diff --git a/bundle/manifests/gitops-operator.clusterserviceversion.yaml b/bundle/manifests/gitops-operator.clusterserviceversion.yaml index 684e7e1ef3d..28f2fd7ae24 100644 --- a/bundle/manifests/gitops-operator.clusterserviceversion.yaml +++ b/bundle/manifests/gitops-operator.clusterserviceversion.yaml @@ -190,7 +190,7 @@ metadata: capabilities: Deep Insights console.openshift.io/plugins: '["gitops-plugin"]' containerImage: quay.io/redhat-developer/gitops-operator - createdAt: "2026-04-09T19:32:55Z" + createdAt: "2026-04-14T12:37:41Z" description: Enables teams to adopt GitOps principles for managing cluster configurations and application delivery across hybrid multi-cluster Kubernetes environments. features.operators.openshift.io/disconnected: "true" diff --git a/go.mod b/go.mod index 9760a43d123..d8a6145f3ed 100644 --- a/go.mod +++ b/go.mod @@ -136,7 +136,7 @@ require ( github.com/prometheus/common v0.66.1 // indirect github.com/prometheus/procfs v0.17.0 // indirect github.com/r3labs/diff/v3 v3.0.2 // indirect - github.com/redis/go-redis/v9 v9.8.0 // indirect + github.com/redis/go-redis/v9 v9.18.0 // indirect github.com/robfig/cron/v3 v3.0.2-0.20210106135023-bc59245fe10e // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.4.0 // indirect @@ -156,6 +156,7 @@ require ( go.opentelemetry.io/otel v1.40.0 // indirect go.opentelemetry.io/otel/metric v1.40.0 // indirect go.opentelemetry.io/otel/trace v1.40.0 // indirect + go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect diff --git a/go.sum b/go.sum index afd22a82bc8..f7b6a743770 100644 --- a/go.sum +++ b/go.sum @@ -273,6 +273,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= +github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY= +github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -383,8 +385,8 @@ github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUO github.com/r3labs/diff/v3 v3.0.2 h1:yVuxAY1V6MeM4+HNur92xkS39kB/N+cFi2hMkY06BbA= github.com/r3labs/diff/v3 v3.0.2/go.mod h1:Cy542hv0BAEmhDYWtGxXRQ4kqRsVIcEjG9gChUlTmkw= github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wOA69Cd2Meli5mmA= -github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI= -github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw= +github.com/redis/go-redis/v9 v9.18.0 h1:pMkxYPkEbMPwRdenAzUNyFNrDgHx9U+DrBabWNfSRQs= +github.com/redis/go-redis/v9 v9.18.0/go.mod h1:k3ufPphLU5YXwNTUcCRXGxUoF1fqxnhFQmscfkCoDA0= github.com/robfig/cron/v3 v3.0.2-0.20210106135023-bc59245fe10e h1:0xChnl3lhHiXbgSJKgChye0D+DvoItkOdkGcwelDXH0= github.com/robfig/cron/v3 v3.0.2-0.20210106135023-bc59245fe10e/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -447,6 +449,8 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= +github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= +github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 h1:YH4g8lQroajqUwWbq/tr2QX1JFmEXaDLgG+ew9bLMWo= @@ -461,6 +465,8 @@ go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2W go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw= go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko= diff --git a/test/openshift/e2e/ginkgo/parallel/1-066_validate_redis_secure_comm_no_autotls_no_ha_test.go b/test/openshift/e2e/ginkgo/parallel/1-066_validate_redis_secure_comm_no_autotls_no_ha_test.go index 1e661e1b42a..758eeeb54b6 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-066_validate_redis_secure_comm_no_autotls_no_ha_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-066_validate_redis_secure_comm_no_autotls_no_ha_test.go @@ -22,6 +22,7 @@ import ( "time" argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1" + "github.com/argoproj-labs/argocd-operator/controllers/argoutil" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" @@ -175,5 +176,72 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { }) + It("verify redis credential distribution", func() { + + By("creating simple Argo CD instance") + ns, cleanupFunc = fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() + + argoCD := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{Name: "argocd", Namespace: ns.Name}, + Spec: argov1beta1api.ArgoCDSpec{}, + } + Expect(k8sClient.Create(ctx, argoCD)).To(Succeed()) + + By("waiting for ArgoCD CR to be reconciled and the instance to be ready") + Eventually(argoCD, "5m", "5s").Should(argocdFixture.BeAvailable()) + + By("verify redis creds are correctly passed to