Repository: oboukili/terraform-provider-argocd Branch: main Commit: 28b0e2242ac6 Files: 168 Total size: 2.6 MB Directory structure: gitextract_3leo_80w/ ├── .devcontainer.json ├── .github/ │ ├── CODEOWNERS │ ├── ISSUE_TEMPLATE/ │ │ ├── bug-report.md │ │ ├── config.yml │ │ ├── feature-request.md │ │ └── question.md │ ├── PULL_REQUEST_TEMPLATE.MD │ ├── renovate.json │ └── workflows/ │ ├── codeql-analysis.yml │ ├── release.yml │ ├── stale.yml │ └── tests.yml ├── .gitignore ├── .golangci.yml ├── .goreleaser.yml ├── .run/ │ └── Template Go Test.run.xml ├── .vscode/ │ └── launch.json ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── GNUmakefile ├── LICENSE ├── README.md ├── RELEASE.md ├── SECURITY.md ├── argocd/ │ ├── model_provider.go │ ├── provider.go │ ├── provider_test.go │ ├── resource_argocd_account_token.go │ ├── resource_argocd_account_token_test.go │ ├── resource_argocd_application.go │ ├── resource_argocd_application_set.go │ ├── resource_argocd_application_set_test.go │ ├── resource_argocd_application_test.go │ ├── resource_argocd_cluster.go │ ├── resource_argocd_cluster_test.go │ ├── schema_application.go │ ├── schema_application_set.go │ ├── schema_application_test.go │ ├── schema_cluster.go │ ├── schema_label_selector.go │ ├── schema_metadata.go │ ├── server_interface.go │ ├── server_interface_test.go │ ├── structure_application.go │ ├── structure_application_set.go │ ├── structure_cluster.go │ ├── structure_label_selector.go │ ├── structure_metadata.go │ ├── structure_metadata_test.go │ ├── structures.go │ ├── utils.go │ ├── utils_test.go │ ├── validators.go │ └── validators_test.go ├── docs/ │ ├── data-sources/ │ │ └── application.md │ ├── index.md │ └── resources/ │ ├── account_token.md │ ├── application.md │ ├── application_set.md │ ├── cluster.md │ ├── gpg_key.md │ ├── project.md │ ├── project_token.md │ ├── repository.md │ ├── repository_certificate.md │ └── repository_credentials.md ├── examples/ │ ├── data-sources/ │ │ └── argocd_application/ │ │ └── data-source.tf │ ├── provider/ │ │ └── provider.tf │ └── resources/ │ ├── argocd_account_token/ │ │ └── resource.tf │ ├── argocd_application/ │ │ ├── import.sh │ │ └── resource.tf │ ├── argocd_application_set/ │ │ └── resource.tf │ ├── argocd_cluster/ │ │ ├── import.sh │ │ └── resource.tf │ ├── argocd_gpg_key/ │ │ ├── import.sh │ │ └── resource.tf │ ├── argocd_project/ │ │ ├── import.sh │ │ └── resource.tf │ ├── argocd_project_token/ │ │ └── resource.tf │ ├── argocd_repository/ │ │ ├── import.sh │ │ └── resource.tf │ ├── argocd_repository_certificate/ │ │ └── resource.tf │ └── argocd_repository_credentials/ │ ├── import.sh │ └── resource.tf ├── go.mod ├── go.sum ├── internal/ │ ├── diagnostics/ │ │ └── diagnostics.go │ ├── features/ │ │ └── features.go │ ├── provider/ │ │ ├── data_source_application.go │ │ ├── data_source_application_test.go │ │ ├── model_application.go │ │ ├── model_gpg_key.go │ │ ├── model_metadata.go │ │ ├── model_project.go │ │ ├── model_project_token.go │ │ ├── model_provider.go │ │ ├── model_repository.go │ │ ├── model_repository_certificate.go │ │ ├── model_repository_credentials.go │ │ ├── planmodifiers.go │ │ ├── provider.go │ │ ├── provider_test.go │ │ ├── resource_gpg_key.go │ │ ├── resource_gpg_key_test.go │ │ ├── resource_project.go │ │ ├── resource_project_test.go │ │ ├── resource_project_token.go │ │ ├── resource_project_token_test.go │ │ ├── resource_repository.go │ │ ├── resource_repository_certificate.go │ │ ├── resource_repository_certificate_test.go │ │ ├── resource_repository_credentials.go │ │ ├── resource_repository_credentials_test.go │ │ ├── resource_repository_test.go │ │ ├── server_interface.go │ │ └── server_interface_test.go │ ├── sync/ │ │ └── mutex.go │ ├── testhelpers/ │ │ ├── suite.go │ │ └── testcontainers.go │ ├── types/ │ │ └── pgp_public_key.go │ ├── utils/ │ │ └── utils.go │ └── validators/ │ ├── duration.go │ ├── enable_oci.go │ ├── is_dns_subdomain.go │ ├── metadata_annotations.go │ ├── metadata_annotations_test.go │ ├── metadata_labels.go │ ├── metadata_labels_test.go │ ├── positive_integer.go │ ├── project_validators.go │ ├── repository_certificate.go │ └── ssh_private_key.go ├── kind-config.yml ├── main.go ├── manifests/ │ ├── install/ │ │ ├── cluster-rbac.yml │ │ ├── git-private-repository.yml │ │ ├── kustomization.yml │ │ ├── namespace.yml │ │ ├── proxy-service.yml │ │ └── ssh-identity.key │ ├── local-dev/ │ │ ├── .gitignore │ │ ├── account-token.tf │ │ ├── application-set.tf │ │ ├── application.tf │ │ ├── cluster.tf │ │ ├── data.tf │ │ ├── gpg-key.tf │ │ ├── outputs.tf │ │ ├── project-token.tf │ │ ├── project.tf │ │ ├── repository-credentials.tf │ │ ├── repository.tf │ │ └── versions.tf │ ├── overlays/ │ │ ├── v3.1.12/ │ │ │ └── kustomization.yml │ │ ├── v3.2.6/ │ │ │ └── kustomization.yml │ │ └── v3.3.0/ │ │ └── kustomization.yml │ ├── patches/ │ │ ├── argocd-cm.yml │ │ ├── argocd-cmd-params-cm.yml │ │ ├── kustomization.yaml │ │ └── secret.yml │ └── testdata/ │ ├── custom_namespace.yml │ └── token_resource.yml ├── scripts/ │ └── update-kubernetes-version.sh ├── templates/ │ └── index.md.tmpl ├── terraform-registry-manifest.json └── tools/ ├── go.mod ├── go.sum └── tools.go ================================================ FILE CONTENTS ================================================ ================================================ FILE: .devcontainer.json ================================================ { "name": "terraform-provider-argocd", // officiall MS template from https://github.com/devcontainers/templates/tree/main/src/go "image": "mcr.microsoft.com/devcontainers/go:2.1-bookworm", "features": { // https://github.com/devcontainers/features/tree/main/src/docker-in-docker "ghcr.io/devcontainers/features/docker-in-docker:2": { "enableNonRootDocker": "false", "disableIp6tables": true // experienced issues with missing chains in ip6tables when creating kind clusters }, // https://github.com/devcontainers/features/tree/main/src/terraform "ghcr.io/devcontainers/features/terraform:1": {}, // https://github.com/mpriscella/features/tree/main/src/kind "ghcr.io/mpriscella/features/kind:1": {}, // https://github.com/devcontainers/features/tree/main/src/kubectl-helm-minikube "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {}, // https://github.com/rio/features/tree/main/src/kustomize "ghcr.io/rio/features/kustomize:1": {} }, "forwardPorts": [ 8080 // the "hard-coded" port for forwarded argo-cd" ] } ================================================ FILE: .github/CODEOWNERS ================================================ * @oboukili @onematchfox @blakepettersson @the-technat @mkilchhofer ================================================ FILE: .github/ISSUE_TEMPLATE/bug-report.md ================================================ --- name: "\U0001F41B Bug Report" about: "If something isn't working as expected \U0001F914." title: '' labels: bug type: bug --- ### Terraform Version, ArgoCD Provider Version and ArgoCD Version ``` Terraform version: ArgoCD provider version: ArgoCD version: ``` ### Affected Resource(s) ### Terraform Configuration Files ```hcl # Copy-paste your Terraform configurations here - for large Terraform configs, # please use an online file storage service and share a link to the ZIP file. For # security, you can also encrypt the files using our GPG public release key. ``` ### Debug Output ### Panic Output ### Steps to Reproduce ### Expected Behavior ### Actual Behavior ### Important Factoids ### References ### Community Note * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request * If you are interested in working on this issue or have submitted a pull request, please leave a comment ================================================ FILE: .github/ISSUE_TEMPLATE/config.yml ================================================ blank_issues_enabled: false contact_links: - name: Provider Slack Channel url: https://cloud-native.slack.com/archives/C07PQF40SF8 about: Slack Channel to discuss on the CNCF Workspace ================================================ FILE: .github/ISSUE_TEMPLATE/feature-request.md ================================================ --- name: "\U0001F680 Feature Request" about: "I have a suggestion (and might want to implement myself \U0001F642)!" title: '' labels: enhancement type: feature --- ### Description ### Potential Terraform Configuration ```hcl # Copy-paste a potential Terraform configuration here - for large Terraform configs, # please use an online file storage service and share a link to the ZIP file. For # security, you can also encrypt the files using our GPG public release key. ``` ### References ### Community Note * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request * If you are interested in working on this issue or have submitted a pull request, please leave a comment ================================================ FILE: .github/ISSUE_TEMPLATE/question.md ================================================ --- name: "\U0001F914 Question" about: "If you need help figuring something out" title: '' labels: question --- ### Terraform Version, ArgoCD Provider Version and ArgoCD Version ``` Terraform version: ArgoCD provider version: ArgoCD version: ``` ## Terraform configuration ```hcl # Enter your configuration here. ``` ## Question ================================================ FILE: .github/PULL_REQUEST_TEMPLATE.MD ================================================ **What type of PR is this?** [//]: # (Uncomment only one line, and delete the rest.) [//]: # (For example, would simply become: /kind bug ) **What does this PR do / why we need it**: **Have you updated the necessary documentation?** * [ ] Documentation update is required by this PR. * [ ] Documentation has been updated. **Which issue(s) this PR fixes**: Fixes #? **How to test changes / Special notes to the reviewer**: ================================================ FILE: .github/renovate.json ================================================ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:recommended", "schedule:weekly" ], "ignoreDeps": [ "k8s.io/api", "k8s.io/apiextensions-apiserver", "k8s.io/apimachinery", "k8s.io/apiserver", "k8s.io/cli-runtime", "k8s.io/client-go", "k8s.io/cloud-provider", "k8s.io/cluster-bootstrap", "k8s.io/code-generator", "k8s.io/component-base", "k8s.io/component-helpers", "k8s.io/controller-manager", "k8s.io/cri-api", "k8s.io/cri-client", "k8s.io/csi-translation-lib", "k8s.io/dynamic-resource-allocation", "k8s.io/endpointslice", "k8s.io/externaljwt", "k8s.io/kms", "k8s.io/kube-aggregator", "k8s.io/kube-controller-manager", "k8s.io/kube-proxy", "k8s.io/kube-scheduler", "k8s.io/kubectl", "k8s.io/kubelet", "k8s.io/legacy-cloud-providers", "k8s.io/metrics", "k8s.io/mount-utils", "k8s.io/pod-security-admission", "k8s.io/sample-apiserver", "k8s.io/sample-cli-plugin", "k8s.io/sample-controller" ], "postUpdateOptions": [ "gomodTidy" ], "labels": [ "dependencies" ], "packageRules": [ { "matchPackageNames": [ "/terraform-plugin-framework/", "/terraform-plugin-mux/", "/terraform-plugin-go/", "/terraform-plugin-testing/", "/terraform-plugin-sdk/" ], "groupName": "terraform-plugin-framework" }, { "matchPackageNames": [ "/go/" ], "addLabels": [ "go" ] }, { "matchDepTypes": [ "/github/" ], "addLabels": [ "github_actions" ] } ], "customManagers": [ { "customType": "regex", "managerFilePatterns": [ "/(^|\\/).*\\.ya?ml$/" ], "matchStrings": [ "# renovate: datasource=(?.*?) depName=(?.*?)\\s+.+[vV]ersion: (?.*)" ] } ] } ================================================ FILE: .github/workflows/codeql-analysis.yml ================================================ name: "CodeQL" on: push: branches: ["main"] pull_request: branches: ["main"] schedule: - cron: "15 0 * * 5" jobs: analyze: name: Analyze (${{ matrix.language }}) runs-on: ubuntu-24.04 permissions: security-events: write packages: read actions: read contents: read strategy: fail-fast: false matrix: include: - language: actions build-mode: none - language: go build-mode: manual steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go if: matrix.language == 'go' uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: "go.mod" cache: true - name: Initialize CodeQL uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} queries: security-extended,security-and-quality - name: Build provider if: matrix.language == 'go' run: make build - name: Build tests if: matrix.language == 'go' run: TF_ACC=1 go test -c ./... - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: category: "/language:${{matrix.language}}" ================================================ FILE: .github/workflows/release.yml ================================================ --- name: Release on: push: tags: ['v*'] # Releases need permissions to read and write the repository contents. # GitHub considers creating releases and uploading assets as writing contents. permissions: contents: write jobs: goreleaser: runs-on: ubuntu-24.04 steps: - name: Free up disk space run: | # Remove Java (JDKs) sudo rm -rf /usr/lib/jvm # Remove .NET SDKs sudo rm -rf /usr/share/dotnet # Remove Swift toolchain sudo rm -rf /usr/share/swift # Remove Haskell (GHC) sudo rm -rf /usr/local/.ghcup # Remove Julia sudo rm -rf /usr/local/julia* # Remove Android SDKs sudo rm -rf /usr/local/lib/android # Remove Chromium (optional if not using for browser tests) sudo rm -rf /usr/local/share/chromium # Remove Microsoft/Edge and Google Chrome builds sudo rm -rf /opt/microsoft /opt/google # Remove Azure CLI sudo rm -rf /opt/az # Remove PowerShell sudo rm -rf /usr/local/share/powershell docker system prune -af || true docker builder prune -af || true df -h - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' cache: true - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} - name: Run GoReleaser uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 with: args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} ================================================ FILE: .github/workflows/stale.yml ================================================ ## Reference: https://github.com/actions/stale name: 'Close stale Issues/PRs' on: schedule: - cron: '30 12 * * *' permissions: contents: read jobs: stale: permissions: issues: write # for actions/stale to close stale issues pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-24.04 steps: - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 90 days-before-close: 20 # Issue settings stale-issue-message: > This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. exempt-issue-labels: "on-hold,pinned,good first issue,help wanted" # PR Settings stale-pr-message: > This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. exempt-pr-labels: "on-hold,pinned" ================================================ FILE: .github/workflows/tests.yml ================================================ --- name: Tests on: push: branches: [main] paths-ignore: - 'README.md' pull_request: branches: [main] paths-ignore: - 'README.md' permissions: contents: read jobs: build: name: Build runs-on: ubuntu-24.04 timeout-minutes: 10 steps: - name: Check out code into the Go module directory uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' cache: true - name: Build provider run: make build - name: Run linters uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 with: # renovate: datasource=github-tags depName=golangci/golangci-lint version: v2.11.4 generate: name: Generate runs-on: ubuntu-24.04 steps: - name: Check out code into the Go module directory uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' cache: true # We need the latest version of Terraform for our documentation generation to use - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 name: Setup Terraform with: terraform_wrapper: false - name: Generate run: make generate - name: Confirm no diff run: | git diff --compact-summary --exit-code || \ (echo; echo "Unexpected difference in directories after code generation. Run 'make generate' command and commit."; exit 1) acceptance_tests: name: Acceptance Tests needs: - build - generate runs-on: ubuntu-24.04 timeout-minutes: 20 strategy: fail-fast: false matrix: argocd_version: ['v3.1.12', 'v3.2.6', 'v3.3.0'] terraform_version: ['1.13.*'] steps: - name: Check out code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' check-latest: true cache: true - name: Setup Terraform ${{ matrix.terraform_version }} uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: ${{ matrix.terraform_version }} terraform_wrapper: false - name: Install Kustomize run: | curl -sL "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash chmod +x ./kustomize - name: Install Kind 0.24.0 run: | curl -sLo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-$(uname)-amd64 chmod +x ./kind - name: Set up ArgoCD ${{ matrix.argocd_version }} env: ARGOCD_VERSION: ${{ matrix.argocd_version }} run: | make testacc_prepare_env until $(nc -z 127.0.0.1 8080); do sleep 2;done netstat -tulpn - name: Download go deps for tests run: go mod download - name: Run acceptance tests env: ARGOCD_VERSION: ${{ matrix.argocd_version }} USE_TESTCONTAINERS: false run: make testacc # This job aggregates test results. It's the required check for branch protection. # https://github.com/marketplace/actions/alls-green#why # https://github.com/orgs/community/discussions/33579 success: name: Acceptance Tests successful if: always() needs: - acceptance_tests runs-on: ubuntu-24.04 steps: - name: Decide whether the needed jobs succeeded or failed uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2 with: jobs: ${{ toJSON(needs) }} ================================================ FILE: .gitignore ================================================ terraform-provider-argocd /manifests/install/argocd.yml /bin .idea # Env variables settings /scripts/testacc /scripts/testacc_prepare_env # debug build __debug_bin* # local reproduction folders reproduce/ ================================================ FILE: .golangci.yml ================================================ version: "2" linters: default: none enable: - asasalint - asciicheck - containedctx - contextcheck - copyloopvar - depguard - dogsled - durationcheck - errcheck - errname - errorlint - goconst - gocritic - govet - ineffassign - makezero - misspell - mnd - nakedret - nilerr - nolintlint - paralleltest - predeclared - staticcheck - tparallel - unconvert - unparam - unused - usetesting - whitespace settings: depguard: rules: main: deny: - pkg: github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest desc: "Use github.com/hashicorp/terraform-plugin-testing/helper/acctest instead" - pkg: github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource desc: "Use github.com/hashicorp/terraform-plugin-testing/helper/resource instead" - pkg: github.com/hashicorp/terraform-plugin-sdk/v2/terraform desc: "Use github.com/hashicorp/terraform-plugin-testing/terraform instead" dogsled: max-blank-identifiers: 3 errcheck: exclude-functions: - github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema:ForceNew|Set - fmt:.