Merge branch 'master' into exclude-default-resources

Signed-off-by: Alexandre Gaudreault <[email protected]>

.gitattributes

@@ -5,9 +5,14 @@ docs/operator-manual/resource_actions_builtin.md linguist-generated=true
 docs/operator-manual/server-commands/argocd-*.md linguist-generated=true
 docs/user-guide/commands/argocd_*.md linguist-generated=true
 manifests/core-install.yaml linguist-generated=true
+manifests/core-install-with-hydrator.yaml linguist-generated=true
 manifests/crds/*-crd.yaml linguist-generated=true
 manifests/ha/install.yaml linguist-generated=true
+manifests/ha/install-with-hydrator.yaml linguist-generated=true
 manifests/ha/namespace-install.yaml linguist-generated=true
+manifests/ha/namespace-install-with-hydrator.yaml linguist-generated=true
 manifests/install.yaml linguist-generated=true
+manifests/install-with-hydrator.yaml linguist-generated=true
 manifests/namespace-install.yaml linguist-generated=true
+manifests/namespace-install-with-hydrator.yaml linguist-generated=true
 pkg/apis/api-rules/violation_exceptions.list linguist-generated=true

.golangci.yaml

@@ -20,7 +20,8 @@ linters:
     - importas
     - ineffassign
     - misspell
-    - nolintlint
+    # Disabled because of https://github.com/argoproj/argo-cd/issues/21705
+    # - nolintlint
     - perfsprint
     - revive
     - staticcheck
@@ -29,14 +30,13 @@ linters:
     - unparam
     - unused
     - usestdlibvars
-    - whitespace 
+    - whitespace
 linters-settings:
   gocritic:
     disabled-checks:
       - appendAssign
-      - assignOp  # Keep it disabled for readability
+      - assignOp # Keep it disabled for readability
       - exitAfterDefer
-      - ifElseChain
       - mapKey
       - typeSwitchVar
   goimports:
@@ -50,23 +50,23 @@ linters-settings:
         - github.com/imdario/mergo:
             recommendations:
               - dario.cat/mergo
-            reason: "`github.com/imdario/mergo` has been renamed."
+            reason: '`github.com/imdario/mergo` has been renamed.'
         - github.com/pkg/errors:
             recommendations:
               - errors
   importas:
     alias:
-      - alias: jwtgo 
+      - alias: jwtgo
         pkg: github.com/golang-jwt/jwt/v5
       - alias: appsv1
         pkg: k8s.io/api/apps/v1
       - alias: corev1
         pkg: k8s.io/api/core/v1
       - alias: rbacv1
         pkg: k8s.io/api/rbac/v1
-      - alias: apierrors 
+      - alias: apierrors
         pkg: k8s.io/apimachinery/pkg/api/errors
-      - alias: metav1 
+      - alias: metav1
         pkg: k8s.io/apimachinery/pkg/apis/meta/v1
       - alias: informersv1
         pkg: k8s.io/client-go/informers/core/v1
@@ -86,92 +86,57 @@ linters-settings:
     # Optimizes into strings concatenation.
     strconcat: true
   revive:
+    # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md
     rules:
-      # Blank import should be only in a main or test package, or have a comment justifying it.
+      - name: bool-literal-in-expr
       - name: blank-imports
         disabled: true
-      # context.Context() should be the first parameter of a function when provided as argument.
       - name: context-as-argument
-        disabled: false
         arguments:
-          # Allow functions with test or bench signatures.
-          - allowTypesBefore: "*testing.T,testing.TB"
-      # Basic types should not be used as a key in `context.WithValue`
+          - allowTypesBefore: '*testing.T,testing.TB'
       - name: context-keys-type
         disabled: true
-      # Importing with `.` makes the programs much harder to understand
       - name: dot-imports