pods") + const expectedMsg = "Loading Redis credentials from mounted directory: /app/config/redis-auth/" + expectedComponents := []string{ + "statefulset/" + argoCD.Name + "-" + "application-controller", + "deployment/" + argoCD.Name + "-" + "repo-server", + "deployment/" + argoCD.Name + "-" + "server", + } + for _, component := range expectedComponents { + logOutput, err := osFixture.ExecCommandWithOutputParam(false, true, + "kubectl", "logs", component, "-n", ns.Name, + ) + Expect(err).ToNot(HaveOccurred(), "Output: "+logOutput) + Expect(logOutput).To(ContainSubstring(expectedMsg)) + // This is how redis disconnect manifests + Expect(logOutput).ToNot(ContainSubstring("manifest cache error")) + Expect(logOutput).ToNot(ContainSubstring("WRONGPASS")) + + mountedFiles, err := osFixture.ExecCommandWithOutputParam(false, true, + "kubectl", "exec", component, "-n", ns.Name, "--", "ls", "-1", argoutil.RedisAuthMountPath, + ) + Expect(err).ToNot(HaveOccurred(), "Output: "+logOutput) + Expect(mountedFiles).ToNot(ContainSubstring("users.acl")) + } + + By("verifying redis password is correct") + redisInitialSecret := &corev1.Secret{} + redisPwdSecretKey := client.ObjectKey{ + Name: argoutil.GetSecretNameWithSuffix(argoCD, "redis-initial-password"), + Namespace: ns.Name, + } + Expect(k8sClient.Get(ctx, redisPwdSecretKey, redisInitialSecret)).Should(Succeed()) + expectedRedisPwd := string(redisInitialSecret.Data["auth"]) + Expect(expectedRedisPwd).ShouldNot(Equal("")) + + redisPingOut, err := osFixture.ExecCommandWithOutputParam(false, false, + "kubectl", "exec", "-n", ns.Name, "-c", "redis", "deployment/argocd-redis", "--", + "redis-cli", "-a", expectedRedisPwd, "--no-auth-warning", "ping", + ) + + Expect(err).ToNot(HaveOccurred(), "Output: "+redisPingOut) + Expect(redisPingOut).NotTo(ContainSubstring("NOAUTH Authentication required")) + Expect(redisPingOut).To(ContainSubstring("PONG")) + + By("verifying redis rejects unauthenticated requests") + redisPingOut, err = osFixture.ExecCommandWithOutputParam(false, false, + "kubectl", "exec", "-n", ns.Name, "-c", "redis", "deployment/argocd-redis", "--", + "redis-cli", "ping", // no auth provided + ) + + Expect(err).ToNot(HaveOccurred(), "Output: "+redisPingOut) + Expect(redisPingOut).To(ContainSubstring("NOAUTH Authentication required")) + Expect(redisPingOut).NotTo(ContainSubstring("PONG")) + }) }) }) diff --git a/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go b/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go index d9cd091b663..a0c8a42b108 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-067_validate_redis_secure_comm_no_autotls_ha_test.go @@ -21,6 +21,7 @@ import ( "os" argov1beta1api "github.com/argoproj-labs/argocd-operator/api/v1beta1" + "github.com/argoproj-labs/argocd-operator/controllers/argoutil" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" @@ -175,19 +176,24 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } By("extracting the contents of /data/conf/sentinel.conf and checking it contains expected values") - sentinelConf, err := osFixture.ExecCommandWithOutputParam(false, true, "kubectl", "exec", "-i", "pod/argocd-redis-ha-server-0", "-n", ns.Name, "-c", "redis", "--", "cat", "/data/conf/sentinel.conf") + sentinelConf, err := osFixture.ExecCommandWithOutputParam( + false, true, + "kubectl", "exec", "-i", "pod/argocd-redis-ha-server-0", "-n", ns.Name, "-c", "redis", + "--", "cat", "/data/conf/sentinel.conf", + ) Expect(err).ToNot(HaveOccurred()) expectedSentinelConfig := []string{ "port 0", "tls-port 26379", - "tls-cert-file \"/app/config/redis/tls/tls.crt\"", - "tls-ca-cert-file \"/app/config/redis/tls/tls.crt\"", - "tls-key-file \"/app/config/redis/tls/tls.key\"", + // Dynamic changes to the config file can result in doublequptes added unpredictably + `tls-cert-file "?/app/config/redis/tls/tls.crt"?`, + `tls-ca-cert-file "?/app/config/redis/tls/tls.crt"?`, + `tls-key-file "?/app/config/redis/tls/tls.key"?`, "tls-replication yes", "tls-auth-clients no", } for _, line := range expectedSentinelConfig { - Expect(sentinelConf).To(ContainSubstring(line)) + Expect(sentinelConf).To(MatchRegexp(line)) } repoServerDepl := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "argocd-repo-server", Namespace: ns.Name}} @@ -210,8 +216,80 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Expect(applicationControllerSS).To(statefulsetFixture.HaveContainerCommandSubstring("argocd-application-controller --operation-processors 10 --redis argocd-redis-ha-haproxy."