* - io:Close errorlint: errorf: false goconst: min-occurrences: 6 gocritic: enabled-tags: - diagnostic disabled-tags: - style - performance - experimental - opinionated mnd: checks: - argument ignored-functions: - resource.Retry - schema.DefaultTimeout - validation.* - int64validator.* - listvalidator.* - stringvalidator.* - SetDefaultCreateTimeout - SetDefaultReadTimeout - SetDefaultUpdateTimeout - SetDefaultDeleteTimeout - make - strconv.FormatFloat - strconv.FormatInt - strconv.ParseFloat - strconv.ParseInt - strings.SplitN nolintlint: require-explanation: true require-specific: true allow-no-explanation: - gomnd - paralleltest - tparallel - unparam allow-unused: false predeclared: ignore: - cap - close - copy - delete - len - new staticcheck: checks: - -SA1019 - -ST1005 - all exclusions: generated: lax presets: - comments - common-false-positives - legacy - std-error-handling rules: - linters: - paralleltest text: Function TestAcc - linters: - tparallel text: TestAcc - linters: - unparam text: always receives - linters: - contextcheck path: _test\.go - linters: - goconst path: (.+)_test\.go - linters: - staticcheck text: "ST1003:" - linters: - staticcheck text: "SA1019:" path: internal/types/pgp_public_key.go paths: - third_party$ - builtin$ - examples$ issues: max-same-issues: 0 formatters: enable: - gofmt exclusions: generated: lax paths: - third_party$ - builtin$ - examples$ ================================================ FILE: .goreleaser.yml ================================================ --- version: 2 builds: - env: - CGO_ENABLED=0 mod_timestamp: "{{ .CommitTimestamp }}" flags: - -trimpath ldflags: - "-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}" targets: - darwin_arm64 - darwin_amd64 - linux_amd64 - linux_arm - linux_arm64 - windows_amd64 - windows_arm - windows_386 - freebsd_amd64 - freebsd_arm binary: "{{ .ProjectName }}_v{{ .Version }}" archives: - formats: ["zip"] name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" checksum: name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS" algorithm: sha256 signs: - artifacts: checksum args: - "--batch" - "--local-user" - "{{ .Env.GPG_FINGERPRINT }}" - "--output" - "${signature}" - "--detach-sign" - "${artifact}" release: draft: false disable: false github: owner: argoproj-labs name: terraform-provider-argocd changelog: use: github-native ================================================ FILE: .run/Template Go Test.run.xml ================================================ ================================================ FILE: .vscode/launch.json ================================================ { "version": "0.2.0", "configurations": [ { "name": "Debug Terraform Provider", "type": "go", "request": "launch", "mode": "debug", "outputMode": "remote", "program": "${workspaceFolder}", "env": {}, "args": [ "-debug" ] }, { "name": "Debug Selected Test", "request": "launch", "type": "go", "args": [ "-test.v", "-test.run", "^${selectedText}$" ], "mode": "auto", "program": "${fileDirname}", "env": { "PKG_NAME": "${relativeFileDirname}", "TF_ACC": "1", "TF_LOG": "info", "ARGOCD_INSECURE": "true", "ARGOCD_SERVER": "127.0.0.1:8080", "ARGOCD_AUTH_USERNAME": "admin", "ARGOCD_AUTH_PASSWORD": "acceptancetesting" }, "showLog": true } ] } ================================================ FILE: CODE_OF_CONDUCT.md ================================================ # Code of conduct While this provider is not a [Cloud Native Computing Foundation](https://www.cncf.io/) (CNCF) project, it supports, endorses, and echoes the code of conduct presented by the CNCF. The CNCF code of conduct can be found [here](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). Full credit goes to the CNCF project for establishing the linked code of conduct principles. Instances of behaviors that are not aligned with the values proposed by CNCF can be reported to the repository admins via Github's reporting feature. See [Reporting Abuse or Spam](https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) for details how to do so. ================================================ FILE: CONTRIBUTING.md ================================================ # Contributing Contributions are welcome! [![Contributors](https://img.shields.io/github/contributors/argoproj-labs/terraform-provider-argocd)](https://github.com/argoproj-labs/terraform-provider-argocd) [![Last commit](https://img.shields.io/github/last-commit/argoproj-labs/terraform-provider-argocd)](https://github.com/argoproj-labs/terraform-provider-argocd) [![Stars](https://img.shields.io/github/stars/argoproj-labs/terraform-provider-argocd)](https://github.com/argoproj-labs/hera/terraofrm-provider-argocd) ## New Contributor Guide If you are a new contributor this section aims to show you everything you need to get started. We especially welcome contributions to issues that are labeled with ["good-first-issue"](https://github.com/argoproj-labs/terraform-provider-argocd/issues?q=is%3Aopen%20is%3Aissue%20label%3A%22good%20first%20issue%22) or ["help-wanted"](https://github.com/argoproj-labs/terraform-provider-argocd/issues?q=is%3Aopen%20is%3Aissue%20label%3A%22help%20wanted%22). We also encourage contributions in the form of: - bug/crash reports - Answering questions on [Slack](https://cloud-native.slack.com/archives/C07PQF40SF8) - Posting your use-case for the provider on [Slack](https://cloud-native.slack.com/archives/C07PQF40SF8) / Blog Post ### Setting up To contribute to this Provider you need the following tools installed locally: * [Go](https://go.dev/doc/install) (1.25) * [GNU Make](https://www.gnu.org/software/make/) * [Kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) * [Container runtime](https://java.testcontainers.org/supported_docker_environment/) * [Kind](https://kind.sigs.k8s.io) (optional) * [golangci-lint](https://golangci-lint.run/usage/install/#local-installation) (optional) #### Codespaces If you don't want to install tools locally you can use Github Codespaces to contribute to this project. We have a pre-configured codespace that should have all tools installed already: [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new/argoproj-labs/terraform-provider-argocd) ## Contributing checklist Please keep in mind the following guidelines and practices when contributing to the Provider: 1. Your commit must be signed (`git commit --signoff`). We use the [DCO application](https://github.com/apps/dco) that enforces the Developer Certificate of Origin (DCO) on commits. 1. Use `make fmt` to format the repository code. 1. Use `make lint` to lint the project. 1. Use `make generate` to generate documentation on schema changes 1. Add unit tests for any new code you write. 1. Add an example, or extend an existing example in the [examples](./examples), with any new features you may add. Use `make generate` to add examples to the docs ## Building 1. `git clone` this repository and `cd` into its directory 2. `make build` will trigger the Golang build and place it's binary in `/bin/terraform-provider-argocd` The provided `GNUmakefile` defines additional commands generally useful during development, like for running tests, generating documentation, code formatting and linting. Taking a look at its content is recommended. ## Testing The acceptance tests run against a disposable ArgoCD installation within a containerized-K3s cluster. We are using [testcontainers](https://testcontainers.com) for this. If you have a [supported container runtime](https://java.testcontainers.org/supported_docker_environment/) installed you can simply run the tests using: ```sh make testacc # to run all the Terraform tests make test # to only run helper unit tests (minority of the testcases) ``` ## Documentation This provider uses [terraform-plugin-docs](https://github.com/hashicorp/terraform-plugin-docs/) to generate documentation and store it in the `docs/` directory. Once a release is cut, the Terraform Registry will download the documentation from `docs/` and associate it with the release version. Read more about how this works on the [official page](https://www.terraform.io/registry/providers/docs). Use `make generate` to ensure the documentation is regenerated with any changes. ## Debugging We have some pre-made config to debug and run the provider using VSCode. If you are using another IDE take a look at [Hashicorp's Debug docs](https://developer.hashicorp.com/terraform/plugin/debugging#starting-a-provider-in-debug-mode) for instructions or adapt [.vscode/launch.json](.vscode/launch.json) for your IDE ### Running the Terraform provider in debug mode (VSCode-specific) To use the preconfigured debug config in VS Code open the Debug tab and select the profile "Debug Terraform Provider". Set some breakpoints and then run this task. Head to the debug console and copy the line where it says `TF_REATTACH_PROVIDERS` to the clipboard. Open a terminal session and export the `TF_REATTACH_PROVIDERS` variable in this session. Every Terraform CLI command in this terminal session will then ensure it's using the provider already running inside VS Code and attach to it. Example of such a command: ```console export TF_REATTACH_PROVIDERS='{"registry.terraform.io/argoproj-labs/argocd":{"Protocol":"grpc","ProtocolVersion":6,"Pid":2065,"Test":true,"Addr":{"Network":"unix","String":"/var/folders/rj/_02y2jmn3k1bxx45wlzt2dkc0000gn/T/plugin193859953"}}}' terraform apply -auto-approve # will use the provider running in debug-mode ``` **Note**: if the provider crashes or you restart the debug-session you have to re-export this variable to your terminal for the Terraform CLI to find the already running provider! ### Running acceptance tests in debug mode (VSCode-specific) Open a test file, **hover** over a test function's name and then in the Debug tab of VSCode select "Debug selected Test". This will run the test you selected with the specific arguments required for Terraform to run the acceptance test. **Note**: You shouldn't use the builtin "Debug Test" profile that is shown when hovering over a test function since it doesn't contain the necessary configuration to find your Argo CD environment. ## Run Terraform using a local build It's possible to set up a local terraform configuration to use a development build of the provider. This can be achieved by leveraging the Terraform CLI [configuration file development overrides](https://www.terraform.io/cli/config/config-file#development-overrides-for-provider-developers). First, use `make install` to place a fresh development build of the provider in your [`${GOBIN}`](https://pkg.go.dev/cmd/go#hdr-Compile_and_install_packages_and_dependencies) (defaults to `${GOPATH}/bin` or `${HOME}/go/bin` if `${GOPATH}` is not set). Repeat this every time you make changes to the provider locally. Note: you can also use `make build` to place the binary into `/bin/terraform-provider-argocd` instead. Then write this config to a file: ```hcl filename="../reproduce/.terraformrc" provider_installation { dev_overrides { "argoproj-labs/argocd" = "/Users/username/go/bin" # path must be absolute and point to the directoy containing the binary } direct {} } ``` And lastly use the following environment variable in a terminal session to tell Terraform to use this file for picking up the development binary: ```console export TF_CLI_CONFIG_FILE=../.reproduce/.terraformrc terraform plan # will not use the local provider build ``` For further reference consult [HashiCorp's article](https://www.terraform.io/plugin/debugging#terraform-cli-development-overrides) about this topic. ## Dependency Management ### K8s version In our CI we test against a Kubernetes version that is supported by all Argo CD versions we support. That version can be obtained when looking at [this table](https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#tested-versions) in the Argo CD documentation. ### Argo CD client-lib Some dependencies we use are strictly aligned with the Argo CD client-lib that we use and should only be updated together: - github.com/argoproj/gitops-engine - k8s.io/* Please **don't update** any of these dependencies without having discussed this first! ================================================ FILE: GNUmakefile ================================================ default: build # To see which other env vars are set, please refer to internal/testhelpers/suite.go TEST_FILTER?= export build: go build -v -o bin/ ./... install: build go install -v ./... # See https://golangci-lint.run/ lint: golangci-lint run generate: cd tools; go generate ./... fmt: gofmt -s -w -e . test: go test -v -cover -timeout=120s -parallel=4 -run="$(TEST_FILTER)" ./... testacc: TF_ACC=1 go test -v -cover -timeout 20m -run="$(TEST_FILTER)" ./... testacc_clean_env: kind delete cluster --name argocd testacc_prepare_env: echo "\n--- Clearing current kube context\n" kubectl config unset current-context echo "\n--- Kustomize sanity checks\n" kustomize version || exit 1 echo "\n--- Create Kind cluster\n" kind create cluster --config kind-config.yml echo "\n--- Kind sanity checks\n" kubectl get nodes -o wide kubectl get pods --all-namespaces -o wide kubectl get services --all-namespaces -o wide echo "\n--- Install ArgoCD ${ARGOCD_VERSION}\n" kustomize build manifests/overlays/${ARGOCD_VERSION} | kubectl apply --server-side --force-conflicts -f - echo "\n--- Wait until CRDs are established\n" kubectl wait --for=condition=Established crd/applications.argoproj.io --timeout=60s kubectl wait --for=condition=Established crd/applicationsets.argoproj.io --timeout=60s kubectl wait --for=condition=Established crd/appprojects.argoproj.io --timeout=60s echo "\n--- Install ArgoCD test data\n" kubectl apply -f manifests/testdata/ echo "\n--- Wait for ArgoCD components to be ready...\n" kubectl wait --for=condition=available --timeout=600s deployment/argocd-server -n argocd kubectl wait --for=condition=available --timeout=30s deployment/argocd-repo-server -n argocd kubectl wait --for=condition=available --timeout=30s deployment/argocd-dex-server -n argocd kubectl wait --for=condition=available --timeout=30s deployment/argocd-redis -n argocd clean: git clean -fXd -e \!vendor -e \!vendor/**/* -e \!.vscode .PHONY: build install lint generate fmt test testacc testacc_testcontainers testacc_clean_env testacc_prepare_env clean ================================================ FILE: LICENSE ================================================ Mozilla Public License Version 2.0 ================================== 1. Definitions -------------- 1.1. "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. "Contributor Version" means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. "Contribution" means Covered Software of a particular Contributor. 1.4. "Covered Software" means Source Code Form to which the initial Contributor has attached the notice in Exhibit A, the Executable Form of such Source Code Form, and Modifications of such Source Code Form, in each case including portions thereof. 1.5. "Incompatible With Secondary Licenses" means (a) that the initial Contributor has attached the notice described in Exhibit B to the Covered Software; or (b) that the Covered Software was made available under the terms of version 1.1 or earlier of the License, but not also under the terms of a Secondary License. 1.6. "Executable Form" means any form of the work other than Source Code Form. 1.7. "Larger Work" means a work that combines Covered Software with other material, in a separate file or files, that is not Covered Software. 1.8. "License" means this document. 1.9. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently, any and all of the rights conveyed by this License. 1.10. "Modifications" means any of the following: (a) any file in Source Code Form that results from an addition to, deletion from, or modification of the contents of Covered Software; or (b) any new file in Source Code Form that contains any Covered Software. 1.11. "Patent Claims" of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. "Secondary License" means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General Public License, Version 3.0, or any later versions of those licenses. 1.13. "Source Code Form" means the form of the work preferred for making modifications. 1.14. "You" (or "Your") means an individual or a legal entity exercising rights under this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. License Grants and Conditions -------------------------------- 2.1. Grants Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: (a) under intellectual property rights (other than patent or trademark) Licensable by such Contributor to use, reproduce, make available, modify, display, perform, distribute, and otherwise exploit its Contributions, either on an unmodified basis, with Modifications, or as part of a Larger Work; and (b) under Patent Claims of such Contributor to make, use, sell, offer for sale, have made, import, and otherwise transfer either its Contributions or its Contributor Version. 2.2. Effective Date The licenses granted in Section 2.1 with respect to any Contribution become effective for each Contribution on the date the Contributor first distributes such Contribution. 2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: (a) for any code that a Contributor has removed from Covered Software; or (b) for infringements caused by: (i) Your and any other third party's modifications of Covered Software, or (ii) the combination of its Contributions with other software (except as part of its Contributor Version); or (c) under Patent Claims infringed by Covered Software in the absence of its Contributions. This License does not grant any rights in the trademarks, service marks, or logos of any Contributor (except as may be necessary to comply with the notice requirements in Section 3.4). 2.4. Subsequent Licenses No Contributor makes additional grants as a result of Your choice to distribute the Covered Software under a subsequent version of this License (see Section 10.2) or under the terms of a Secondary License (if permitted under the terms of Section 3.3). 2.5. Representation Each Contributor represents that the Contributor believes its Contributions are its original creation(s) or it has sufficient rights to grant the rights to its Contributions conveyed by this License. 2.6. Fair Use This License is not intended to limit any rights You have under applicable copyright doctrines of fair use, fair dealing, or other equivalents. 2.7. Conditions Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in Section 2.1. 3. Responsibilities ------------------- 3.1. Distribution of Source Form All distribution of Covered Software in Source Code Form, including any Modifications that You create or to which You contribute, must be under the terms of this License. You must inform recipients that the Source Code Form of the Covered Software is governed by the terms of this License, and how they can obtain a copy of this License. You may not attempt to alter or restrict the recipients' rights in the Source Code Form. 3.2. Distribution of Executable Form If You distribute Covered Software in Executable Form then: (a) such Covered Software must also be made available in Source Code Form, as described in Section 3.1, and You must inform recipients of the Executable Form how they can obtain a copy of such Source Code Form by reasonable means in a timely manner, at a charge no more than the cost of distribution to the recipient; and (b) You may distribute such Executable Form under the terms of this License, or sublicense it under different terms, provided that the license for the Executable Form does not attempt to limit or alter the recipients' rights in the Source Code Form under this License. 3.3. Distribution of a Larger Work You may create and distribute a Larger Work under terms of Your choice, provided that You also comply with the requirements of this License for the Covered Software. If the Larger Work is a combination of Covered Software with a work governed by one or more Secondary Licenses, and the Covered Software is not Incompatible With Secondary Licenses, this License permits You to additionally distribute such Covered Software under the terms of such Secondary License(s), so that the recipient of the Larger Work may, at their option, further distribute the Covered Software under the terms of either this License or such Secondary License(s). 3.4. Notices You may not remove or alter the substance of any license notices (including copyright notices, patent notices, disclaimers of warranty, or limitations of liability) contained within the Source Code Form of the Covered Software, except that You may alter any license notices to the extent required to remedy known factual inaccuracies. 3.5. Application of Additional Terms You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, You may do so only on Your own behalf, and not on behalf of any Contributor. You must make it absolutely clear that any such warranty, support, indemnity, or liability obligation is offered by You alone, and You hereby agree to indemnify every Contributor for any liability incurred by such Contributor as a result of warranty, support, indemnity or liability terms You offer. You may include additional disclaimers of warranty and limitations of liability specific to any jurisdiction. 4. Inability to Comply Due to Statute or Regulation --------------------------------------------------- If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Software due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be placed in a text file included with all distributions of the Covered Software under this License. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Termination -------------- 5.1. The rights granted under this License will terminate automatically if You fail to comply with any of its terms. However, if You become compliant, then the rights granted under this License from a particular Contributor are reinstated (a) provisionally, unless and until such Contributor explicitly and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor fails to notify You of the non-compliance by some reasonable means prior to 60 days after You have come back into compliance. Moreover, Your grants from a particular Contributor are reinstated on an ongoing basis if such Contributor notifies You of the non-compliance by some reasonable means, this is the first time You have received notice of non-compliance with this License from such Contributor, and You become compliant prior to 30 days after Your receipt of the notice. 5.2. If You initiate litigation against any entity by asserting a patent infringement claim (excluding declaratory judgment actions, counter-claims, and cross-claims) alleging that a Contributor Version directly or indirectly infringes any patent, then the rights granted to You by any and all Contributors for the Covered Software under Section 2.1 of this License shall terminate. 5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or Your distributors under this License prior to termination shall survive termination. ************************************************************************ * * * 6. Disclaimer of Warranty * * ------------------------- * * * * Covered Software is provided under this License on an "as is" * * basis, without warranty of any kind, either expressed, implied, or * * statutory, including, without limitation, warranties that the * * Covered Software is free of defects, merchantable, fit for a * * particular purpose or non-infringing. The entire risk as to the * * quality and performance of the Covered Software is with You. * * Should any Covered Software prove defective in any respect, You * * (not any Contributor) assume the cost of any necessary servicing, * * repair, or correction. This disclaimer of warranty constitutes an * * essential part of this License. No use of any Covered Software is * * authorized under this License except under this disclaimer. * * * ************************************************************************ ************************************************************************ * * * 7. Limitation of Liability * * -------------------------- * * * * Under no circumstances and under no legal theory, whether tort * * (including negligence), contract, or otherwise, shall any * * Contributor, or anyone who distributes Covered Software as * * permitted above, be liable to You for any direct, indirect, * * special, incidental, or consequential damages of any character * * including, without limitation, damages for lost profits, loss of * * goodwill, work stoppage, computer failure or malfunction, or any * * and all other commercial damages or losses, even if such party * * shall have been informed of the possibility of such damages. This * * limitation of liability shall not apply to liability for death or * * personal injury resulting from such party's negligence to the * * extent applicable law prohibits such limitation. Some * * jurisdictions do not allow the exclusion or limitation of * * incidental or consequential damages, so this exclusion and * * limitation may not apply to You. * * * ************************************************************************ 8. Litigation ------------- Any litigation relating to this License may be brought only in the courts of a jurisdiction where the defendant maintains its principal place of business and such litigation shall be governed by laws of that jurisdiction, without reference to its conflict-of-law provisions. Nothing in this Section shall prevent a party's ability to bring cross-claims or counter-claims. 9. Miscellaneous ---------------- This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not be used to construe this License against a Contributor. 10. Versions of the License --------------------------- 10.1. New Versions Mozilla Foundation is the license steward. Except as provided in Section 10.3, no one other than the license steward has the right to modify or publish new versions of this License. Each version will be given a distinguishing version number. 10.2. Effect of New Versions You may distribute the Covered Software under the terms of the version of the License under which You originally received the Covered Software, or under the terms of any subsequent version published by the license steward. 10.3. Modified Versions If you create software not governed by this License, and you want to create a new license for such software, you may create and use a modified version of this License if you rename the license and remove any references to the name of the license steward (except to note that such modified license differs from this License). 10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses If You choose to distribute Source Code Form that is Incompatible With Secondary Licenses under the terms of this version of the License, the notice described in Exhibit B of this License must be attached. Exhibit A - Source Code Form License Notice ------------------------------------------- This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. If it is not possible or desirable to put the notice in a particular file, then You may include the notice in a location (such as a LICENSE file in a relevant directory) where a recipient would be likely to look for such a notice. You may add additional accurate notices of copyright ownership. Exhibit B - "Incompatible With Secondary Licenses" Notice --------------------------------------------------------- This Source Code Form is "Incompatible With Secondary Licenses", as defined by the Mozilla Public License, v. 2.0. ================================================ FILE: README.md ================================================ Terraform logo Terraform logo # Terraform Provider for ArgoCD [![Tests](https://github.com/argoproj-labs/terraform-provider-argocd/actions/workflows/tests.yml/badge.svg)](https://github.com/argoproj-labs/terraform-provider-argocd/actions/workflows/tests.yml) The [ArgoCD Terraform Provider](https://registry.terraform.io/providers/argoproj-labs/argocd/latest/docs) provides lifecycle management of [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) resources. **NB**: The provider is not concerned with the installation/configuration of ArgoCD itself. To make use of the provider, you will need to have an existing ArgoCD deployment and, the ArgoCD API server must be [accessible](https://argo-cd.readthedocs.io/en/stable/getting_started/#3-access-the-argo-cd-api-server) from where you are running Terraform. --- ## Documentation Official documentation on how to use this provider can be found on the [Terraform Registry](https://registry.terraform.io/providers/argoproj-labs/argocd/latest/docs). ## Version Compatibility The provider supports all versions Argo-CD itself currently supports. See the [Argo CD documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions) for supported versions. The following table shows the versions of Argo CD that are tested with each version of the provider. | Provider version | Argo CD versions | |---|---| | 7.13 | v3.1, v3.2, v3.3 | | 7.12 | v3.0, v3.1, v3.2 | | 7.11 | v2.14, v3.0, v3.1 | | 7.7 | v2.13, v2.14, v3.0 | | 7.5 | v2.12, v2.13, v2.14 | | 7.4 | v2.11, v2.12, v2.13 | | 7.2 | v2.10, v2.11, v2.12 | | 7.1 | v2.9, v2.10, v2.11 | | 7.0 | v2.8, v2.9, v2.10 | | 6.x | v2.8, v2.9, v2.10 | Note: these numbers are based on our testing matrix that tests the provider against these versions of Argo CD. You may be able to use other provider versions as the ones listed here and it may still work. ## Motivations ### *I thought ArgoCD already allowed for 100% declarative configuration?* While that is true through the use of ArgoCD Kubernetes Custom Resources, there are some resources that simply cannot be managed using Kubernetes manifests, such as project roles JWTs whose respective lifecycles are better handled by a tool like Terraform. Even more so when you need to export these JWTs to another external system using Terraform, like a CI platform. ### *Wouldn't using a Kubernetes provider to handle ArgoCD configuration be enough?* Existing Kubernetes providers do not patch arrays of objects, losing project role JWTs when doing small project changes just happen. ArgoCD Kubernetes admission webhook controller is not as exhaustive as ArgoCD API validation, this can be seen with RBAC policies, where no validation occur when creating/patching a project. Using Terraform to manage Kubernetes Custom Resource becomes increasingly difficult the further you use HCL2 DSL to merge different data structures *and* want to preserve type safety. Whatever the Kubernetes CRD provider you are using, you will probably end up using `locals` and the `yamlencode` function **which does not preserve the values' type**. In these cases, not only the readability of your Terraform plan will worsen, but you will also be losing some safeties that Terraform provides in the process. ## Upgrading ### Migrate provider source `oboukili` -> `argoproj-labs` As announced in the releases [v6.2.0] and [v7.0.0], we moved the provider from "github.com/**oboukili**/terraform-provider-argocd/" to "github.com/**argoproj-labs**/terraform-provider-argocd". Users need to migrate their Terraform state according to HashiCorps [replace-provider] docs. In summary, you can do the following: 1. List currently used providers ```bash $ terraform providers Providers required by configuration: . ├── provider[registry.terraform.io/hashicorp/helm] 2.15.0 ├── (..) └── provider[registry.terraform.io/oboukili/argocd] 6.1.1 Providers required by state: (..) provider[registry.terraform.io/oboukili/argocd] provider[registry.terraform.io/hashicorp/helm] ``` 2. **If you see** the provider "registry.terraform.io/**oboukili**/argocd", you can update the provider specification: ```diff --- a/versions.tf +++ b/versions.tf @@ -5,7 +5,7 @@ terraform { } argocd = { - source = "oboukili/argocd" + source = "argoproj-labs/argocd" version = "6.1.1" } helm = { ``` 3. Download the new provider via `terraform init`: ```bash $ terraform init Initializing HCP Terraform... Initializing provider plugins... - Finding (..) - Finding oboukili/argocd versions matching "6.1.1"... - Finding latest version of argoproj-labs/argocd... - (..) - Installing oboukili/argocd v6.1.1... - Installed oboukili/argocd v6.1.1 (self-signed, key ID 09A6EABF546E8638) - Installing argoproj-labs/argocd v7.0.0... - Installed argoproj-labs/argocd v7.0.0 (self-signed, key ID 6421DA8DFD8F48D0) (..) HCP Terraform has been successfully initialized! (..) ``` 4. Then, execute the migration via `terraform state replace-provider`: ```bash $ terraform state replace-provider registry.terraform.io/oboukili/argocd registry.terraform.io/argoproj-labs/argocd Terraform will perform the following actions: ~ Updating provider: - registry.terraform.io/oboukili/argocd + registry.terraform.io/argoproj-labs/argocd Changing 5 resources: argocd_project.apps_with_clusterroles argocd_application.app_of_apps argocd_project.base argocd_project.apps_restricted argocd_project.core_services_unrestricted Do you want to make these changes? Only 'yes' will be accepted to continue. Enter a value: yes Successfully replaced provider for 5 resources. ``` 5. You have successfully migrated ## Credits * We would like to thank [Olivier Boukili] for creating this awesome Terraform provider and moving the project over to [argoproj-labs] on Apr 5th 2024. [argoproj-labs]: https://github.com/argoproj-labs [Olivier Boukili]: https://github.com/oboukili [v6.2.0]: https://github.com/argoproj-labs/terraform-provider-argocd/releases/tag/v6.2.0 [v7.0.0]: https://github.com/argoproj-labs/terraform-provider-argocd/releases/tag/v7.0.0 [replace-provider]: https://developer.hashicorp.com/terraform/cli/commands/state/replace-provider ================================================ FILE: RELEASE.md ================================================ # Provider release process Our release process relies on [Goreleaser](https://goreleaser.com) for automatically building provider binaries for all architectures, signing them and generating a Github release with the binaries attached. ## Publishing a new version Once the maintainers are ready to publish a new version, they can create a new git tag starting with `v*` and following [semver](https://semver.org). Pushing this tag will trigger a Github action that runs goreleaser. They will find a new release with the appropriate version, changelog and attached artifacts on github, that was automatically marked as latest. ================================================ FILE: SECURITY.md ================================================ # Security Policy ## Reporting a Vulnerability We have enabled the ability to privately report security issues through the Security tab above. [Here are the details on how to file a new vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). A repository owner/maintainer will respond as fast as possible to coordinate confirmation of the issue and remediation. Thank you for helping to ensure this code stays secure! ================================================ FILE: argocd/model_provider.go ================================================ package argocd import ( "bytes" "context" "fmt" "net/url" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj/argo-cd/v3/cmd/argocd/commands/headless" "github.com/argoproj/argo-cd/v3/pkg/apiclient" "github.com/argoproj/argo-cd/v3/pkg/apiclient/session" "github.com/argoproj/argo-cd/v3/util/io" "github.com/argoproj/argo-cd/v3/util/localconfig" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/types" apimachineryschema "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd/api" ) type ArgoCDProviderConfig struct { // Configuration for standard login using either with username/password or auth_token AuthToken types.String `tfsdk:"auth_token"` Username types.String `tfsdk:"username"` Password types.String `tfsdk:"password"` // When using standard login either server address or port forwarding must be used ServerAddr types.String `tfsdk:"server_addr"` PortForward