         disabled: true
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#duplicated-imports
       - name: duplicated-imports
-        disabled: false
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#early-return
       - name: early-return
-        disabled: false
         arguments:
-          - "preserveScope"
-      # Empty blocks make code less readable and could be a symptom of a bug or unfinished refactoring.
+          - 'preserveScope'
       - name: empty-block
         disabled: true
-      # for better readability, variables of type `error` must be named with the prefix `err`.
       - name: error-naming
         disabled: true
-      # for better readability, the errors should be last in the list of returned values by a function.
       - name: error-return
-        disabled: false
-      # for better readability, error messages should not be capitalized or end with punctuation or a newline.
       - name: error-strings
         disabled: true
-      # report when replacing `errors.New(fmt.Sprintf())` with `fmt.Errorf()` is possible
       - name: errorf
-        disabled: false
-      # incrementing an integer variable by 1 is recommended to be done using the `++` operator
+      - name: identical-branches
+      - name: if-return
       - name: increment-decrement
-        disabled: false
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#indent-error-flow
       - name: indent-error-flow
-        disabled: false
         arguments:
-          - "preserveScope"
-      # This rule suggests a shorter way of writing ranges that do not use the second value.
+          - 'preserveScope'
+      - name: modifies-parameter
+      - name: optimize-operands-order
       - name: range
-        disabled: false
-      # receiver names in a method should reflect the struct name (p for Person, for example)
       - name: receiver-naming
-        disabled: false
-      # redefining built in names (true, false, append, make) can lead to bugs very difficult to detect.
       - name: redefines-builtin-id
         disabled: true
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#redundant-import-alias
       - name: redundant-import-alias
-        disabled: false
-      # redundant else-blocks that can be eliminated from the code.
       - name: superfluous-else
-        disabled: false
         arguments:
-          - "preserveScope"
-       # prevent confusing name for variables when using `time` package
+          - 'preserveScope'
+      - name: time-equal
       - name: time-naming
         disabled: true
-      # warns when an exported function or method returns a value of an un-exported type.
       - name: unexported-return
         disabled: true
-      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#unnecessary-stmt
       - name: unnecessary-stmt
-        disabled: false
-      # spots and proposes to remove unreachable code. also helps to spot errors
       - name: unreachable-code
-        disabled: false
-      # Functions or methods with unused parameters can be a symptom of an unfinished refactoring or a bug.
       - name: unused-parameter
-        disabled: false
-      # Since Go 1.18, interface{} has an alias: any. This rule proposes to replace instances of interface{} with any.
       - name: use-any
-        disabled: false
-      # report when a variable declaration can be simplified
+      - name: useless-break
       - name: var-declaration
-        disabled: false
-      # warns when initialism, variable or package naming conventions are not followed.
       - name: var-naming
         disabled: true
   testifylint:

applicationset/generators/git.go

@@ -83,11 +83,12 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic
 
 	var err error
 	var res []map[string]any
-	if len(appSetGenerator.Git.Directories) != 0 {
+	switch {
+	case len(appSetGenerator.Git.Directories) != 0:
 		res, err = g.generateParamsForGitDirectories(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
-	} else if len(appSetGenerator.Git.Files) != 0 {
+	case len(appSetGenerator.Git.Files) != 0:
 		res, err = g.generateParamsForGitFiles(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
-	} else {
+	default:
 		return nil, EmptyAppSetGeneratorError
 	}
 	if err != nil {

applicationset/generators/scm_provider.go

@@ -138,15 +138,16 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 
 	ctx := context.Background()
 	var provider scm_provider.SCMProviderService
-	if g.overrideProvider != nil {
+	switch {
+	case g.overrideProvider != nil:
 		provider = g.overrideProvider
-	} else if providerConfig.Github != nil {
+	case providerConfig.Github != nil:
 		var err error
 		provider, err = g.githubProvider(ctx, providerConfig.Github, applicationSetInfo)
 		if err != nil {
 			return nil, fmt.Errorf("scm provider: %w", err)
 		}
-	} else if providerConfig.Gitlab != nil {
+	case providerConfig.Gitlab != nil:
 		providerConfig := providerConfig.Gitlab
 		var caCerts []byte
 		var scmError error
@@ -164,7 +165,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Gitlab service: %w", err)
 		}
-	} else if providerConfig.Gitea != nil {
+	case providerConfig.Gitea != nil:
 		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Gitea token: %w", err)
@@ -173,7 +174,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Gitea service: %w", err)
 		}
-	} else if providerConfig.BitbucketServer != nil {
+	case providerConfig.BitbucketServer != nil:
 		providerConfig := providerConfig.BitbucketServer
 		var caCerts []byte
 		var scmError error
@@ -183,25 +184,26 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 				return nil, fmt.Errorf("error fetching CA certificates from ConfigMap: %w", scmError)
 			}
 		}
-		if providerConfig.BearerToken != nil {
+		switch {
+		case providerConfig.BearerToken != nil:
 			appToken, err := utils.GetSecretRef(ctx, g.client, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
 			}
 			provider, scmError = scm_provider.NewBitbucketServerProviderBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
-		} else if providerConfig.BasicAuth != nil {
+		case providerConfig.BasicAuth != nil:
 			password, err := utils.GetSecretRef(ctx, g.client, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 			if err != nil {
 				return nil, fmt.Errorf("error fetching Secret token: %w", err)
 			}
 			provider, scmError = scm_provider.NewBitbucketServerProviderBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
-		} else {
+		default:
 			provider, scmError = scm_provider.NewBitbucketServerProviderNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.AllBranches, g.scmRootCAPath, providerConfig.Insecure, caCerts)
 		}
 		if scmError != nil {
 			return nil, fmt.Errorf("error initializing Bitbucket Server service: %w", scmError)
 		}
-	} else if providerConfig.AzureDevOps != nil {
+	case providerConfig.AzureDevOps != nil:
 		token, err := utils.GetSecretRef(ctx, g.client, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Azure Devops access token: %w", err)
@@ -210,7 +212,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Azure Devops service: %w", err)
 		}
-	} else if providerConfig.Bitbucket != nil {
+	case providerConfig.Bitbucket != nil:
 		appPassword, err := utils.GetSecretRef(ctx, g.client, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace, g.tokenRefStrictMode)
 		if err != nil {
 			return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %w", err)
@@ -219,13 +221,13 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 		if err != nil {
 			return nil, fmt.Errorf("error initializing Bitbucket cloud service: %w", err)
 		}
-	} else if providerConfig.AWSCodeCommit != nil {
+	case providerConfig.AWSCodeCommit != nil:
 		var awsErr error
 		provider, awsErr = scm_provider.NewAWSCodeCommitProvider(ctx, providerConfig.AWSCodeCommit.TagFilters, providerConfig.AWSCodeCommit.Role, providerConfig.AWSCodeCommit.Region, providerConfig.AWSCodeCommit.AllBranches)
 		if awsErr != nil {
 			return nil, fmt.Errorf("error initializing AWS codecommit service: %w", awsErr)
 		}
-	} else {
+	default:
 		return nil, errors.New("no SCM provider implementation configured")
 	}
 

applicationset/services/pull_request/bitbucket_server_test.go

@@ -277,7 +277,7 @@ func TestListPullRequestTLS(t *testing.T) {
 			defer ts.Close()
 
 			var certs []byte
-			if test.passCerts == true {
+			if test.passCerts {
 				for _, cert := range ts.TLS.Certificates {
 					for _, c := range cert.Certificate {
 						parsedCert, err := x509.ParseCertificate(c)

applicationset/services/pull_request/gitlab_test.go

@@ -167,7 +167,7 @@ func TestListWithStateTLS(t *testing.T) {
 			defer ts.Close()
 
 			var certs []byte
-			if test.passCerts == true {
+			if test.passCerts {
 				for _, cert := range ts.TLS.Certificates {
 					for _, c := range cert.Certificate {
 						parsedCert, err := x509.ParseCertificate(c)

applicationset/services/scm_provider/bitbucket_server_test.go

@@ -452,7 +452,7 @@ func TestListReposTLS(t *testing.T) {
 			defer ts.Close()
 
 			var certs []byte
-			if test.passCerts == true {
+			if test.passCerts {
 				for _, cert := range ts.TLS.Certificates {
 					for _, c := range cert.Certificate {
 						parsedCert, err := x509.ParseCertificate(c)

applicationset/services/scm_provider/gitlab_test.go

@@ -1310,7 +1310,7 @@ func TestGetBranchesTLS(t *testing.T) {
 			defer ts.Close()
 
 			var certs []byte
-			if test.passCerts == true {
+			if test.passCerts {
 				for _, cert := range ts.TLS.Certificates {
 					for _, c := range cert.Certificate {
 						parsedCert, err := x509.ParseCertificate(c)