+ns.Name+".svc.cluster.local:6379 --redis-use-tls --redis-ca-certificate /app/config/controller/tls/redis/tls.crt --repo-server argocd-repo-server."+ns.Name+".svc.cluster.local:8081 --status-processors 20 --kubectl-parallelism-limit 10 --loglevel info --logformat text", 0), "TLS .spec.template.spec.containers.command for argocd-application-controller statefulsets is wrong") - }) + It("verify redis HA credential distribution", func() { + By("verifying we are running on a cluster with at least 3 nodes. This is required for Redis HA") + nodeFixture.ExpectHasAtLeastXNodes(3) + + By("creating simple Argo CD instance") + ns, cleanupFunc = fixture.CreateRandomE2ETestNamespaceWithCleanupFunc() + + argoCD := &argov1beta1api.ArgoCD{ + ObjectMeta: metav1.ObjectMeta{Name: "argocd", Namespace: ns.Name}, + Spec: argov1beta1api.ArgoCDSpec{ + HA: argov1beta1api.ArgoCDHASpec{ + Enabled: true, + }, + }, + } + Expect(k8sClient.Create(ctx, argoCD)).To(Succeed()) + + By("waiting for ArgoCD CR to be reconciled and the instance to be ready") + Eventually(argoCD, "10m", "10s").Should(argocdFixture.BeAvailable()) + + By("verify redis creds are correctly passed to pods") + const expectedMsg = "Loading Redis credentials from mounted directory: /app/config/redis-auth/" + expectedComponents := []string{ + "statefulset/" + argoCD.Name + "-" + "application-controller", + "deployment/" + argoCD.Name + "-" + "repo-server", + "deployment/" + argoCD.Name + "-" + "server", + } + for _, component := range expectedComponents { + logOutput, err := osFixture.ExecCommandWithOutputParam(false, true, + "kubectl", "logs", component, "-n", ns.Name, + ) + Expect(err).ToNot(HaveOccurred(), "Output: "+logOutput) + Expect(logOutput).To(ContainSubstring(expectedMsg)) + // This is how redis disconnect manifests + Expect(logOutput).ToNot(ContainSubstring("manifest cache error")) + Expect(logOutput).ToNot(ContainSubstring("WRONGPASS")) + + mountedFiles, err := osFixture.ExecCommandWithOutputParam(false, true, + "kubectl", "exec", component, "-n", ns.Name, "--", "ls", "-1", argoutil.RedisAuthMountPath, + ) + Expect(err).ToNot(HaveOccurred(), "Output: "+logOutput) + Expect(mountedFiles).ToNot(ContainSubstring("users.acl")) + } + + By("verifying redis password is correct") + redisInitialSecret := &corev1.Secret{} + redisPwdSecretKey := client.ObjectKey{ + Name: argoutil.GetSecretNameWithSuffix(argoCD, "redis-initial-password"), + Namespace: ns.Name, + } + Expect(k8sClient.Get(ctx, redisPwdSecretKey, redisInitialSecret)).Should(Succeed()) + expectedRedisPwd := string(redisInitialSecret.Data["auth"]) + Expect(expectedRedisPwd).ShouldNot(Equal("")) + + redisPingOut, err := osFixture.ExecCommandWithOutputParam(false, false, + "kubectl", "exec", "-n", ns.Name, "-c", "redis", "pod/argocd-redis-ha-server-0", "--", + "redis-cli", "-a", expectedRedisPwd, "--no-auth-warning", "ping", + ) + + Expect(err).ToNot(HaveOccurred(), "Output: "+redisPingOut) + Expect(redisPingOut).NotTo(ContainSubstring("NOAUTH Authentication required")) + Expect(redisPingOut).To(ContainSubstring("PONG")) + + By("verifying redis rejects unauthenticated requests") + redisPingOut, err = osFixture.ExecCommandWithOutputParam(false, false, + "kubectl", "exec", "-n", ns.Name, "-c", "redis", "pod/argocd-redis-ha-server-0", "--", + "redis-cli", "ping", // no auth provided + ) + + Expect(err).ToNot(HaveOccurred(), "Output: "+redisPingOut) + Expect(redisPingOut).To(ContainSubstring("NOAUTH Authentication required")) + Expect(redisPingOut).NotTo(ContainSubstring("PONG")) + }) }) }) diff --git a/test/openshift/e2e/ginkgo/parallel/1-096-validate_home_env_argocd_controller_test.go b/test/openshift/e2e/ginkgo/parallel/1-096-validate_home_env_argocd_controller_test.go index f6d92d6f4df..b27411f9fd1 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-096-validate_home_env_argocd_controller_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-096-validate_home_env_argocd_controller_test.go @@ -50,9 +50,9 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { By("verifying REDIS_PASSWORD env var is no longer set (replaced by redis-initial-pass volume mount)") container := ss.Spec.Template.Spec.Containers[0] - for _, env := range container.Env { - Expect(env.Name).NotTo(Equal("REDIS_PASSWORD")) - } + Expect(container.Env).NotTo(ContainElement( + HaveField("Name", "REDIS_PASSWORD"), + ), "REDIS_PASSWORD should not be set") By("verifying redis-initial-pass volume mount is present") hasRedisAuthMount := false diff --git a/test/openshift/e2e/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go b/test/openshift/e2e/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go index 5b72a7989c7..76e87c58c7c 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-051_validate_argocd_agent_principal_test.go @@ -390,10 +390,9 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Expect(container.Env).To(ContainElement(corev1.EnvVar{Name: key, Value: value}), "Environment variable %s should be set to %s", key, value) } - Expect(container.Env).To(ContainElement(And( + Expect(container.Env).NotTo(ContainElement( HaveField("Name", "REDIS_PASSWORD"), - HaveField("ValueFrom.SecretKeyRef", Not(BeNil())), - )), "REDIS_PASSWORD should be set with valueFrom.secretKeyRef") + ), "REDIS_PASSWORD should not be set") By("Disable principal") diff --git a/test/openshift/e2e/ginkgo/sequential/1-052_validate_argocd_agent_agent_test.go b/test/openshift/e2e/ginkgo/sequential/1-052_validate_argocd_agent_agent_test.go index d394c62d479..d8e9205b586 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-052_validate_argocd_agent_agent_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-052_validate_argocd_agent_agent_test.go @@ -346,10 +346,9 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Expect(container.Env).To(ContainElement(corev1.EnvVar{Name: key, Value: value}), "Environment variable %s should be set to %s", key, value) } - Expect(container.Env).To(ContainElement(And( + Expect(container.Env).NotTo(ContainElement( HaveField("Name", "REDIS_PASSWORD"), - HaveField("ValueFrom.SecretKeyRef", Not(BeNil())), - )), "REDIS_PASSWORD should be set with valueFrom.secretKeyRef") + ), "REDIS_PASSWORD should not be set") By("Verify custom environment variable is present") diff --git a/test/openshift/e2e/ginkgo/sequential/1-053_validate_argocd_agent_principal_connected_test.go b/test/openshift/e2e/ginkgo/sequential/1-053_validate_argocd_agent_principal_connected_test.go index d9292b54b80..a3b320a2672 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-053_validate_argocd_agent_principal_connected_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-053_validate_argocd_agent_principal_connected_test.go @@ -35,6 +35,7 @@ import ( appFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/application" deploymentFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/deployment" k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" + osFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/os" fixtureUtils "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/utils" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -366,6 +367,23 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { cancellableContext, cancelFunc := context.WithCancel(context.Background()) defer cancelFunc() + injectedRedisPwd, err := osFixture.ExecCommandWithOutputParam( + false, false, + "kubectl", "exec", "deployment/argocd-hub-agent-principal", "-n", namespaceAgentPrincipal, + "--", "cat", "/app/config/redis-auth/auth", + ) + Expect(err).NotTo(HaveOccurred()) + Expect(strings.TrimSpace(injectedRedisPwd)).ToNot(BeEmpty()) + + principalEnv, err := osFixture.ExecCommandWithOutputParam( + false, false, + "kubectl", "exec", "deployment/argocd-hub-agent-principal", "-n", namespaceAgentPrincipal, + "--", "cat", "/proc/1/environ", + ) + Expect(err).NotTo(HaveOccurred()) + Expect(principalEnv).To(ContainSubstring("REDIS_CREDS_DIR_PATH=/app/config/redis-auth/")) + Expect(principalEnv).NotTo(ContainSubstring("REDIS_PASSWORD")) + resourceTreeURL := "https://" + argoEndpoint + "/api/v1/stream/applications/" + appOnPrincipal.Name + "/resource-tree?appNamespace=" + appOnPrincipal.Namespace // Wait for successful connection to resource tree event source API, on principal Argo CD @@ -472,6 +490,7 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Eventually(func() bool { for { // drain channel looking for name of new pod + GinkgoWriter.Println("Awaiting message") select { case msg := <-msgChan: GinkgoWriter.Println("Processing message:", msg) @@ -502,7 +521,6 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { } } Expect(matchFound).To(BeTrue()) - } // This test verifies that: