Merge branch 'main' into cve-severity-image-scan-oss

Author: gireesh-naidu

.github/workflows/github_pagerduty_score_calculation.yml

@@ -14,7 +14,15 @@ jobs:
         uses: actions/setup-python@v2
         with:
           python-version: '3.x' 
-
+      - if: github.event.label.name == 'pager-duty'
+        name: discord webhook
+        env:
+          DISCORD_WEBHOOK: ${{ secrets.GH_ISSUES_DISCORD_WEBHOOK }}
+          DISCORD_WEBHOOK_FORUM: ${{ secrets.PAGERDUTY_DISCORD_WEBHOOK }}
+          ENABLE_FORUM: true
+        uses: devtron-labs/action-discord@master
+        with:
+          args: " ${{ github.event.issue.title }} ${{ github.event.issue.html_url }}"
       - name: Check if pager-duty template is used
         if: ${{ contains(github.event.issue.labels.*.name, 'pager-duty') && contains(github.event.issue.labels.*.name, 'bug') }}
         run: |

.gitignore

@@ -4,4 +4,3 @@
 .env
 /cmd/external-app/devtron-ea
 devtron
-/vendor/github.com/argoproj/argo-cd/assets

Wire.go

@@ -75,8 +75,10 @@ import (
 	"github.com/devtron-labs/devtron/cel"
 	"github.com/devtron-labs/devtron/client/argocdServer"
 	"github.com/devtron-labs/devtron/client/argocdServer/application"
+	"github.com/devtron-labs/devtron/client/argocdServer/certificate"
 	cluster2 "github.com/devtron-labs/devtron/client/argocdServer/cluster"
 	"github.com/devtron-labs/devtron/client/argocdServer/connection"
+	repocreds "github.com/devtron-labs/devtron/client/argocdServer/repocreds"
 	repository2 "github.com/devtron-labs/devtron/client/argocdServer/repository"
 	session2 "github.com/devtron-labs/devtron/client/argocdServer/session"
 	"github.com/devtron-labs/devtron/client/cron"
@@ -973,6 +975,9 @@ func InitializeApp() (*App, error) {
 		imageDigestPolicy.NewImageDigestPolicyServiceImpl,
 		wire.Bind(new(imageDigestPolicy.ImageDigestPolicyService), new(*imageDigestPolicy.ImageDigestPolicyServiceImpl)),
 
+		certificate.NewServiceClientImpl,
+		wire.Bind(new(certificate.Client), new(*certificate.ServiceClientImpl)),
+
 		appStoreRestHandler.AppStoreWireSet,
 
 		cel.NewCELServiceImpl,
@@ -983,6 +988,9 @@ func InitializeApp() (*App, error) {
 
 		common.NewDeploymentConfigServiceImpl,
 		wire.Bind(new(common.DeploymentConfigService), new(*common.DeploymentConfigServiceImpl)),
+
+		repocreds.NewServiceClientImpl,
+		wire.Bind(new(repocreds.ServiceClient), new(*repocreds.ServiceClientImpl)),
 	)
 	return &App{}, nil
 }

api/bean/gitOps/GitOpsConfig.go

@@ -16,21 +16,30 @@
 
 package gitOps
 
-import "time"
+import (
+	"github.com/devtron-labs/devtron/api/bean"
+	"time"
+)
 
 type GitOpsConfigDto struct {
-	Id                    int    `json:"id,omitempty"`
-	Provider              string `json:"provider" validate:"oneof=GITLAB GITHUB AZURE_DEVOPS BITBUCKET_CLOUD"`
-	Username              string `json:"username"`
-	Token                 string `json:"token"`
-	GitLabGroupId         string `json:"gitLabGroupId"`
-	GitHubOrgId           string `json:"gitHubOrgId"`
-	Host                  string `json:"host"`
-	Active                bool   `json:"active"`
-	AzureProjectName      string `json:"azureProjectName"`
-	BitBucketWorkspaceId  string `json:"bitBucketWorkspaceId"`
-	BitBucketProjectKey   string `json:"bitBucketProjectKey"`
-	AllowCustomRepository bool   `json:"allowCustomRepository"`
+	Id                    int             `json:"id,omitempty"`
+	Provider              string          `json:"provider" validate:"oneof=GITLAB GITHUB AZURE_DEVOPS BITBUCKET_CLOUD"`
+	Username              string          `json:"username"`
+	Token                 string          `json:"token"`
+	GitLabGroupId         string          `json:"gitLabGroupId"`
+	GitHubOrgId           string          `json:"gitHubOrgId"`
+	Host                  string          `json:"host"`
+	Active                bool            `json:"active"`
+	AzureProjectName      string          `json:"azureProjectName"`
+	BitBucketWorkspaceId  string          `json:"bitBucketWorkspaceId"`
+	BitBucketProjectKey   string          `json:"bitBucketProjectKey"`
+	AllowCustomRepository bool            `json:"allowCustomRepository"`
+	EnableTLSVerification bool            `json:"enableTLSVerification"`
+	TLSConfig             *bean.TLSConfig `json:"tlsConfig"`
+
+	IsCADataPresent      bool `json:"isCADataPresent"`
+	IsTLSCertDataPresent bool `json:"isTLSCertDataPresent"`
+	IsTLSKeyDataPresent  bool `json:"isTLSKeyDataPresent"`
 
 	// TODO refactoring: create different struct for internal fields
 	GitRepoName string `json:"-"`

api/bean/tlsConfig.go

@@ -0,0 +1,7 @@
+package bean
+
+type TLSConfig struct {
+	CaData      string `json:"caData"`
+	TLSCertData string `json:"tlsCertData"`
+	TLSKeyData  string `json:"tlsKeyData"`
+}

client/argocdServer/certificate/Certificate.go

@@ -0,0 +1,76 @@
+package certificate
+
+import (
+	"context"
+	"errors"
+	"github.com/argoproj/argo-cd/v2/pkg/apiclient/certificate"
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/devtron-labs/devtron/client/argocdServer/connection"
+	"github.com/devtron-labs/devtron/util/argo"
+	"go.uber.org/zap"
+	"google.golang.org/grpc"
+	"time"
+)
+
+type Client interface {
+	ListCertificates(ctx context.Context, query *certificate.RepositoryCertificateQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryCertificateList, error)
+	CreateCertificate(ctx context.Context, query *certificate.RepositoryCertificateCreateRequest) (*v1alpha1.RepositoryCertificateList, error)
+	DeleteCertificate(ctx context.Context, query *certificate.RepositoryCertificateQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryCertificateList, error)
+}
+
+type ServiceClientImpl struct {
+	logger                  *zap.SugaredLogger
+	argoCDConnectionManager connection.ArgoCDConnectionManager
+	argoUserService         argo.ArgoUserService
+}
+
+func NewServiceClientImpl(
+	logger *zap.SugaredLogger,
+	argoCDConnectionManager connection.ArgoCDConnectionManager,
+	argoUserService argo.ArgoUserService) *ServiceClientImpl {
+	return &ServiceClientImpl{
+		logger:                  logger,
+		argoCDConnectionManager: argoCDConnectionManager,
+		argoUserService:         argoUserService,
+	}
+}
+
+func (c *ServiceClientImpl) getService(ctx context.Context) (certificate.CertificateServiceClient, error) {
+	token, ok := ctx.Value("token").(string)
+	if !ok {
+		return nil, errors.New("Unauthorized")
+	}
+	conn := c.argoCDConnectionManager.GetConnection(token)
+	//defer conn.Close()
+	return certificate.NewCertificateServiceClient(conn), nil
+}
+
+func (c *ServiceClientImpl) ListCertificates(ctx context.Context, query *certificate.RepositoryCertificateQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryCertificateList, error) {
+	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	client, err := c.getService(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client.ListCertificates(ctx, query)
+}
+
+func (c *ServiceClientImpl) CreateCertificate(ctx context.Context, query *certificate.RepositoryCertificateCreateRequest) (*v1alpha1.RepositoryCertificateList, error) {
+	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	client, err := c.getService(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client.CreateCertificate(ctx, query)
+}
+
+func (c *ServiceClientImpl) DeleteCertificate(ctx context.Context, query *certificate.RepositoryCertificateQuery, opts ...grpc.CallOption) (*v1alpha1.RepositoryCertificateList, error) {
+	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	client, err := c.getService(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client.DeleteCertificate(ctx, query, opts...)
+}