types.Bool `tfsdk:"port_forward"` PortForwardWithNamespace types.String `tfsdk:"port_forward_with_namespace"` Kubernetes []Kubernetes `tfsdk:"kubernetes"` // Run ArgoCD API server locally Core types.Bool `tfsdk:"core"` // Login using credentials from local ArgoCD config file UseLocalConfig types.Bool `tfsdk:"use_local_config"` ConfigPath types.String `tfsdk:"config_path"` Context types.String `tfsdk:"context"` // Other configuration CertFile types.String `tfsdk:"cert_file"` ClientCertFile types.String `tfsdk:"client_cert_file"` ClientCertKey types.String `tfsdk:"client_cert_key"` GRPCWeb types.Bool `tfsdk:"grpc_web"` GRPCWebRootPath types.String `tfsdk:"grpc_web_root_path"` Headers types.Set `tfsdk:"headers"` Insecure types.Bool `tfsdk:"insecure"` PlainText types.Bool `tfsdk:"plain_text"` UserAgent types.String `tfsdk:"user_agent"` } func (p ArgoCDProviderConfig) getApiClientOptions(ctx context.Context) (*apiclient.ClientOptions, diag.Diagnostics) { var diags diag.Diagnostics opts := &apiclient.ClientOptions{ AuthToken: getDefaultString(p.AuthToken, "ARGOCD_AUTH_TOKEN"), CertFile: p.CertFile.ValueString(), ClientCertFile: p.ClientCertFile.ValueString(), ClientCertKeyFile: p.ClientCertKey.ValueString(), GRPCWeb: p.GRPCWeb.ValueBool(), GRPCWebRootPath: p.GRPCWebRootPath.ValueString(), Insecure: getDefaultBool(ctx, p.Insecure, "ARGOCD_INSECURE"), PlainText: p.PlainText.ValueBool(), PortForward: p.PortForward.ValueBool(), PortForwardNamespace: p.PortForwardWithNamespace.ValueString(), ServerAddr: getDefaultString(p.ServerAddr, "ARGOCD_SERVER"), UserAgent: p.Username.ValueString(), } if !p.Headers.IsNull() { var h []string diags.Append(p.Headers.ElementsAs(ctx, &h, false)...) opts.Headers = h } coreEnabled, d := p.setCoreOpts(opts) diags.Append(d...) localConfigEnabled, d := p.setLocalConfigOpts(opts) diags.Append(d...) portForwardingEnabled, d := p.setPortForwardingOpts(ctx, opts) diags.Append(d...) username := getDefaultString(p.Username, "ARGOCD_AUTH_USERNAME") password := getDefaultString(p.Password, "ARGOCD_AUTH_PASSWORD") usernameAndPasswordSet := username != "" && password != "" switch { // Provider configuration errors case !coreEnabled && !portForwardingEnabled && !localConfigEnabled && opts.ServerAddr == "": diags.Append(diagnostics.Error("invalid provider configuration: one of `core,port_forward,port_forward_with_namespace,use_local_config,server_addr` must be specified", nil)...) case portForwardingEnabled && opts.AuthToken == "" && !usernameAndPasswordSet: diags.Append(diagnostics.Error("invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled", nil)...) case opts.ServerAddr != "" && !coreEnabled && opts.AuthToken == "" && !usernameAndPasswordSet: diags.Append(diagnostics.Error("invalid provider configuration: either `username/password` or `auth_token` must be specified if `server_addr` is specified", nil)...) } if diags.HasError() { return nil, diags } switch { // Handle "special" configuration use-cases case coreEnabled: // HACK: `headless.StartLocalServer` manipulates this global variable // when starting the local server without checking it's length/contents // which leads to a panic if called multiple times. So, we need to // ensure we "reset" it before calling the method. if runtimeErrorHandlers == nil { runtimeErrorHandlers = runtime.ErrorHandlers } else { runtime.ErrorHandlers = runtimeErrorHandlers } _, err := headless.MaybeStartLocalServer(ctx, opts, "", nil, nil, nil) if err != nil { diags.Append(diagnostics.Error("failed to start local server", err)...) return nil, diags } case opts.ServerAddr != "" && opts.AuthToken == "" && usernameAndPasswordSet: apiClient, err := apiclient.NewClient(opts) if err != nil { diags.Append(diagnostics.Error("failed to create new API client", err)...) return nil, diags } closer, sc, err := apiClient.NewSessionClient() if err != nil { diags.Append(diagnostics.Error("failed to create new session client", err)...) return nil, diags } defer io.Close(closer) sessionOpts := session.SessionCreateRequest{ Username: username, Password: password, } resp, err := sc.Create(ctx, &sessionOpts) if err != nil { diags.Append(diagnostics.Error("failed to create new session", err)...) return nil, diags } opts.AuthToken = resp.Token } return opts, diags } func (p ArgoCDProviderConfig) setCoreOpts(opts *apiclient.ClientOptions) (bool, diag.Diagnostics) { var diags diag.Diagnostics coreEnabled := p.Core.ValueBool() if coreEnabled { if opts.ServerAddr != "" { diags.AddWarning("`server_addr` is ignored by the provider and overwritten when `core = true`.", "") } opts.ServerAddr = "kubernetes" opts.Core = true if !p.Username.IsNull() { diags.AddWarning("`username` is ignored when `core = true`.", "") } } return coreEnabled, diags } func (p ArgoCDProviderConfig) setLocalConfigOpts(opts *apiclient.ClientOptions) (bool, diag.Diagnostics) { var diags diag.Diagnostics useLocalConfig := p.UseLocalConfig.ValueBool() switch useLocalConfig { case true: if opts.ServerAddr != "" { diags.AddWarning("setting `server_addr` alongside `use_local_config = true` is unnecessary and not recommended as this will overwrite the address retrieved from the local ArgoCD context.", "") } if !p.Username.IsNull() { diags.AddWarning("`username` is ignored when `use_local_config = true`.", "") } opts.Context = getDefaultString(p.Context, "ARGOCD_CONTEXT") cp := getDefaultString(p.ConfigPath, "ARGOCD_CONFIG_PATH") if cp != "" { opts.ConfigPath = p.ConfigPath.ValueString() break } cp, err := localconfig.DefaultLocalConfigPath() if err == nil { opts.ConfigPath = cp break } diags.Append(diagnostics.Error("failed to find default ArgoCD config path", err)...) case false: // Log warnings if explicit configuration has been provided for local config when `use_local_config` is not enabled. if !p.ConfigPath.IsNull() { diags.AddWarning("`config_path` is ignored by provider unless `use_local_config = true`.", "") } if !p.Context.IsNull() { diags.AddWarning("`context` is ignored by provider unless `use_local_config = true`.", "") } } return useLocalConfig, diags } func (p ArgoCDProviderConfig) setPortForwardingOpts(ctx context.Context, opts *apiclient.ClientOptions) (bool, diag.Diagnostics) { var diags diag.Diagnostics portForwardingEnabled := opts.PortForward || opts.PortForwardNamespace != "" switch portForwardingEnabled { case true: if opts.ServerAddr != "" { diags.AddWarning("`server_addr` is ignored by the provider and overwritten when port forwarding is enabled.", "") } opts.ServerAddr = "localhost" // will be overwritten by ArgoCD module when we initialize the API client but needs to be set here to ensure we opts.ServerName = "argocd-server" if opts.PortForwardNamespace == "" { opts.PortForwardNamespace = "argocd" } if p.Kubernetes == nil { break } k := p.Kubernetes[0] opts.KubeOverrides = &clientcmd.ConfigOverrides{ AuthInfo: api.AuthInfo{ ClientCertificateData: bytes.NewBufferString(getDefaultString(k.ClientCertificate, "KUBE_CLIENT_CERT_DATA")).Bytes(), Username: getDefaultString(k.Username, "KUBE_USER"), Password: getDefaultString(k.Password, "KUBE_PASSWORD"), ClientKeyData: bytes.NewBufferString(getDefaultString(k.ClientKey, "KUBE_CLIENT_KEY_DATA")).Bytes(), Token: getDefaultString(k.Token, "KUBE_TOKEN"), }, ClusterInfo: api.Cluster{ InsecureSkipTLSVerify: getDefaultBool(ctx, k.Insecure, "KUBE_INSECURE"), CertificateAuthorityData: bytes.NewBufferString(getDefaultString(k.ClusterCACertificate, "KUBE_CLUSTER_CA_CERT_DATA")).Bytes(), }, CurrentContext: getDefaultString(k.ConfigContext, "KUBE_CTX"), Context: api.Context{ AuthInfo: getDefaultString(k.ConfigContextAuthInfo, "KUBE_CTX_AUTH_INFO"), Cluster: getDefaultString(k.ConfigContextCluster, "KUBE_CTX_CLUSTER"), }, } h := getDefaultString(k.Host, "KUBE_HOST") if h != "" { // Server has to be the complete address of the Kubernetes cluster (scheme://hostname:port), not just the hostname, // because `overrides` are processed too late to be taken into account by `defaultServerUrlFor()`. // This basically replicates what defaultServerUrlFor() does with config but for overrides, // see https://github.com/Kubernetes/client-go/blob/v12.0.0/rest/url_utils.go#L85-L87 hasCA := len(opts.KubeOverrides.ClusterInfo.CertificateAuthorityData) != 0 hasCert := len(opts.KubeOverrides.AuthInfo.ClientCertificateData) != 0 defaultTLS := hasCA || hasCert || opts.KubeOverrides.ClusterInfo.InsecureSkipTLSVerify var host *url.URL host, _, err := rest.DefaultServerURL(h, "", apimachineryschema.GroupVersion{}, defaultTLS) if err == nil { opts.KubeOverrides.ClusterInfo.Server = host.String() } else { diags.Append(diagnostics.Error(fmt.Sprintf("failed to extract default server URL for host %s", h), err)...) } } if k.Exec == nil { break } e := k.Exec[0] exec := &api.ExecConfig{ InteractiveMode: api.IfAvailableExecInteractiveMode, APIVersion: e.APIVersion.ValueString(), Command: e.Command.ValueString(), } var a []string diags.Append(e.Args.ElementsAs(ctx, &a, false)...) exec.Args = a var env map[string]string diags.Append(e.Env.ElementsAs(ctx, &env, false)...) for k, v := range env { exec.Env = append(exec.Env, api.ExecEnvVar{Name: k, Value: v}) } opts.KubeOverrides.AuthInfo.Exec = exec case false: if p.Kubernetes != nil { diags.AddWarning("`Kubernetes` configuration block is ignored by provider unless `port_forward` or `port_forward_with_namespace` are configured.", "") } } return portForwardingEnabled, diags } type Kubernetes struct { Host types.String `tfsdk:"host"` Username types.String `tfsdk:"username"` Password types.String `tfsdk:"password"` Insecure types.Bool `tfsdk:"insecure"` ClientCertificate types.String `tfsdk:"client_certificate"` ClientKey types.String `tfsdk:"client_key"` ClusterCACertificate types.String `tfsdk:"cluster_ca_certificate"` ConfigContext types.String `tfsdk:"config_context"` ConfigContextAuthInfo types.String `tfsdk:"config_context_auth_info"` ConfigContextCluster types.String `tfsdk:"config_context_cluster"` Token types.String `tfsdk:"token"` Exec []KubernetesExec `tfsdk:"exec"` } type KubernetesExec struct { APIVersion types.String `tfsdk:"api_version"` Command types.String `tfsdk:"command"` Env types.Map `tfsdk:"env"` Args types.List `tfsdk:"args"` } ================================================ FILE: argocd/provider.go ================================================ package argocd import ( "context" "sync" fwdiag "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" // Import to initialize client auth plugins. _ "k8s.io/client-go/plugin/pkg/client/auth" ) // Used to handle concurrent access to ArgoCD common configuration var tokenMutexConfiguration = &sync.RWMutex{} // Used to handle concurrent access to ArgoCD clusters var tokenMutexClusters = &sync.RWMutex{} // Used to handle concurrent access to ArgoCD secrets var tokenMutexSecrets = &sync.RWMutex{} func Provider() *schema.Provider { return &schema.Provider{ Schema: map[string]*schema.Schema{ "server_addr": { Type: schema.TypeString, Optional: true, Description: "ArgoCD server address with port. Can be set through the `ARGOCD_SERVER` environment variable.", }, "auth_token": { Type: schema.TypeString, Optional: true, Description: "ArgoCD authentication token, takes precedence over `username`/`password`. Can be set through the `ARGOCD_AUTH_TOKEN` environment variable.", Sensitive: true, }, "username": { Type: schema.TypeString, Optional: true, Description: "Authentication username. Can be set through the `ARGOCD_AUTH_USERNAME` environment variable.", }, "password": { Type: schema.TypeString, Optional: true, Description: "Authentication password. Can be set through the `ARGOCD_AUTH_PASSWORD` environment variable.", Sensitive: true, }, "cert_file": { Type: schema.TypeString, Optional: true, Description: "Additional root CA certificates file to add to the client TLS connection pool.", }, "client_cert_file": { Type: schema.TypeString, Optional: true, Description: "Client certificate.", }, "client_cert_key": { Type: schema.TypeString, Optional: true, Description: "Client certificate key.", }, "plain_text": { Type: schema.TypeBool, Optional: true, Description: "Whether to initiate an unencrypted connection to ArgoCD server.", }, "context": { Type: schema.TypeString, Optional: true, Description: "Context to choose when using a local ArgoCD config file. Only relevant when `use_local_config`. Can be set through `ARGOCD_CONTEXT` environment variable.", }, "user_agent": { Type: schema.TypeString, Optional: true, Description: "User-Agent request header override.", }, "core": { Type: schema.TypeBool, Optional: true, Description: "Configure direct access using Kubernetes API server.\n\n " + "**Warning**: this feature works by starting a local ArgoCD API server that talks directly to the Kubernetes API using the **current context " + "in the default kubeconfig** (`~/.kube/config`). This behavior cannot be overridden using either environment variables or the `kubernetes` block " + "in the provider configuration at present).\n\n If the server fails to start (e.g. your kubeconfig is misconfigured) then the provider will " + "fail as a result of the `argocd` module forcing it to exit and no logs will be available to help you debug this. The error message will be " + "similar to\n > `The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may " + "contain more details.`\n\n To debug this, you will need to login via the ArgoCD CLI using `argocd login --core` and then running an operation. " + "E.g. `argocd app list`.", }, "grpc_web": { Type: schema.TypeBool, Optional: true, Description: "Whether to use gRPC web proxy client. Useful if Argo CD server is behind proxy which does not support HTTP2.", }, "grpc_web_root_path": { Type: schema.TypeString, Optional: true, Description: "Use the gRPC web proxy client and set the web root, e.g. `argo-cd`. Useful if the Argo CD server is behind a proxy at a non-root path.", }, "use_local_config": { Type: schema.TypeBool, Optional: true, Description: "Use the authentication settings found in the local config file. Useful when you have previously logged in using SSO. Conflicts with `auth_token`, `username` and `password`.", }, "config_path": { Type: schema.TypeString, Optional: true, Description: "Override the default config path of `$HOME/.config/argocd/config`. Only relevant when `use_local_config`. Can be set through the `ARGOCD_CONFIG_PATH` environment variable.", }, "port_forward": { Type: schema.TypeBool, Description: "Connect to a random argocd-server port using port forwarding.", Optional: true, }, "port_forward_with_namespace": { Type: schema.TypeString, Description: "Namespace name which should be used for port forwarding.", Optional: true, }, "headers": { Type: schema.TypeSet, Optional: true, Description: "Additional headers to add to each request to the ArgoCD server.", Elem: &schema.Schema{Type: schema.TypeString}, }, "insecure": { Type: schema.TypeBool, Optional: true, Description: "Whether to skip TLS server certificate. Can be set through the `ARGOCD_INSECURE` environment variable.", }, "kubernetes": { Type: schema.TypeList, MaxItems: 1, Optional: true, Description: "Kubernetes configuration overrides. Only relevant when `port_forward = true` or `port_forward_with_namespace = \"foo\"`. The kubeconfig file that is used can be overridden using the [`KUBECONFIG` environment variable](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#the-kubeconfig-environment-variable)).", Elem: kubernetesResource(), }, }, ResourcesMap: map[string]*schema.Resource{ "argocd_account_token": resourceArgoCDAccountToken(), "argocd_application": resourceArgoCDApplication(), "argocd_application_set": resourceArgoCDApplicationSet(), "argocd_cluster": resourceArgoCDCluster(), }, ConfigureContextFunc: func(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) { config, diags := argoCDProviderConfigFromResourceData(ctx, d) server := NewServerInterface(config) return server, diags }, } } func kubernetesResource() *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ "host": { Type: schema.TypeString, Optional: true, Description: "The hostname (in form of URI) of the Kubernetes API. Can be sourced from `KUBE_HOST`.", }, "username": { Type: schema.TypeString, Optional: true, Description: "The username to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_USER`.", }, "password": { Type: schema.TypeString, Optional: true, Description: "The password to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_PASSWORD`.", Sensitive: true, }, "insecure": { Type: schema.TypeBool, Optional: true, Description: "Whether server should be accessed without verifying the TLS certificate. Can be sourced from `KUBE_INSECURE`.", }, "client_certificate": { Type: schema.TypeString, Optional: true, Description: "PEM-encoded client certificate for TLS authentication. Can be sourced from `KUBE_CLIENT_CERT_DATA`.", }, "client_key": { Type: schema.TypeString, Optional: true, Description: "PEM-encoded client certificate key for TLS authentication. Can be sourced from `KUBE_CLIENT_KEY_DATA`.", Sensitive: true, }, "cluster_ca_certificate": { Type: schema.TypeString, Optional: true, Description: "PEM-encoded root certificates bundle for TLS authentication. Can be sourced from `KUBE_CLUSTER_CA_CERT_DATA`.", }, "config_context": { Type: schema.TypeString, Optional: true, Description: "Context to choose from the config file. Can be sourced from `KUBE_CTX`.", }, "config_context_auth_info": { Type: schema.TypeString, Optional: true, Description: "", }, "config_context_cluster": { Type: schema.TypeString, Optional: true, Description: "", }, "token": { Type: schema.TypeString, Optional: true, Description: "Token to authenticate an service account. Can be sourced from `KUBE_TOKEN`.", Sensitive: true, }, "exec": { Type: schema.TypeList, Optional: true, MaxItems: 1, Description: "Configuration block to use an [exec-based credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "api_version": { Type: schema.TypeString, Required: true, Description: "API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`.", }, "command": { Type: schema.TypeString, Required: true, Description: "Command to execute.", }, "env": { Type: schema.TypeMap, Optional: true, Description: "List of arguments to pass when executing the plugin.", Elem: &schema.Schema{Type: schema.TypeString}, }, "args": { Type: schema.TypeList, Optional: true, Description: "Map of environment variables to set when executing