cmd/argocd-application-controller/commands/argocd_application_controller.go

@@ -72,6 +72,7 @@ func NewCommand() *cobra.Command {
 		metricsCacheExpiration           time.Duration
 		metricsAplicationLabels          []string
 		metricsAplicationConditions      []string
+		metricsClusterLabels             []string
 		kubectlParallelismLimit          int64
 		cacheSource                      func() (*appstatecache.Cache, error)
 		redisClient                      *redis.Client
@@ -202,6 +203,7 @@ func NewCommand() *cobra.Command {
 				metricsCacheExpiration,
 				metricsAplicationLabels,
 				metricsAplicationConditions,
+				metricsClusterLabels,
 				kubectlParallelismLimit,
 				persistResourceHealth,
 				clusterSharding,
@@ -272,6 +274,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server")
 	command.Flags().StringSliceVar(&metricsAplicationLabels, "metrics-application-labels", []string{}, "List of Application labels that will be added to the argocd_application_labels metric")
 	command.Flags().StringSliceVar(&metricsAplicationConditions, "metrics-application-conditions", []string{}, "List of Application conditions that will be added to the argocd_application_conditions metric")
+	command.Flags().StringSliceVar(&metricsClusterLabels, "metrics-cluster-labels", []string{}, "List of Cluster labels that will be added to the argocd_cluster_labels metric")
 	command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to")
 	command.Flags().BoolVar(&otlpInsecure, "otlp-insecure", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE", true), "OpenTelemetry collector insecure mode")
 	command.Flags().StringToStringVar(&otlpHeaders, "otlp-headers", env.ParseStringToStringFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS", map[string]string{}, ","), "List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2)")

cmd/argocd/commands/admin/backup.go

@@ -275,7 +275,8 @@ func NewImportCommand() *cobra.Command {
 					updateTracking(bakObj, &liveObj)
 				}
 
-				if !exists {
+				switch {
+				case !exists:
 					isForbidden := false
 					if !dryRun {
 						_, err = dynClient.Create(ctx, bakObj, metav1.CreateOptions{})
@@ -289,11 +290,11 @@ func NewImportCommand() *cobra.Command {
 					if !isForbidden {
 						fmt.Printf("%s/%s %s in namespace %s created%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), bakObj.GetNamespace(), dryRunMsg)
 					}
-				} else if specsEqual(*bakObj, liveObj) && checkAppHasNoNeedToStopOperation(liveObj, stopOperation) {
+				case specsEqual(*bakObj, liveObj) && checkAppHasNoNeedToStopOperation(liveObj, stopOperation):
 					if verbose {
 						fmt.Printf("%s/%s %s unchanged%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg)
 					}
-				} else {
+				default:
 					isForbidden := false
 					if !dryRun {
 						newLive := updateLive(bakObj, &liveObj, stopOperation)

cmd/argocd/commands/admin/cluster.go

@@ -616,24 +616,25 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command
 
 			var awsAuthConf *v1alpha1.AWSAuthConfig
 			var execProviderConf *v1alpha1.ExecProviderConfig
-			if clusterOpts.AwsClusterName != "" {
+			switch {
+			case clusterOpts.AwsClusterName != "":
 				awsAuthConf = &v1alpha1.AWSAuthConfig{
 					ClusterName: clusterOpts.AwsClusterName,
 					RoleARN:     clusterOpts.AwsRoleArn,
 					Profile:     clusterOpts.AwsProfile,
 				}
-			} else if clusterOpts.ExecProviderCommand != "" {
+			case clusterOpts.ExecProviderCommand != "":
 				execProviderConf = &v1alpha1.ExecProviderConfig{
 					Command:     clusterOpts.ExecProviderCommand,
 					Args:        clusterOpts.ExecProviderArgs,
 					Env:         clusterOpts.ExecProviderEnv,
 					APIVersion:  clusterOpts.ExecProviderAPIVersion,
 					InstallHint: clusterOpts.ExecProviderInstallHint,
 				}
-			} else if generateToken {
+			case generateToken:
 				bearerToken, err = GenerateToken(clusterOpts, conf)
 				errors.CheckError(err)
-			} else if bearerToken == "" {
+			case bearerToken == "":
 				bearerToken = "bearer-token"
 			}
 			if clusterOpts.Name != "" {