client/argocdServer/repocreds/repocreds.go

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2020-2024. Devtron Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package repository
+
+import (
+	"context"
+	"errors"
+	repocreds "github.com/argoproj/argo-cd/v2/pkg/apiclient/repocreds"
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	argoApplication "github.com/devtron-labs/devtron/client/argocdServer/bean"
+	"github.com/devtron-labs/devtron/client/argocdServer/connection"
+	"go.uber.org/zap"
+)
+
+type ServiceClient interface {
+	CreateRepoCreds(ctx context.Context, query *repocreds.RepoCredsCreateRequest) (*v1alpha1.RepoCreds, error)
+}
+
+type ServiceClientImpl struct {
+	logger                  *zap.SugaredLogger
+	argoCDConnectionManager connection.ArgoCDConnectionManager
+}
+
+func NewServiceClientImpl(logger *zap.SugaredLogger, argoCDConnectionManager connection.ArgoCDConnectionManager) *ServiceClientImpl {
+	return &ServiceClientImpl{
+		logger:                  logger,
+		argoCDConnectionManager: argoCDConnectionManager,
+	}
+}
+
+func (r ServiceClientImpl) getService(ctx context.Context) (repocreds.RepoCredsServiceClient, error) {
+	token, ok := ctx.Value("token").(string)
+	if !ok {
+		return nil, errors.New("Unauthorized")
+	}
+	conn := r.argoCDConnectionManager.GetConnection(token)
+	//defer conn.Close()
+	return repocreds.NewRepoCredsServiceClient(conn), nil
+}
+
+func (r ServiceClientImpl) CreateRepoCreds(ctx context.Context, query *repocreds.RepoCredsCreateRequest) (*v1alpha1.RepoCreds, error) {
+	ctx, cancel := context.WithTimeout(ctx, argoApplication.TimeoutSlow)
+	defer cancel()
+	client, err := r.getService(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return client.CreateRepositoryCredentials(ctx, query)
+}

client/argocdServer/repository/Repository.go

@@ -36,7 +36,7 @@ type ServiceClient interface {
 	GetAppDetails(ctx context.Context, query *repository2.RepoAppDetailsQuery) (*apiclient.RepoAppDetailsResponse, error)
 	// Create creates a repo
 	Create(ctx context.Context, query *repository2.RepoCreateRequest) (*v1alpha1.Repository, error)
-	// Update updates a repo
+	// Create creates a repo
 	Update(ctx context.Context, query *repository2.RepoUpdateRequest) (*v1alpha1.Repository, error)
 	// Delete deletes a repo
 	Delete(ctx context.Context, query *repository2.RepoQuery) (*repository2.RepoResponse, error)

client/gitSensor/GitSensorGrpcClient.go

@@ -114,15 +114,19 @@ func (client *GrpcApiClientImpl) SaveGitProvider(ctx context.Context, provider *
 	}
 	// map req
 	req := &pb.GitProvider{
-		Id:            int64(provider.Id),
-		Name:          provider.Name,
-		Url:           provider.Url,
-		UserName:      provider.UserName,
-		Password:      provider.Password,
-		AccessToken:   provider.AccessToken,
-		SshPrivateKey: provider.SshPrivateKey,
-		AuthMode:      string(provider.AuthMode),
-		Active:        provider.Active,
+		Id:                    int64(provider.Id),
+		Name:                  provider.Name,
+		Url:                   provider.Url,
+		UserName:              provider.UserName,
+		Password:              provider.Password,
+		SshPrivateKey:         provider.SshPrivateKey,
+		AccessToken:           provider.AccessToken,
+		AuthMode:              string(provider.AuthMode),
+		Active:                provider.Active,
+		TlsCert:               provider.TlsCert,
+		TlsKey:                provider.TlsKey,
+		CaCert:                provider.CaCert,
+		EnableTLSVerification: provider.EnableTlsVerification,
 	}
 
 	// fetch

client/gitSensor/GitSensorRestClient.go

@@ -90,15 +90,19 @@ type GitMaterial struct {
 	CloningMode      string
 }
 type GitProvider struct {
-	Id            int
-	Name          string
-	Url           string
-	UserName      string
-	Password      string
-	SshPrivateKey string
-	AccessToken   string
-	Active        bool
-	AuthMode      repository.AuthMode
+	Id                    int
+	Name                  string
+	Url                   string
+	UserName              string
+	Password              string
+	SshPrivateKey         string
+	AccessToken           string
+	Active                bool
+	AuthMode              repository.AuthMode
+	EnableTlsVerification bool
+	CaCert                string
+	TlsCert               string
+	TlsKey                string
 }
 
 type GitCommit struct {

go.mod

@@ -22,9 +22,9 @@ require (
 	github.com/davecgh/go-spew v1.1.1
 	github.com/deckarep/golang-set v1.8.0
 	github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1
-	github.com/devtron-labs/common-lib v0.0.25-0.20240726165557-8dad78ef6731
+	github.com/devtron-labs/common-lib v0.0.25-0.20240802103040-a6b975ffa69e
 	github.com/devtron-labs/go-bitbucket v0.9.60-beta
-	github.com/devtron-labs/protos v0.0.3-0.20240726064057-dd2990c91e41
+	github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80
 	github.com/evanphx/json-patch v5.7.0+incompatible
 	github.com/gammazero/workerpool v1.1.3
 	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32