the plugin.", Elem: &schema.Schema{Type: schema.TypeString}, }, }, }, }, }, } } func argoCDProviderConfigFromResourceData(ctx context.Context, d *schema.ResourceData) (ArgoCDProviderConfig, diag.Diagnostics) { c := ArgoCDProviderConfig{ AuthToken: getStringFromResourceData(d, "auth_token"), CertFile: getStringFromResourceData(d, "cert_file"), ClientCertFile: getStringFromResourceData(d, "client_cert_file"), ClientCertKey: getStringFromResourceData(d, "client_cert_key"), ConfigPath: getStringFromResourceData(d, "config_path"), Context: getStringFromResourceData(d, "context"), Core: getBoolFromResourceData(d, "core"), GRPCWeb: getBoolFromResourceData(d, "grpc_web"), GRPCWebRootPath: getStringFromResourceData(d, "grpc_web_root_path"), Insecure: getBoolFromResourceData(d, "insecure"), Password: getStringFromResourceData(d, "password"), PlainText: getBoolFromResourceData(d, "plain_text"), PortForward: getBoolFromResourceData(d, "port_forward"), PortForwardWithNamespace: getStringFromResourceData(d, "port_forward_with_namespace"), ServerAddr: getStringFromResourceData(d, "server_addr"), UseLocalConfig: getBoolFromResourceData(d, "use_local_config"), UserAgent: getStringFromResourceData(d, "user_agent"), Username: getStringFromResourceData(d, "username"), } headers, diags := getStringSetFromResourceData(ctx, d, "headers") c.Headers = headers k8s, ds := kubernetesConfigFromResourceData(ctx, d) c.Kubernetes = k8s diags.Append(ds...) return c, pluginSDKDiags(diags) } func kubernetesConfigFromResourceData(ctx context.Context, d *schema.ResourceData) ([]Kubernetes, fwdiag.Diagnostics) { if _, ok := d.GetOk("kubernetes"); !ok { return nil, nil } k8s := Kubernetes{ ClientCertificate: getStringFromResourceData(d, "kubernetes.0.client_certificate"), ClientKey: getStringFromResourceData(d, "kubernetes.0.client_key"), ClusterCACertificate: getStringFromResourceData(d, "kubernetes.0.cluster_ca_certificate"), ConfigContext: getStringFromResourceData(d, "kubernetes.0.config_context"), ConfigContextAuthInfo: getStringFromResourceData(d, "kubernetes.0.config_context_auth_info"), ConfigContextCluster: getStringFromResourceData(d, "kubernetes.0.config_context_cluster"), Host: getStringFromResourceData(d, "kubernetes.0.host"), Insecure: getBoolFromResourceData(d, "kubernetes.0.insecure"), Password: getStringFromResourceData(d, "kubernetes.0.password"), Token: getStringFromResourceData(d, "kubernetes.0.token"), Username: getStringFromResourceData(d, "kubernetes.0.username"), } var diags fwdiag.Diagnostics k8s.Exec, diags = kubernetesExecConfigFromResourceData(ctx, d) return []Kubernetes{k8s}, diags } func kubernetesExecConfigFromResourceData(ctx context.Context, d *schema.ResourceData) ([]KubernetesExec, fwdiag.Diagnostics) { if _, ok := d.GetOk("kubernetes.0.exec"); !ok { return nil, nil } exec := KubernetesExec{ APIVersion: getStringFromResourceData(d, "kubernetes.0.exec.0.api_version"), Command: getStringFromResourceData(d, "kubernetes.0.exec.0.command"), } args, diags := getStringListFromResourceData(ctx, d, "kubernetes.0.exec.0.args") exec.Args = args env, ds := getStringMapFromResourceData(ctx, d, "kubernetes.0.exec.0.env") exec.Env = env diags.Append(ds...) return []KubernetesExec{exec}, diags } func getStringFromResourceData(d *schema.ResourceData, key string) types.String { if v, ok := d.GetOk(key); ok { return types.StringValue(v.(string)) } return types.StringNull() } func getBoolFromResourceData(d *schema.ResourceData, key string) types.Bool { if v, ok := d.GetOk(key); ok { return types.BoolValue(v.(bool)) } return types.BoolNull() } func getStringListFromResourceData(ctx context.Context, d *schema.ResourceData, key string) (types.List, fwdiag.Diagnostics) { if v, ok := d.GetOk(key); ok { return types.ListValueFrom(ctx, types.StringType, v.([]interface{})) } return types.ListNull(types.StringType), nil } func getStringMapFromResourceData(ctx context.Context, d *schema.ResourceData, key string) (types.Map, fwdiag.Diagnostics) { if v, ok := d.GetOk(key); ok { return types.MapValueFrom(ctx, types.StringType, v.(map[string]interface{})) } return types.MapNull(types.StringType), nil } func getStringSetFromResourceData(ctx context.Context, d *schema.ResourceData, key string) (types.Set, fwdiag.Diagnostics) { if v, ok := d.GetOk(key); ok { return types.SetValueFrom(ctx, types.StringType, v.(*schema.Set).List()) } return types.SetNull(types.StringType), nil } ================================================ FILE: argocd/provider_test.go ================================================ package argocd import ( "context" "fmt" "os" "testing" "github.com/Masterminds/semver/v3" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/argoproj-labs/terraform-provider-argocd/internal/provider" "github.com/argoproj-labs/terraform-provider-argocd/internal/testhelpers" "github.com/hashicorp/terraform-plugin-framework/providerserver" "github.com/hashicorp/terraform-plugin-go/tfprotov6" "github.com/hashicorp/terraform-plugin-mux/tf5to6server" "github.com/hashicorp/terraform-plugin-mux/tf6muxserver" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) var testAccProviders map[string]func() (*schema.Provider, error) var testAccProtoV6ProviderFactories map[string]func() (tfprotov6.ProviderServer, error) func init() { testAccProviders = map[string]func() (*schema.Provider, error){ "argocd": func() (*schema.Provider, error) { //nolint:unparam return Provider(), nil }, } testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){ "argocd": func() (tfprotov6.ProviderServer, error) { ctx := context.Background() upgradedSdkServer, err := tf5to6server.UpgradeServer( ctx, Provider().GRPCProvider, ) if err != nil { return nil, err } providers := []func() tfprotov6.ProviderServer{ providerserver.NewProtocol6(provider.New("test")), func() tfprotov6.ProviderServer { return upgradedSdkServer }, } muxServer, err := tf6muxserver.NewMuxServer(ctx, providers...) if err != nil { return nil, err } return muxServer.ProviderServer(), nil }, } } func TestMain(m *testing.M) { testhelpers.TestMain(m) } func TestProvider(t *testing.T) { t.Parallel() if err := Provider().InternalValidate(); err != nil { t.Fatalf("err: %s", err) } } func TestProvider_headers(t *testing.T) { t.Parallel() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: fmt.Sprintf("%s %s", ` provider "argocd" { headers = [ "Hello: HiThere", ] }`, testAccArgoCDApplicationSimple(acctest.RandomWithPrefix("test-acc"), "0.33.0", false), ), }, }, }) } func testAccPreCheck(t *testing.T) { if v := os.Getenv("ARGOCD_AUTH_USERNAME"); v == "" { t.Fatal("ARGOCD_AUTH_USERNAME must be set for acceptance tests") } if v := os.Getenv("ARGOCD_AUTH_PASSWORD"); v == "" { t.Fatal("ARGOCD_AUTH_PASSWORD must be set for acceptance tests") } if v := os.Getenv("ARGOCD_SERVER"); v == "" { t.Fatal("ARGOCD_SERVER must be set for acceptance tests") } if v := os.Getenv("ARGOCD_INSECURE"); v == "" { t.Fatal("ARGOCD_INSECURE should be set for acceptance tests") } } // Skip test if feature is not supported func testAccPreCheckFeatureSupported(t *testing.T, feature features.Feature) { v := os.Getenv("ARGOCD_VERSION") if v == "" { t.Skip("ARGOCD_VERSION must be set set for feature supported acceptance tests") } serverVersion, err := semver.NewVersion(v) if err != nil { t.Fatalf("could not parse ARGOCD_VERSION as semantic version: %s", v) } fc, ok := features.ConstraintsMap[feature] if !ok { t.Fatal("feature constraint is not handled by the provider") } if i := fc.MinVersion.Compare(serverVersion); i == 1 { t.Skipf("version %s does not support feature", v) } } // Skip test if feature is supported // Note: unused at present but left in the code in case it is needed again in future // func testAccPreCheckFeatureNotSupported(t *testing.T, feature int) { // v := os.Getenv("ARGOCD_VERSION") // if v == "" { // t.Skip("ARGOCD_VERSION must be set for feature supported acceptance tests") // } // serverVersion, err := semver.NewVersion(v) // if err != nil { // t.Fatalf("could not parse ARGOCD_VERSION as semantic version: %s", v) // } // versionConstraint, ok := featureVersionConstraintsMap[feature] // if !ok { // t.Fatal("feature constraint is not handled by the provider") // } // if i := versionConstraint.Compare(serverVersion); i != 1 { // t.Skipf("not running test if feature is already supported (%s)", v) // } // } ================================================ FILE: argocd/resource_argocd_account_token.go ================================================ package argocd import ( "context" "encoding/json" "fmt" "strings" "time" "github.com/argoproj/argo-cd/v3/pkg/apiclient/account" "github.com/argoproj/argo-cd/v3/pkg/apiclient/session" "github.com/cristalhq/jwt/v5" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func resourceArgoCDAccountToken() *schema.Resource { return &schema.Resource{ Description: "Manages ArgoCD [account](https://argo-cd.readthedocs.io/en/latest/user-guide/commands/argocd_account/) JWT tokens.\n\n~> **Security Notice** The JWT token generated by this resource is treated as sensitive and, thus, not displayed in console output. However, it will be stored *unencrypted* in your Terraform state file. Read more about sensitive data handling in the [Terraform documentation](https://www.terraform.io/docs/language/state/sensitive-data.html).\n", CreateContext: resourceArgoCDAccountTokenCreate, ReadContext: resourceArgoCDAccountTokenRead, UpdateContext: resourceArgoCDAccountTokenUpdate, DeleteContext: resourceArgoCDAccountTokenDelete, CustomizeDiff: func(ctx context.Context, d *schema.ResourceDiff, m interface{}) error { ia := d.Get("issued_at").(string) if ia == "" { // Blank issued_at indicates a new token - nothing to do here return nil } issuedAt, err := convertStringToInt64(ia) if err != nil { return fmt.Errorf("invalid issued_at: %w", err) } if ra, ok := d.GetOk("renew_after"); ok { renewAfterDuration, err := time.ParseDuration(ra.(string)) if err != nil { return fmt.Errorf("invalid renew_after: %w", err) } if time.Now().Unix()-issuedAt > int64(renewAfterDuration.Seconds()) { // Token is older than renewAfterDuration - force recreation if err := d.SetNewComputed("issued_at"); err != nil { return fmt.Errorf("failed to force new resource on field %q: %w", "issued_at", err) } return nil } } ea, ok := d.GetOk("expires_at") if !ok { return nil } expiresAt, err := convertStringToInt64(ea.(string)) if err != nil { return fmt.Errorf("invalid expires_at: %w", err) } if expiresAt == 0 { // Token not set to expire - no need to check anything else return nil } if expiresAt < time.Now().Unix() { // Token has expired - force recreation if err := d.SetNewComputed("expires_at"); err != nil { return fmt.Errorf("failed to force new resource on field %q: %w", "expires_at", err) } return nil } rb, ok := d.GetOk("renew_before") if !ok { return nil } renewBeforeDuration, err := time.ParseDuration(rb.(string)) if err != nil { return fmt.Errorf("invalid renew_before: %w", err) } if expiresAt-time.Now().Unix() < int64(renewBeforeDuration.Seconds()) { // Token will expire within renewBeforeDuration - force recreation if err := d.SetNewComputed("issued_at"); err != nil { return fmt.Errorf("failed to force new resource on field %q: %w", "issued_at", err) } } return nil }, Schema: map[string]*schema.Schema{ "account": { Type: schema.TypeString, Description: "Account name. Defaults to the current account. I.e. the account configured on the `provider` block.", Optional: true, ForceNew: true, }, "expires_in": { Type: schema.TypeString, Description: "Duration before the token will expire. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. E.g. `30m`, `12h`. Default: No expiration.", Optional: true, ForceNew: true, ValidateFunc: validateDuration, }, "renew_after": { Type: schema.TypeString, Description: "Duration to control token silent regeneration based on token age. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. If set, then the token will be regenerated if it is older than `renew_after`. I.e. if `currentDate - issued_at > renew_after`.", Optional: true, ValidateFunc: validateDuration, }, "renew_before": { Type: schema.TypeString, Description: "Duration to control token silent regeneration based on remaining token lifetime. If `expires_in` is set, Terraform will regenerate the token if `expires_at - currentDate < renew_before`. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`.", Optional: true, ValidateFunc: validateDuration, RequiredWith: []string{"expires_in"}, }, "jwt": { Type: schema.TypeString, Description: "The raw JWT.", Computed: true, Sensitive: true, }, "issued_at": { Type: schema.TypeString, Description: "Unix timestamp at which the token was issued.", Computed: true, ForceNew: true, }, "expires_at": { Type: schema.TypeString, Description: "If `expires_in` is set, Unix timestamp upon which the token will expire.", Computed: true, ForceNew: true, }, }, } } func resourceArgoCDAccountTokenCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } accountName, err := getAccount(ctx, si, d) if err != nil { return errorToDiagnostics("failed to get account", err) } opts := &account.CreateTokenRequest{ Name: accountName, } var expiresIn int64 _expiresIn, expiresInOk := d.GetOk("expires_in") if expiresInOk { ei := _expiresIn.(string) expiresInDuration, err := time.ParseDuration(ei) if err != nil { return errorToDiagnostics(fmt.Sprintf("token expiration duration (%s) for account %s could not be parsed", ei, accountName), err) } expiresIn = int64(expiresInDuration.Seconds()) opts.ExpiresIn = expiresIn } _renewBefore, renewBeforeOk := d.GetOk("renew_before") if renewBeforeOk { rb := _renewBefore.(string) renewBeforeDuration, err := time.ParseDuration(rb) if err != nil { return errorToDiagnostics(fmt.Sprintf("token renewal duration (%s) for account %s could not be parsed", rb, accountName), err) } renewBefore := int64(renewBeforeDuration.Seconds()) if renewBefore > expiresIn { return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("renew_before (%d) cannot be greater than expires_in (%d) for account token", renewBefore, expiresIn), }, } } } tokenMutexSecrets.Lock() resp, err := si.AccountClient.CreateToken(ctx, opts) tokenMutexSecrets.Unlock() if err != nil { return argoCDAPIError("create", "token for account", accountName, err) } token, err := jwt.ParseNoVerify([]byte(resp.GetToken())) if err != nil { return errorToDiagnostics(fmt.Sprintf("token for account %s is not a valid jwt", accountName), err) } var claims jwt.RegisteredClaims if err = json.Unmarshal(token.Claims(), &claims); err != nil { return errorToDiagnostics(fmt.Sprintf("token claims for account %s could not be parsed", accountName), err) } if expiresInOk { if claims.ExpiresAt == nil { return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("token claims expiration date for account %s is missing", accountName), }, } } else { err = d.Set("expires_at", convertInt64ToString(claims.ExpiresAt.Unix())) if err != nil { return errorToDiagnostics(fmt.Sprintf("token claims expiration date for account %s could not be persisted to state", accountName), err) } } } if err = d.Set("issued_at", convertInt64ToString(claims.IssuedAt.Unix())); err != nil { return errorToDiagnostics(fmt.Sprintf("token claims issue date for account %s could not be persisted to state", accountName), err) } if err := d.Set("jwt", token.String()); err != nil { return errorToDiagnostics(fmt.Sprintf("token for account %s could not be persisted to state", accountName), err) } d.SetId(claims.ID) return resourceArgoCDAccountTokenRead(ctx, d, meta) } func resourceArgoCDAccountTokenRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } accountName, err := getAccount(ctx, si, d) if err != nil { return errorToDiagnostics("failed to get account", err) } tokenMutexConfiguration.RLock() // Yes, this is a different mutex - accounts are stored in `argocd-cm` whereas tokens are stored in `argocd-secret` _, err = si.AccountClient.GetAccount(ctx, &account.GetAccountRequest{ Name: accountName, }) tokenMutexConfiguration.RUnlock() if err != nil { if strings.Contains(err.Error(), "NotFound") { // Delete token from state if account has been deleted in an out-of-band fashion d.SetId("") return nil } else { return argoCDAPIError("read", "account", accountName, err) } } return nil } func resourceArgoCDAccountTokenUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { accountName := d.Get("account").(string) var expiresIn int64 _expiresIn, expiresInOk := d.GetOk("expires_in") if expiresInOk { ei := _expiresIn.(string) expiresInDuration, err := time.ParseDuration(ei) if err != nil { return errorToDiagnostics(fmt.Sprintf("token expiration duration (%s) for account %s could not be parsed", ei, accountName), err) } expiresIn = int64(expiresInDuration.Seconds()) } _renewBefore, renewBeforeOk := d.GetOk("renew_before") if renewBeforeOk { rb := _renewBefore.(string) renewBeforeDuration, err := time.ParseDuration(rb) if err != nil { return errorToDiagnostics(fmt.Sprintf("token renewal duration (%s) for account %s could not be parsed", rb, accountName), err) } renewBefore := int64(renewBeforeDuration.Seconds()) if renewBefore > expiresIn { return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("renew_before (%d) cannot be greater than expires_in (%d) for account %s", renewBefore, expiresIn, accountName), }, } } } return resourceArgoCDAccountTokenRead(ctx, d, meta) } func resourceArgoCDAccountTokenDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } accountName, err := getAccount(ctx, si, d) if err != nil { return errorToDiagnostics("failed to get account", err) } tokenMutexSecrets.Lock() _, err = si.AccountClient.DeleteToken(ctx, &account.DeleteTokenRequest{ Name: accountName, Id: d.Id(), }) tokenMutexSecrets.Unlock() if err != nil && !strings.Contains(err.Error(), "NotFound") { return argoCDAPIError("delete", "token for account", accountName, err) } d.SetId("") return nil } func getAccount(ctx context.Context, si *ServerInterface, d *schema.ResourceData) (string, error) { accountName := d.Get("account").(string) if len(accountName) > 0 { return accountName, nil } userInfo, err := si.SessionClient.GetUserInfo(ctx, &session.GetUserInfoRequest{}) if err != nil { return "", fmt.Errorf("failed to get current account: %w", err) } return userInfo.Username, nil } ================================================ FILE: argocd/resource_argocd_account_token_test.go ================================================ package argocd import ( "fmt" "math/rand" "regexp" "testing" "time" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/stretchr/testify/assert" ) func TestAccArgoCDAccountToken_DefaultAccount(t *testing.T) { expIn1, err := time.ParseDuration(fmt.Sprintf("%ds", rand.Intn(100000))) assert.NoError(t, err) resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDAccountToken_DefaultAccount(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_account_token.this", "issued_at", ), testCheckTokenIssuedAt( "argocd_account_token.this", ), ), }, { Config: testAccArgoCDAccountToken_Expiry(int64(expIn1.Seconds())), Check: testCheckTokenExpiresAt( "argocd_account_token.this", int64(expIn1.Seconds()), ), }, }, }) } func TestAccArgoCDAccountToken_ExplicitAccount(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDAccountToken_ExplicitAccount(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_account_token.this", "issued_at", ), resource.TestCheckResourceAttr( "argocd_account_token.this", "account", "test", ), testCheckTokenIssuedAt( "argocd_account_token.this", ), ), }, }, }) } func TestAccArgoCDAccountToken_Multiple(t *testing.T) { count := 3 + rand.Intn(7) resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDAccountToken_Multiple(count), Check: resource.ComposeTestCheckFunc( testTokenIssuedAtSet( "argocd_account_token.multiple1a", count, ), testTokenIssuedAtSet( "argocd_account_token.multiple1b", count, ), testTokenIssuedAtSet( "argocd_account_token.multiple2a", count, ), testTokenIssuedAtSet( "argocd_account_token.multiple2b", count, ), ), }, }, }) } func TestAccArgoCDAccountToken_RenewBefore(t *testing.T) { resourceName := "argocd_account_token.renew_before" expiresInSeconds := 30 expiresIn := fmt.Sprintf("%ds", expiresInSeconds) expiresInDuration, _ := time.ParseDuration(expiresIn) renewBeforeSeconds := expiresInSeconds - 1 resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDAccountTokenRenewBeforeSuccess(expiresIn, "20s"), Check: resource.ComposeTestCheckFunc( testCheckTokenExpiresAt(resourceName, int64(expiresInDuration.Seconds())), resource.TestCheckResourceAttr(resourceName, "renew_before", "20s"), ), }, { Config: testAccArgoCDAccountTokenRenewBeforeSuccess(expiresIn, fmt.Sprintf("%ds", renewBeforeSeconds)), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "renew_before", fmt.Sprintf("%ds", renewBeforeSeconds)), testDelay(renewBeforeSeconds+1), ), ExpectNonEmptyPlan: true, // token should be recreated when refreshed at end of step due to delay above }, { Config: testAccArgoCDAccountTokenRenewBeforeFailure(expiresInDuration), ExpectError: regexp.MustCompile("renew_before .* cannot be greater than expires_in .*"), }, }, }) } func TestAccArgoCDAccountToken_RenewAfter(t *testing.T) { resourceName := "argocd_account_token.renew_after" renewAfterSeconds := 30 resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDAccountTokenRenewAfter(renewAfterSeconds), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "renew_after", fmt.Sprintf("%ds", renewAfterSeconds)), ), }, { Config: testAccArgoCDAccountTokenRenewAfter(renewAfterSeconds), Check: resource.ComposeTestCheckFunc( testDelay(renewAfterSeconds + 1), ), ExpectNonEmptyPlan: true, // token should be recreated when refreshed at end of step due to delay above }, { Config: testAccArgoCDAccountTokenRenewAfter(renewAfterSeconds), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "renew_after", fmt.Sprintf("%ds", renewAfterSeconds)), ), }, }, }) } func testAccArgoCDAccountToken_DefaultAccount() string { return ` resource "argocd_account_token" "this" {} ` } func testAccArgoCDAccountToken_Expiry(expiresIn int64) string { return fmt.Sprintf(` resource "argocd_account_token" "this" { expires_in = "%ds" } `, expiresIn) } func testAccArgoCDAccountToken_ExplicitAccount() string { return ` resource "argocd_account_token" "this" { account = "test" } ` } func testAccArgoCDAccountToken_Multiple(count int) string { return fmt.Sprintf(` resource "argocd_account_token" "multiple1a" { count = %d } resource "argocd_account_token" "multiple1b" { count = %d } resource "argocd_account_token" "multiple2a" { account = "test" count = %d } resource "argocd_account_token" "multiple2b" { account = "test" count = %d } `, count, count, count, count) } func testAccArgoCDAccountTokenRenewBeforeSuccess(expiresIn, renewBefore string) string { return fmt.Sprintf(` resource "argocd_account_token" "renew_before" { expires_in = "%s" renew_before = "%s" } `, expiresIn, renewBefore) } func testAccArgoCDAccountTokenRenewBeforeFailure(expiresInDuration time.Duration) string { expiresIn := int64(expiresInDuration.Seconds()) renewBefore := int64(expiresInDuration.Seconds() + 1.0) return fmt.Sprintf(` resource "argocd_account_token" "renew_before" { expires_in = "%ds" renew_before = "%ds" } `, expiresIn, renewBefore) } func testAccArgoCDAccountTokenRenewAfter(renewAfter int) string { return fmt.Sprintf(` resource "argocd_account_token" "renew_after" { account = "test" renew_after = "%ds" } `, renewAfter) } func testCheckTokenIssuedAt(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("not found: %s", resourceName) } if rs.Primary.ID == "" { return fmt.Errorf("token ID is not set") } _issuedAt, ok := rs.Primary.Attributes["issued_at"] if !ok { return fmt.Errorf("testCheckTokenIssuedAt: issued_at is not set") } _, err := convertStringToInt64(_issuedAt) if err != nil { return fmt.Errorf("testCheckTokenIssuedAt: string attribute 'issued_at' stored in state cannot be converted to int64: %s", err) } return nil } } func testCheckTokenExpiresAt(resourceName string, expiresIn int64) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("not found: %s", resourceName) } if rs.Primary.ID == "" { return fmt.Errorf("token ID is not set") } _expiresAt, ok := rs.Primary.Attributes["expires_at"] if !ok { return fmt.Errorf("expires_at is not set") } _issuedAt, ok := rs.Primary.Attributes["issued_at"] if !ok { return fmt.Errorf("testCheckTokenExpiresAt: issued_at is not set") } expiresAt, err := convertStringToInt64(_expiresAt) if err != nil { return fmt.Errorf("testCheckTokenExpiresAt: string attribute 'expires_at' stored in state cannot be converted to int64: %s", err) } issuedAt, err := convertStringToInt64(_issuedAt) if err != nil { return fmt.Errorf("testCheckTokenExpiresAt: string attribute 'issued_at' stored in state cannot be converted to int64: %s", err) } if issuedAt+expiresIn != expiresAt { return fmt.Errorf("testCheckTokenExpiresAt: issuedAt + expiresIn != expiresAt : %d + %d != %d", issuedAt, expiresIn, expiresAt) } return nil } } func testTokenIssuedAtSet(name string, count int) resource.TestCheckFunc { return func(s *terraform.State) error { key := "issued_at" for i := 0; i < count; i++ { ms := s.RootModule() _name := fmt.Sprintf("%s.%d", name, i) rs, ok := ms.Resources[_name] if !ok { return fmt.Errorf("not found: %s in %s", _name, ms.Path) } is := rs.Primary if is == nil { return fmt.Errorf("no primary instance: %s in %s", _name, ms.Path) } if val, ok := is.Attributes[key]; !ok || val == "" { return fmt.Errorf("%s: Attribute '%s' expected to be set", _name, key) } } return nil } } func testDelay(seconds int) resource.TestCheckFunc { return func(s *terraform.State) error { time.Sleep(time.Duration(seconds) * time.Second) return nil } } ================================================ FILE: argocd/resource_argocd_application.go ================================================ package argocd import ( "context" "fmt" "strings" "time" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" applicationClient "github.com/argoproj/argo-cd/v3/pkg/apiclient/application" application "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/argoproj/gitops-engine/pkg/health" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func resourceArgoCDApplication() *schema.Resource { return &schema.Resource{ Description: "Manages [applications](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#applications) within ArgoCD.", CreateContext: resourceArgoCDApplicationCreate, ReadContext: resourceArgoCDApplicationRead, UpdateContext: resourceArgoCDApplicationUpdate, DeleteContext: resourceArgoCDApplicationDelete, Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, Schema: map[string]*schema.Schema{ "metadata": metadataSchema("applications.argoproj.io"), "spec": applicationSpecSchemaV4(false, false), "wait": { Type: schema.TypeBool, Description: "Upon application creation or update, wait for application health/sync status to be healthy/Synced, upon application deletion, wait for application to be removed, when set to true. Wait timeouts are controlled by Terraform Create, Update and Delete resource timeouts (all default to 5 minutes). **Note**: if ArgoCD decides not to sync an application (e.g. because the project to which the application belongs has a `sync_window` applied) then you will experience an expected timeout event if `wait = true`.", Optional: true, Default: false, }, "sync": { Type: schema.TypeBool, Description: "Trigger sync immediately after create/update. Helps in case when a Sync window is defined. It is required that the sync window is defined with `manual_sync = true`.", Optional: true, }, "cascade": { Type: schema.TypeBool, Description: "Whether to applying cascading deletion when application is removed.", Optional: true, Default: true, }, "validate": { Type: schema.TypeBool, Description: "Whether to validate the application spec before creating or updating the application.", Optional: true, Default: true, }, "status": applicationStatusSchema(), }, SchemaVersion: 4, StateUpgraders: []schema.StateUpgrader{ { Type: resourceArgoCDApplicationV0().CoreConfigSchema().ImpliedType(), Upgrade: resourceArgoCDApplicationStateUpgradeV0, Version: 0, }, { Type: resourceArgoCDApplicationV1().CoreConfigSchema().ImpliedType(), Upgrade: resourceArgoCDApplicationStateUpgradeV1, Version: 1, }, { Type: resourceArgoCDApplicationV2().CoreConfigSchema().ImpliedType(), Upgrade: resourceArgoCDApplicationStateUpgradeV2, Version: 2, }, { Type: resourceArgoCDApplicationV3().CoreConfigSchema().ImpliedType(), Upgrade: resourceArgoCDApplicationStateUpgradeV3, Version: 3, }, }, Timeouts: &schema.ResourceTimeout{ Create: schema.DefaultTimeout(5 * time.Minute), Update: schema.DefaultTimeout(5 * time.Minute), Delete: schema.DefaultTimeout(5 * time.Minute), }, } } func resourceArgoCDApplicationCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } objectMeta, spec, err := expandApplication(d, si.IsFeatureSupported(features.ApplicationSourceName)) if err != nil { return errorToDiagnostics("failed to expand application", err) } apps, err := si.ApplicationClient.List(ctx, &applicationClient.ApplicationQuery{ Name: &objectMeta.Name, AppNamespace: &objectMeta.Namespace, }) if err != nil && !strings.Contains(err.Error(), "NotFound") { return errorToDiagnostics(fmt.Sprintf("failed to list existing applications when creating application %s", objectMeta.Name), err) } if apps != nil { l := len(apps.Items) switch { case l < 1: break case l == 1: switch apps.Items[0].DeletionTimestamp { case nil: default: // Pre-existing app is still in Kubernetes soft deletion queue time.Sleep(time.Duration(*apps.Items[0].DeletionGracePeriodSeconds)) } case l > 1: return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("found multiple applications matching name '%s' and namespace '%s'", objectMeta.Name, objectMeta.Namespace), }, } } } l := len(spec.Sources) switch { case l == 1: spec.Source = &spec.Sources[0] spec.Sources = nil case l > 1 && !si.IsFeatureSupported(features.MultipleApplicationSources): return featureNotSupported(features.MultipleApplicationSources) } if spec.SyncPolicy != nil && spec.SyncPolicy.ManagedNamespaceMetadata != nil && !si.IsFeatureSupported(features.ManagedNamespaceMetadata) { return featureNotSupported(features.ManagedNamespaceMetadata) } validate := d.Get("validate").(bool) app, err := si.ApplicationClient.Create(ctx, &applicationClient.ApplicationCreateRequest{ Application: &application.Application{ ObjectMeta: objectMeta, Spec: spec, TypeMeta: metav1.TypeMeta{ Kind: "Application", APIVersion: "argoproj.io/v1alpha1", }, }, Validate: &validate, }) if err != nil { return argoCDAPIError("create", "application", objectMeta.Name, err) } else if app == nil { return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("application %s could not be created: unknown reason", objectMeta.Name), }, } } d.SetId(fmt.Sprintf("%s:%s", app.Name, objectMeta.Namespace)) if sync, ok := d.GetOk("sync"); ok && sync.(bool) { prune := false if spec.SyncPolicy.Automated != nil && spec.SyncPolicy.Automated.Prune { prune = true } _, err := si.ApplicationClient.Sync(ctx, &applicationClient.ApplicationSyncRequest{ Name: &app.Name, AppNamespace: &app.Namespace, Prune: &prune, }) if err != nil { return errorToDiagnostics(fmt.Sprintf("error while triggering sync of application %s", app.Name), err) } } if wait, ok := d.GetOk("wait"); ok && wait.(bool) { if err = retry.RetryContext(ctx, d.Timeout(schema.TimeoutCreate), func() *retry.RetryError { var list *application.ApplicationList if list, err = si.ApplicationClient.List(ctx, &applicationClient.ApplicationQuery{ Name: &app.Name, AppNamespace: &app.Namespace, }); err != nil { return retry.NonRetryableError(fmt.Errorf("error while waiting for application %s to be synced and healthy: %s", app.Name, err)) } if len(list.Items) != 1 { return retry.NonRetryableError(fmt.Errorf("found unexpected number of applications matching name '%s' and namespace '%s'. Items: %d", app.Name, app.Namespace, len(list.Items))) } if list.Items[0].Status.Health.Status != health.HealthStatusHealthy { return retry.RetryableError(fmt.Errorf("expected application health status to be healthy but was %s", list.Items[0].Status.Health.Status)) } if list.Items[0].Status.Sync.Status != application.SyncStatusCodeSynced { return retry.RetryableError(fmt.Errorf("expected application sync status to be synced but was %s", list.Items[0].Status.Sync.Status)) } return nil }); err != nil { return errorToDiagnostics(fmt.Sprintf("error while waiting for application %s to be created", objectMeta.Name), err) } } return resourceArgoCDApplicationRead(ctx, d, meta) } func resourceArgoCDApplicationRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } ids := strings.Split(d.Id(), ":") appName := ids[0] namespace := ids[1] apps, err := si.ApplicationClient.List(ctx, &applicationClient.ApplicationQuery{ Name: &appName, AppNamespace: &namespace, }) if err != nil { if strings.Contains(err.Error(), "NotFound") { d.SetId("") return diag.Diagnostics{} } return argoCDAPIError("read", "application", appName, err) } l := len(apps.Items) switch { case l < 1: d.SetId("") return diag.Diagnostics{} case l == 1: break case l > 1: return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("found multiple applications matching name '%s' and namespace '%s'", appName, namespace), }, } } err = flattenApplication(&apps.Items[0], d) if err != nil { return errorToDiagnostics(fmt.Sprintf("failed to flatten application %s", appName), err) } return nil } func resourceArgoCDApplicationUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { if ok := d.HasChanges("metadata", "spec"); !ok { return resourceArgoCDApplicationRead(ctx, d, meta) } si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } ids := strings.Split(d.Id(), ":") appQuery := &applicationClient.ApplicationQuery{ Name: &ids[0], AppNamespace: &ids[1], } objectMeta, spec, err := expandApplication(d, si.IsFeatureSupported(features.ApplicationSourceName)) if err != nil { return errorToDiagnostics(fmt.Sprintf("failed to expand application %s", *appQuery.Name), err) } l := len(spec.Sources) switch { case l == 1: spec.Source = &spec.Sources[0] spec.Sources = nil case l > 1 && !si.IsFeatureSupported(features.MultipleApplicationSources): return featureNotSupported(features.MultipleApplicationSources) } if spec.SyncPolicy != nil && spec.SyncPolicy.ManagedNamespaceMetadata != nil && !si.IsFeatureSupported(features.ManagedNamespaceMetadata) { return featureNotSupported(features.ManagedNamespaceMetadata) } apps, err := si.ApplicationClient.List(ctx, appQuery) if err != nil { return []diag.Diagnostic{ { Severity: diag.Error, Summary: "failed to get application", Detail: err.Error(), }, } } // Kubernetes API requires providing the up-to-date correct ResourceVersion for updates // FIXME ResourceVersion not available anymore // if app != nil { // appRequest.ResourceVersion = app.ResourceVersion // } if len(apps.Items) > 1 { return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("found multiple applications matching name '%s' and namespace '%s'", *appQuery.Name, *appQuery.AppNamespace), Detail: err.Error(), }, } } validate := d.Get("validate").(bool) if _, err = si.ApplicationClient.Update(ctx, &applicationClient.ApplicationUpdateRequest{ Application: &application.Application{ ObjectMeta: objectMeta, Spec: spec, TypeMeta: metav1.TypeMeta{ Kind: "Application", APIVersion: "argoproj.io/v1alpha1", }, }, Validate: &validate, }); err != nil { return argoCDAPIError("update", "application", objectMeta.Name, err) } if sync, ok := d.GetOk("sync"); ok && sync.(bool) { prune := false if spec.SyncPolicy.Automated != nil && spec.SyncPolicy.Automated.Prune { prune = true } _, err = si.ApplicationClient.Sync(ctx, &applicationClient.ApplicationSyncRequest{ Name: &objectMeta.Name, AppNamespace: &objectMeta.Namespace, Prune: &prune, }) if err != nil { return errorToDiagnostics(fmt.Sprintf("error while triggering sync of application %s", *appQuery.Name), err) } } if wait, _ok := d.GetOk("wait"); _ok && wait.(bool) { if err = retry.RetryContext(ctx, d.Timeout(schema.TimeoutUpdate), func() *retry.RetryError { var list *application.ApplicationList if list, err = si.ApplicationClient.List(ctx, appQuery); err != nil { return retry.NonRetryableError(fmt.Errorf("error while waiting for application %s to be synced and healthy: %s", list.Items[0].Name, err)) } if len(list.Items) != 1 { return retry.NonRetryableError(fmt.Errorf("found unexpected number of applications matching name '%s' and namespace '%s'. Items: %d", *appQuery.Name, *appQuery.AppNamespace, len(list.Items))) } if list.Items[0].Status.ReconciledAt.Equal(apps.Items[0].Status.ReconciledAt) { return retry.RetryableError(fmt.Errorf("reconciliation has not begun")) } if list.Items[0].Status.Health.Status != health.HealthStatusHealthy { return retry.RetryableError(fmt.Errorf("expected application health status to be healthy but was %s", list.Items[0].Status.Health.Status)) } if list.Items[0].Status.Sync.Status != application.SyncStatusCodeSynced { return retry.RetryableError(fmt.Errorf("expected application sync status to be synced but was %s", list.Items[0].Status.Sync.Status)) } return nil }); err != nil { return errorToDiagnostics(fmt.Sprintf("error while waiting for application %s to be updated", *appQuery.Name), err) } } return resourceArgoCDApplicationRead(ctx, d, meta) } func resourceArgoCDApplicationDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } ids := strings.Split(d.Id(), ":") appName := ids[0] namespace := ids[1] cascade := d.Get("cascade").