] Resync finishes successfully - [ ] If new resource kind is added or updated in the integration, add example raw data, mapping and expected result to the `examples` folder in the integration directory. - [ ] If resource kind is updated, run the integration with the example data and check if the expected result is achieved - [ ] If new resource kind is added or updated, validate that live-events for that resource are working as expected - [ ] Docs PR link [here](#) ### Preflight checklist - [ ] Handled rate limiting - [ ] Handled pagination - [ ] Implemented the code in async - [ ] Support Multi account ## Screenshots Include screenshots from your environment showing how the resources of the integration will look. ## API Documentation Provide links to the API documentation used for this integration. --------- Co-authored-by: Tom Tankilevitch <59158507+Tankilevitch@users.noreply.github.com> --- integrations/argocd/.port/spec.yaml | 5 +++++ integrations/argocd/CHANGELOG.md | 8 ++++++++ integrations/argocd/client.py | 15 +++++++++++++-- integrations/argocd/main.py | 1 + integrations/argocd/pyproject.toml | 2 +- 5 files changed, 28 insertions(+), 3 deletions(-) diff --git a/integrations/argocd/.port/spec.yaml b/integrations/argocd/.port/spec.yaml index 9f6d24df1f..eb6509d35a 100644 --- a/integrations/argocd/.port/spec.yaml +++ b/integrations/argocd/.port/spec.yaml @@ -28,3 +28,8 @@ configurations: required: false description: Whether to ignore server errors when fetching data from ArgoCD. If set to true, the exporter will continue to fetch data and ingest entities in Port without failing the resync event even if the ArgoCD server returns an error. If set to false, the exporter will stop fetching data and fail the resync event when the ArgoCD server returns an error. Default is false. default: false + - name: allowInsecure + type: boolean + required: false + description: Whether to allow insecure connections to the ArgoCD server. If set to true, the exporter will allow insecure connections to the ArgoCD server. If set to false, the exporter will only allow secure connections to the ArgoCD server. Default is false. + default: false diff --git a/integrations/argocd/CHANGELOG.md b/integrations/argocd/CHANGELOG.md index a700499177..b6aaeeccb4 100644 --- a/integrations/argocd/CHANGELOG.md +++ b/integrations/argocd/CHANGELOG.md @@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 +## 0.1.95 (2024-10-18) + + +### Improvements + +- Added support for optional insecure connections to Argocd with SSL verification disabled when allow_insecure is set to True (0.1.95) + + ## 0.1.94 (2024-10-14) diff --git a/integrations/argocd/client.py b/integrations/argocd/client.py index 968e39dbb1..0a701b7ebf 100644 --- a/integrations/argocd/client.py +++ b/integrations/argocd/client.py @@ -23,12 +23,23 @@ class ResourceKindsWithSpecialHandling(StrEnum): class ArgocdClient: - def __init__(self, token: str, server_url: str, ignore_server_error: bool): + def __init__( + self, + token: str, + server_url: str, + ignore_server_error: bool, + allow_insecure: bool, + ): self.token = token self.api_url = f"{server_url}/api/v1" self.ignore_server_error = ignore_server_error + self.allow_insecure = allow_insecure self.api_auth_header = {"Authorization": f"Bearer {self.token}"} - self.http_client = http_async_client + if self.allow_insecure: + # This is not recommended for production use + self.http_client = httpx.AsyncClient(verify=False) + else: + self.http_client = http_async_client self.http_client.headers.update(self.api_auth_header) async def _send_api_request( diff --git a/integrations/argocd/main.py b/integrations/argocd/main.py index 69b17f798c..3c4d56cbc1 100644 --- a/integrations/argocd/main.py +++ b/integrations/argocd/main.py @@ -10,6 +10,7 @@ def init_client() -> ArgocdClient: ocean.integration_config["token"], ocean.integration_config["server_url"], ocean.integration_config["ignore_server_error"], + ocean.integration_config["allow_insecure"], ) diff --git a/integrations/argocd/pyproject.toml b/integrations/argocd/pyproject.toml index d45c9b89a9..272a7c5325 100644 --- a/integrations/argocd/pyproject.toml +++ b/integrations/argocd/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "argocd" -version = "0.1.94" +version = "0.1.95" description = "Argo CD integration powered by Ocean" authors = ["Isaac Coffie "]