go.sum

@@ -197,12 +197,12 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1 h1:qdkpTAo2Kr0ZicZIVXfNwsGSshpc9OB9j9RzmKYdIwY=
 github.com/devtron-labs/authenticator v0.4.35-0.20240607135426-c86e868ecee1/go.mod h1:IkKPPEfgLCMR29he5yv2OCC6iM2R7K5/0AA3k8b9XNc=
-github.com/devtron-labs/common-lib v0.0.25-0.20240726165557-8dad78ef6731 h1:BF6RTdwkT0qVqLvvJHZ6CaRV94GxlOj+n6JkEExEKyo=
-github.com/devtron-labs/common-lib v0.0.25-0.20240726165557-8dad78ef6731/go.mod h1:UZGPt1ep9Tnd9Ak2sibGSiLr7p3ijO2/JLT+h+pqBuU=
+github.com/devtron-labs/common-lib v0.0.25-0.20240802103040-a6b975ffa69e h1:oC1KJ4jeIebSRWtBarETQPmSVhbK06EWAE49g9VukEY=
+github.com/devtron-labs/common-lib v0.0.25-0.20240802103040-a6b975ffa69e/go.mod h1:3GN9TABx4D+hVuF69vGYUUx+H8/WelcKw0lUt8aELok=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta/go.mod h1:GnuiCesvh8xyHeMCb+twm8lBR/kQzJYSKL28ZfObp1Y=
-github.com/devtron-labs/protos v0.0.3-0.20240726064057-dd2990c91e41 h1:tIoWy1PDAC6enSBohRt0qroiRXq+bR7qlqk73JlQ9R4=
-github.com/devtron-labs/protos v0.0.3-0.20240726064057-dd2990c91e41/go.mod h1:ypUknVph8Ph4dxSlrFoouf7wLedQxHku2LQwgRrdgS4=
+github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80 h1:xwbTeijNTf4/j1v+tSfwVqwLVnReas/NqEKeQHvSTys=
+github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80/go.mod h1:ypUknVph8Ph4dxSlrFoouf7wLedQxHku2LQwgRrdgS4=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=

internal/constants/InternalErrorCode.go

@@ -65,6 +65,7 @@ const (
 	DockerRegDeleteFailedInDb            string = "3009"
 	DockerRegDeleteFailedInGocd          string = "3010"
 	GitProviderUpdateFailedInSync        string = "3011"
+	GitProviderUpdateRequestIsInvalid    string = "3012"
 	// For conflicts use 900 series
 	GitOpsConfigValidationConflict string = "3900"
 

internal/sql/repository/GitOpsConfigRepository.go

@@ -54,6 +54,10 @@ type GitOpsConfig struct {
 	BitBucketWorkspaceId  string   `sql:"bitbucket_workspace_id"`
 	BitBucketProjectKey   string   `sql:"bitbucket_project_key"`
 	EmailId               string   `sql:"email_id"`
+	EnableTLSVerification bool     `sql:"enable_tls_verification"`
+	TlsCert               string   `sql:"tls_cert"`
+	TlsKey                string   `sql:"tls_key"`
+	CaCert                string   `sql:"ca_cert"`
 	sql.AuditLog
 }
 

internal/sql/repository/GitProviderRepository.go

@@ -31,18 +31,22 @@ const (
 )
 
 type GitProvider struct {
-	tableName     struct{} `sql:"git_provider" pg:",discard_unknown_columns"`
-	Id            int      `sql:"id,pk"`
-	Name          string   `sql:"name,notnull"`
-	Url           string   `sql:"url,notnull"`
-	UserName      string   `sql:"user_name"`
-	Password      string   `sql:"password"`
-	SshPrivateKey string   `sql:"ssh_private_key"`
-	AccessToken   string   `sql:"access_token"`
-	AuthMode      AuthMode `sql:"auth_mode,notnull"`
-	Active        bool     `sql:"active,notnull"`
-	Deleted       bool     `sql:"deleted,notnull"`
-	GitHostId     int      `sql:"git_host_id"` //id stored in db git_host( foreign key)
+	tableName             struct{} `sql:"git_provider" pg:",discard_unknown_columns"`
+	Id                    int      `sql:"id,pk"`
+	Name                  string   `sql:"name,notnull"`
+	Url                   string   `sql:"url,notnull"`
+	UserName              string   `sql:"user_name"`
+	Password              string   `sql:"password"`
+	SshPrivateKey         string   `sql:"ssh_private_key"`
+	AccessToken           string   `sql:"access_token"`
+	AuthMode              AuthMode `sql:"auth_mode,notnull"`
+	Active                bool     `sql:"active,notnull"`
+	Deleted               bool     `sql:"deleted,notnull"`
+	GitHostId             int      `sql:"git_host_id"` //id stored in db git_host( foreign key)
+	TlsCert               string   `sql:"tls_cert"`
+	TlsKey                string   `sql:"tls_key"`
+	CaCert                string   `sql:"ca_cert"`
+	EnableTLSVerification bool     `sql:"enable_tls_verification"`
 	sql.AuditLog
 }