(bool) if _, err := si.ApplicationClient.Delete(ctx, &applicationClient.ApplicationDeleteRequest{ Name: &appName, Cascade: &cascade, AppNamespace: &namespace, }); err != nil && !strings.Contains(err.Error(), "NotFound") { return argoCDAPIError("delete", "application", appName, err) } if wait, ok := d.GetOk("wait"); ok && wait.(bool) { if err := retry.RetryContext(ctx, d.Timeout(schema.TimeoutDelete), func() *retry.RetryError { apps, err := si.ApplicationClient.List(ctx, &applicationClient.ApplicationQuery{ Name: &appName, AppNamespace: &namespace, }) switch err { case nil: if apps != nil && len(apps.Items) > 0 { return retry.RetryableError(fmt.Errorf("application %s is still present", appName)) } default: if !strings.Contains(err.Error(), "NotFound") { return retry.NonRetryableError(err) } } d.SetId("") return nil }); err != nil { return errorToDiagnostics(fmt.Sprintf("error while waiting for application %s to be deleted", appName), err) } } d.SetId("") return nil } ================================================ FILE: argocd/resource_argocd_application_set.go ================================================ package argocd import ( "context" "fmt" "strings" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/argoproj/argo-cd/v3/pkg/apiclient/applicationset" application "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func resourceArgoCDApplicationSet() *schema.Resource { return &schema.Resource{ Description: "Manages [application sets](https://argo-cd.readthedocs.io/en/stable/user-guide/application-set/) within ArgoCD.", CreateContext: resourceArgoCDApplicationSetCreate, ReadContext: resourceArgoCDApplicationSetRead, UpdateContext: resourceArgoCDApplicationSetUpdate, DeleteContext: resourceArgoCDApplicationSetDelete, Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, Schema: map[string]*schema.Schema{ "metadata": metadataSchema("applicationsets.argoproj.io"), "spec": applicationSetSpecSchemaV1(), }, SchemaVersion: 1, StateUpgraders: []schema.StateUpgrader{ { Type: resourceArgoCDApplicationV1().CoreConfigSchema().ImpliedType(), Upgrade: resourceArgoCDApplicationSetStateUpgradeV0, Version: 0, }, }, } } func resourceArgoCDApplicationSetCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } if !si.IsFeatureSupported(features.ApplicationSet) { return featureNotSupported(features.ApplicationSet) } objectMeta, spec, err := expandApplicationSet( d, si.IsFeatureSupported(features.MultipleApplicationSources), si.IsFeatureSupported(features.ApplicationSetIgnoreApplicationDifferences), si.IsFeatureSupported(features.ApplicationSetTemplatePatch), si.IsFeatureSupported(features.ApplicationSourceName), ) if err != nil { return errorToDiagnostics("failed to expand application set", err) } if !si.IsFeatureSupported(features.ApplicationSetProgressiveSync) && spec.Strategy != nil { return featureNotSupported(features.ApplicationSetProgressiveSync) } if !si.IsFeatureSupported(features.ApplicationSetIgnoreApplicationDifferences) && spec.IgnoreApplicationDifferences != nil { return featureNotSupported(features.ApplicationSetIgnoreApplicationDifferences) } if !si.IsFeatureSupported(features.ApplicationSetApplicationsSyncPolicy) && spec.SyncPolicy != nil && spec.SyncPolicy.ApplicationsSync != nil { return featureNotSupported(features.ApplicationSetApplicationsSyncPolicy) } if !si.IsFeatureSupported(features.ApplicationSetTemplatePatch) && spec.TemplatePatch != nil { return featureNotSupported(features.ApplicationSetTemplatePatch) } as, err := si.ApplicationSetClient.Create(ctx, &applicationset.ApplicationSetCreateRequest{ Applicationset: &application.ApplicationSet{ ObjectMeta: objectMeta, Spec: spec, TypeMeta: metav1.TypeMeta{ Kind: "ApplicationSet", APIVersion: "argoproj.io/v1alpha1", }, }, }) if err != nil { return argoCDAPIError("create", "application set", objectMeta.Name, err) } else if as == nil { return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("application set %s not created: unknown reason", objectMeta.Name), }, } } d.SetId(fmt.Sprintf("%s:%s", as.Name, objectMeta.Namespace)) return resourceArgoCDApplicationSetRead(ctx, d, meta) } func resourceArgoCDApplicationSetRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } ids := strings.Split(d.Id(), ":") appSetName := ids[0] namespace := ids[1] appSet, err := si.ApplicationSetClient.Get(ctx, &applicationset.ApplicationSetGetQuery{ Name: appSetName, AppsetNamespace: namespace, }) if err != nil { if strings.Contains(err.Error(), "NotFound") { d.SetId("") return diag.Diagnostics{} } return argoCDAPIError("read", "application set", appSetName, err) } err = flattenApplicationSet(appSet, d) if err != nil { return errorToDiagnostics(fmt.Sprintf("failed to flatten application set %s", appSetName), err) } return nil } func resourceArgoCDApplicationSetUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } if !si.IsFeatureSupported(features.ApplicationSet) { return featureNotSupported(features.ApplicationSet) } if !d.HasChanges("metadata", "spec") { return nil } objectMeta, spec, err := expandApplicationSet( d, si.IsFeatureSupported(features.MultipleApplicationSources), si.IsFeatureSupported(features.ApplicationSetIgnoreApplicationDifferences), si.IsFeatureSupported(features.ApplicationSetTemplatePatch), si.IsFeatureSupported(features.ApplicationSourceName), ) if err != nil { return errorToDiagnostics(fmt.Sprintf("failed to expand application set %s", d.Id()), err) } if !si.IsFeatureSupported(features.ApplicationSetProgressiveSync) && spec.Strategy != nil { return featureNotSupported(features.ApplicationSetProgressiveSync) } if !si.IsFeatureSupported(features.ApplicationSetIgnoreApplicationDifferences) && spec.IgnoreApplicationDifferences != nil { return featureNotSupported(features.ApplicationSetIgnoreApplicationDifferences) } if !si.IsFeatureSupported(features.ApplicationSetApplicationsSyncPolicy) && spec.SyncPolicy != nil && spec.SyncPolicy.ApplicationsSync != nil { return featureNotSupported(features.ApplicationSetApplicationsSyncPolicy) } _, err = si.ApplicationSetClient.Create(ctx, &applicationset.ApplicationSetCreateRequest{ Applicationset: &application.ApplicationSet{ ObjectMeta: objectMeta, Spec: spec, TypeMeta: metav1.TypeMeta{ Kind: "ApplicationSet", APIVersion: "argoproj.io/v1alpha1", }, }, Upsert: true, }) if err != nil { return argoCDAPIError("update", "application set", objectMeta.Name, err) } return resourceArgoCDApplicationSetRead(ctx, d, meta) } func resourceArgoCDApplicationSetDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } ids := strings.Split(d.Id(), ":") appSetName := ids[0] namespace := ids[1] if _, err := si.ApplicationSetClient.Delete(ctx, &applicationset.ApplicationSetDeleteRequest{ Name: appSetName, AppsetNamespace: namespace, }); err != nil && !strings.Contains(err.Error(), "NotFound") { return argoCDAPIError("delete", "application set", appSetName, err) } d.SetId("") return nil } ================================================ FILE: argocd/resource_argocd_application_set_test.go ================================================ package argocd import ( "fmt" "reflect" "regexp" "testing" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) func TestAccArgoCDApplicationSet_clusters(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_clusters(), Check: resource.TestCheckResourceAttrSet( "argocd_application_set.clusters", "metadata.0.uid", ), }, { ResourceName: "argocd_application_set.clusters", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_clustersSelector(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_clustersSelector(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.clusters_selector", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.clusters_selector", "spec.0.generator.0.clusters.0.selector.0.match_labels.%", ), ), }, { ResourceName: "argocd_application_set.clusters_selector", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_clusterDecisionResource(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_clusterDecisionResource(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.cluster_decision_resource", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.cluster_decision_resource", "spec.0.generator.0.cluster_decision_resource.0.config_map_ref", ), resource.TestCheckResourceAttrSet( "argocd_application_set.cluster_decision_resource", "spec.0.generator.0.cluster_decision_resource.0.name", ), resource.TestCheckResourceAttrSet( "argocd_application_set.cluster_decision_resource", "spec.0.generator.0.cluster_decision_resource.0.label_selector.0.match_labels.%", ), ), }, { ResourceName: "argocd_application_set.cluster_decision_resource", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_gitDirectories(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderGitDirectories(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.git_directories", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.git_directories", "spec.0.generator.0.git.0.directory.0.path", ), resource.TestCheckResourceAttrSet( "argocd_application_set.git_directories", "spec.0.generator.0.git.0.directory.1.path", ), resource.TestCheckResourceAttrSet( "argocd_application_set.git_directories", "spec.0.generator.0.git.0.directory.1.exclude", ), ), }, { ResourceName: "argocd_application_set.git_directories", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_gitFiles(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderGitFiles(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.git_files", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.git_files", "spec.0.generator.0.git.0.file.0.path", ), resource.TestCheckResourceAttr( "argocd_application_set.git_files", "spec.0.generator.0.git.0.values.foo", "bar", ), ), }, { ResourceName: "argocd_application_set.git_files", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_plugin(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_plugin(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.plugin", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.plugin", "spec.0.generator.0.plugin.0.requeue_after_seconds", ), resource.TestCheckResourceAttrSet( "argocd_application_set.plugin", "spec.0.generator.0.plugin.0.config_map_ref", ), resource.TestCheckResourceAttrSet( "argocd_application_set.plugin", "spec.0.generator.0.plugin.0.input.0.parameters.key1", ), ), }, { ResourceName: "argocd_application_set.plugin", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_list(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_list(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.list", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.list", "spec.0.generator.0.list.0.elements.0.cluster", ), resource.TestCheckResourceAttrSet( "argocd_application_set.list", "spec.0.generator.0.list.0.elements.0.url", ), ), }, { ResourceName: "argocd_application_set.list", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_listElementsYaml(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_listElementsYaml(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.list_elements_yaml", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.list_elements_yaml", "spec.0.generator.0.list.0.elements_yaml", "- cluster: engineering-dev\n url: https://kubernetes.default.svc\n environment: development\n- cluster: engineering-prod\n url: https://kubernetes.default.svc\n environment: production\n foo: bar\n", ), ), }, { ResourceName: "argocd_application_set.list_elements_yaml", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_matrix(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_matrix(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.matrix", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix", "spec.0.generator.0.matrix.0.generator.0.git.0.directory.0.path", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix", "spec.0.generator.0.matrix.0.generator.1.clusters.0.selector.0.match_labels.%", ), ), }, { ResourceName: "argocd_application_set.matrix", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_matrixPluginGenerator(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_matrixPluginGenerator(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.matrix-plugin_generator", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix-plugin_generator", "spec.0.generator.0.matrix.0.generator.1.clusters.0.selector.0.match_labels.%", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix-plugin_generator", "spec.0.generator.0.matrix.0.generator.0.plugin.0.requeue_after_seconds", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix-plugin_generator", "spec.0.generator.0.matrix.0.generator.0.plugin.0.config_map_ref", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix-plugin_generator", "spec.0.generator.0.matrix.0.generator.0.plugin.0.input.0.parameters.key1", ), ), }, { ResourceName: "argocd_application_set.matrix-plugin_generator", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_matrixGitPathParamPrefix(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_matrixGitPathParamPrefix(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.matrix_git_path_param_prefix", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.matrix_git_path_param_prefix", "spec.0.generator.0.matrix.0.generator.0.git.0.path_param_prefix", "foo", ), resource.TestCheckResourceAttr( "argocd_application_set.matrix_git_path_param_prefix", "spec.0.generator.0.matrix.0.generator.1.git.0.path_param_prefix", "bar", ), ), }, { ResourceName: "argocd_application_set.matrix_git_path_param_prefix", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_matrixNested(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_matrixNested(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.matrix_nested", "metadata.0.uid", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix_nested", "spec.0.generator.0.matrix.0.generator.0.clusters.0.selector.0.match_labels.%", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix_nested", "spec.0.generator.0.matrix.0.generator.1.matrix.0.generator.0.git.0.repo_url", ), resource.TestCheckResourceAttrSet( "argocd_application_set.matrix_nested", "spec.0.generator.0.matrix.0.generator.1.matrix.0.generator.1.list.0.elements.0.cluster", ), ), }, { ResourceName: "argocd_application_set.matrix_nested", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_matrixInvalid(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_matrixInsufficientGenerators(), ExpectError: regexp.MustCompile("Error: Insufficient generator blocks"), }, { Config: testAccArgoCDApplicationSet_matrixTooManyGenerators(), ExpectError: regexp.MustCompile("Error: Too many generator blocks"), }, { Config: testAccArgoCDApplicationSet_matrixNestedInsufficientGenerators(), ExpectError: regexp.MustCompile("Error: Insufficient generator blocks"), }, { Config: testAccArgoCDApplicationSet_matrixOnly1LevelOfNesting(), ExpectError: regexp.MustCompile("Blocks of type \"matrix\" are not expected here."), }, }, }) } func TestAccArgoCDApplicationSet_merge(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_merge(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.merge", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.merge", "spec.0.generator.0.merge.0.merge_keys.0", "server", ), resource.TestCheckResourceAttrSet( "argocd_application_set.merge", "spec.0.generator.0.merge.0.generator.0.clusters.0.values.%", ), resource.TestCheckResourceAttrSet( "argocd_application_set.merge", "spec.0.generator.0.merge.0.generator.1.clusters.0.selector.0.match_labels.%", ), resource.TestCheckResourceAttrSet( "argocd_application_set.merge", "spec.0.generator.0.merge.0.generator.2.list.0.elements.0.server", ), ), }, { ResourceName: "argocd_application_set.merge", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string", "spec.0.template.0.spec.0.source.0.helm.0.parameter.1.force_string"}, }, }, }) } func TestAccArgoCDApplicationSet_mergeNested(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_mergeNested(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.merge_nested", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.merge_nested", "spec.0.generator.0.merge.0.merge_keys.0", "server", ), resource.TestCheckResourceAttrSet( "argocd_application_set.merge_nested", "spec.0.generator.0.merge.0.generator.0.list.0.elements.0.server", ), resource.TestCheckResourceAttr( "argocd_application_set.merge_nested", "spec.0.generator.0.merge.0.generator.1.merge.0.merge_keys.0", "server", ), resource.TestCheckResourceAttrSet( "argocd_application_set.merge_nested", "spec.0.generator.0.merge.0.generator.1.merge.0.generator.1.clusters.0.values.%", ), resource.TestCheckResourceAttrSet( "argocd_application_set.merge_nested", "spec.0.generator.0.merge.0.generator.1.merge.0.generator.1.clusters.0.selector.0.match_labels.%", ), ), }, { ResourceName: "argocd_application_set.merge_nested", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string", "spec.0.template.0.spec.0.source.0.helm.0.parameter.1.force_string"}, }, }, }) } func TestAccArgoCDApplicationSet_scmProviderAzureDevOps(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderAzureDevOps(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.scm_ado", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_ado", "spec.0.generator.0.scm_provider.0.azure_devops.0.organization", "myorg", ), ), }, { ResourceName: "argocd_application_set.scm_ado", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_scmProviderBitbucketCloud(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderBitbucketCloud(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.scm_bitbucket_cloud", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_bitbucket_cloud", "spec.0.generator.0.scm_provider.0.bitbucket_cloud.0.owner", "example-owner", ), ), }, { ResourceName: "argocd_application_set.scm_bitbucket_cloud", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_scmProviderBitbucketServer(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderBitbucketServer(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.scm_bitbucket_server", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_bitbucket_server", "spec.0.generator.0.scm_provider.0.bitbucket_server.0.project", "myproject", ), ), }, { ResourceName: "argocd_application_set.scm_bitbucket_server", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_scmProviderGitea(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderGitea(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.scm_gitea", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_gitea", "spec.0.generator.0.scm_provider.0.gitea.0.owner", "myorg", ), ), }, { ResourceName: "argocd_application_set.scm_gitea", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_scmProviderGithub(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderGithub(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.scm_github", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_github", "spec.0.generator.0.scm_provider.0.github.0.organization", "myorg", ), ), }, { ResourceName: "argocd_application_set.scm_github", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_scmProviderGitlab(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderGitlab(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.scm_gitlab", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_gitlab", "spec.0.generator.0.scm_provider.0.gitlab.0.group", "8675309", ), ), }, { ResourceName: "argocd_application_set.scm_gitlab", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_scmProviderWithFilters(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_scmProviderWithFilters(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.scm_filters", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_filters", "spec.0.generator.0.scm_provider.0.filter.0.repository_match", "^myapp", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_filters", "spec.0.generator.0.scm_provider.0.filter.0.paths_exist.0", "kubernetes/kustomization.yaml", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_filters", "spec.0.generator.0.scm_provider.0.filter.1.repository_match", "^otherapp", ), resource.TestCheckResourceAttr( "argocd_application_set.scm_filters", "spec.0.generator.0.scm_provider.0.filter.1.paths_do_not_exist.0", "disabledrepo.txt", ), ), }, { ResourceName: "argocd_application_set.scm_filters", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_pullRequestBitbucketServer(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_pullRequestBitbucketServer(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.pr_bitbucket_server", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_bitbucket_server", "spec.0.generator.0.pull_request.0.bitbucket_server.0.project", "myproject", ), ), }, { ResourceName: "argocd_application_set.pr_bitbucket_server", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string"}, }, }, }) } func TestAccArgoCDApplicationSet_pullRequestGitea(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_pullRequestGitea(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.pr_gitea", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_gitea", "spec.0.generator.0.pull_request.0.gitea.0.owner", "myorg", ), ), }, { ResourceName: "argocd_application_set.pr_gitea", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string"}, }, }, }) } func TestAccArgoCDApplicationSet_pullRequestGithub(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_pullRequestGithub(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.pr_github", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_github", "spec.0.generator.0.pull_request.0.github.0.owner", "myorg", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_github", "spec.0.generator.0.pull_request.0.github.0.labels.0", "preview", ), ), }, { ResourceName: "argocd_application_set.pr_github", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string"}, }, }, }) } func TestAccArgoCDApplicationSet_pullRequestGitlab(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_pullRequestGitlab(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.pr_gitlab", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_gitlab", "spec.0.generator.0.pull_request.0.gitlab.0.project", "myproject", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_gitlab", "spec.0.generator.0.pull_request.0.gitlab.0.labels.0", "preview", ), ), }, { ResourceName: "argocd_application_set.pr_gitlab", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string"}, }, }, }) } func TestAccArgoCDApplicationSet_pullRequestGitlabInsecureAndCARef(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_pullRequestGitlabInsecureAndCARef(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.pr_gitlab_insecure", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_gitlab_insecure", "spec.0.generator.0.pull_request.0.gitlab.0.project", "myproject", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_gitlab_insecure", "spec.0.generator.0.pull_request.0.gitlab.0.insecure", "true", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_gitlab_insecure", "spec.0.generator.0.pull_request.0.gitlab.0.ca_ref.0.key", "ca.crt", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_gitlab_insecure", "spec.0.generator.0.pull_request.0.gitlab.0.ca_ref.0.config_map_name", "gitlab-ca-cert", ), ), }, { ResourceName: "argocd_application_set.pr_gitlab_insecure", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string"}, }, }, }) } func TestAccArgoCDApplicationSet_pullRequestAzureDevOps(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_pullRequestAzureDevOps(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.pr_azure_devops", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.pr_azure_devops", "spec.0.generator.0.pull_request.0.azure_devops.0.organization", "myorg", ), ), }, { ResourceName: "argocd_application_set.pr_azure_devops", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string"}, }, }, }) } func TestAccArgoCDApplicationSet_mergeInvalid(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_mergeInsufficientGenerators(), ExpectError: regexp.MustCompile("Error: Insufficient generator blocks"), }, { Config: testAccArgoCDApplicationSet_mergeNestedInsufficientGenerators(), ExpectError: regexp.MustCompile("Error: Insufficient generator blocks"), }, { Config: testAccArgoCDApplicationSet_mergeOnly1LevelOfNesting(), ExpectError: regexp.MustCompile("Blocks of type \"merge\" are not expected here."), }, }, }) } func TestAccArgoCDApplicationSet_generatorTemplate(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_generatorTemplate(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.generator_template", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.generator_template", "spec.0.generator.0.list.0.elements.0.cluster", "engineering-dev", ), resource.TestCheckResourceAttr( "argocd_application_set.generator_template", "spec.0.generator.0.list.0.template.0.spec.0.project", "default", ), ), }, { ResourceName: "argocd_application_set.generator_template", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_goTemplate(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_goTemplate(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.go_template", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.go_template", "spec.0.go_template", "true", ), resource.TestCheckResourceAttr( "argocd_application_set.go_template", "spec.0.go_template_options.0", "missingkey=error", ), ), }, { ResourceName: "argocd_application_set.go_template", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_syncPolicy(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_syncPolicy(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.sync_policy", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.sync_policy", "spec.0.sync_policy.0.preserve_resources_on_deletion", "true", ), ), }, { ResourceName: "argocd_application_set.sync_policy", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_syncPolicyWithApplicationsSyncPolicy(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) testAccPreCheckFeatureSupported(t, features.ApplicationSetApplicationsSyncPolicy) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_syncPolicyWithApplicationsSync(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.applications_sync_policy", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.applications_sync_policy", "spec.0.sync_policy.0.preserve_resources_on_deletion", "true", ), resource.TestCheckResourceAttr( "argocd_application_set.applications_sync_policy", "spec.0.sync_policy.0.applications_sync", "create-update", ), ), }, { ResourceName: "argocd_application_set.applications_sync_policy", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_progressiveSync(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSetProgressiveSync) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_progressiveSync(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.progressive_sync", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.progressive_sync", "spec.0.strategy.0.type", "RollingSync", ), ), }, { ResourceName: "argocd_application_set.progressive_sync", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_templatePatch(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSetTemplatePatch) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSet_templatePatch(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.template_patch", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_application_set.template_patch", "spec.0.template_patch", " spec:\n source:\n helm:\n valueFiles:\n {{- range $valueFile := .valueFiles }}\n - {{ $valueFile }}\n {{- end }}\n {{- if .autoSync }}\n syncPolicy:\n automated:\n prune: {{ .prune }}\n {{- end }}\n", ), ), }, { ResourceName: "argocd_application_set.template_patch", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"metadata.0.resource_version"}, }, }, }) } func TestAccArgoCDApplicationSet_CustomNamespace(t *testing.T) { name := acctest.RandomWithPrefix("appset-ns") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ApplicationSet) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDApplicationSetCustomNamespace(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application_set.custom_namespace", "metadata.0.uid", ), ), }, { ResourceName: "argocd_application_set.custom_namespace", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"wait", "cascade", "status", "validate", "metadata.0.resource_version", "spec.0.template.0.spec.0.source.0.helm.0.parameter.0.force_string", "spec.0.template.0.spec.0.source.0.helm.0.parameter.1.force_string"}, }, }, }) } func TestUpgradeSchemaApplicationSet_V0V1_Default_NoChange(t *testing.T) { t.Parallel() v0 := map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "generator": []interface{}{ map[string]interface{}{ "clusters": []interface{}{map[string]interface{}{}}, }, }, "template": []interface{}{ map[string]interface{}{ "metadata": []interface{}{map[string]interface{}{ "name": "{{ name }}-clusters", }}, "spec": []interface{}{map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://github.com/argoproj/argocd-example-apps", "target_revision": "HEAD", "path": "guestbook", }}, "destination": []interface{}{map[string]interface{}{ "server": "{{ server }}", "namespace": "default", }}, }}, }, }, }, }, } actual, _ := resourceArgoCDApplicationStateUpgradeV0(t.Context(), v0, nil) if !reflect.DeepEqual(v0, actual) { t.Fatalf("\n\nexpected:\n\n%#v\n\ngot:\n\n%#v\n\n", v0, actual) } } func testAccArgoCDApplicationSet_clusters() string { return ` resource "argocd_application_set" "clusters" { metadata { name = "clusters" } spec { generator { clusters {} # Automatically use all clusters defined within Argo CD } template { metadata { name = "{{name}}-clusters" } spec { source { repo_url = "https://github.com/argoproj/argo-cd/" target_revision = "HEAD" path = "test/e2e/testdata/guestbook" } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_clustersSelector() string { return ` resource "argocd_application_set" "clusters_selector" { metadata { name = "clusters-selector" } spec { generator { clusters { selector { match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } template { metadata { name = "{{name}}-clusters-selector" } spec { source { repo_url = "https://github.com/argoproj/argo-cd/" target_revision = "HEAD" path = "test/e2e/testdata/guestbook" } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_clusterDecisionResource() string { return ` resource "argocd_application_set" "cluster_decision_resource" { metadata { name = "cluster-decision-resource" } spec { generator { cluster_decision_resource { config_map_ref = "my-configmap" name = "quak" requeue_after_seconds = "180" label_selector { match_labels = { duck = "spotted" } match_expressions { key = "duck" operator = "In" values = [ "spotted", "canvasback" ] } } } } template { metadata { name = "{{name}}-cluster-decision-resource" } spec { source { repo_url = "https://github.com/argoproj/argo-cd/" target_revision = "HEAD" path = "test/e2e/testdata/guestbook" } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_scmProviderGitDirectories() string { return ` resource "argocd_application_set" "git_directories" { metadata { name = "git-directories" } spec { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/git-generator-directory/cluster-addons/*" } directory { path = "applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook" exclude = true } requeue_after_seconds = "30" } } template { metadata { name = "{{path.basename}}-git-directories" } spec { source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "https://kubernetes.default.svc" namespace = "{{path.basename}}" } } } } }` } func testAccArgoCDApplicationSet_scmProviderGitFiles() string { return ` resource "argocd_application_set" "git_files" { metadata { name = "git-files" } spec { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" file { path = "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" } values = { foo = "bar" } } } template { metadata { name = "{{cluster.name}}-git-files" } spec { source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/git-generator-files-discovery/apps/guestbook" } destination { server = "{{cluster.address}}" namespace = "guestbook" } } } } }` } func testAccArgoCDApplicationSet_plugin() string { return ` resource "argocd_application_set" "plugin" { metadata { name = "plugin" } spec { generator { plugin { config_map_ref = "plugin" input { parameters = { key1 = "value1" } } requeue_after_seconds = 30 } } template { metadata { name = "{{cluster}}-guestbook" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } }` } func testAccArgoCDApplicationSet_list() string { return ` resource "argocd_application_set" "list" { metadata { name = "list" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://kubernetes.default.svc" } ] } } template { metadata { name = "{{cluster}}-guestbook" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } }` } func testAccArgoCDApplicationSet_listElementsYaml() string { return ` resource "argocd_application_set" "list_elements_yaml" { metadata { name = "list-elements-yaml" } spec { generator { list { elements = [] elements_yaml = <<-EOT - cluster: engineering-dev url: https://kubernetes.default.svc environment: development - cluster: engineering-prod url: https://kubernetes.default.svc environment: production foo: bar EOT } } template { metadata { name = "{{cluster}}-guestbook" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } }` } func testAccArgoCDApplicationSet_matrix() string { return ` resource "argocd_application_set" "matrix" { metadata { name = "matrix" } spec { generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } requeue_after_seconds = "30" } } generator { clusters{ selector{ match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } } } template { metadata { name = "{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } }` } func testAccArgoCDApplicationSet_matrixPluginGenerator() string { return ` resource "argocd_application_set" "matrix-plugin_generator" { metadata { name = "matrix-plugin-generator" } spec { generator { matrix { generator { plugin { config_map_ref = "plugin" input { parameters = { key1 = "value1" } } requeue_after_seconds = 30 } } generator { clusters{ selector{ match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } } } template { metadata { name = "{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } }` } func testAccArgoCDApplicationSet_matrixGitPathParamPrefix() string { return ` resource "argocd_application_set" "matrix_git_path_param_prefix" { metadata { name = "matrix-git-path-param-prefix" } spec { generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" path_param_prefix = "foo" file { path = "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" } } } generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" path_param_prefix = "bar" file { path = "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" } } } } } template { metadata { name = "matrix-git-path-param-prefix" } spec { source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/git-generator-files-discovery/apps/guestbook" } destination { server = "{{cluster.address}}" namespace = "guestbook" } } } } }` } func testAccArgoCDApplicationSet_matrixNested() string { return ` resource "argocd_application_set" "matrix_nested" { metadata { name = "matrix-nested" } spec { generator { matrix { generator { clusters{ selector{ match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } generator { list { elements = [ { cluster = "engineering-dev" url = "https://kubernetes.default.svc" } ] } } } } } } template { metadata { name = "nested-{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } }` } func testAccArgoCDApplicationSet_matrixInsufficientGenerators() string { return ` resource "argocd_application_set" "matrix_insufficient_generators" { metadata { name = "matrix-insufficient-generators" } spec { generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } } } template { metadata { name = "{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } }` } func testAccArgoCDApplicationSet_matrixTooManyGenerators() string { return ` resource "argocd_application_set" "matrix_too_many_generators" { metadata { name = "matrix-too-many-generators" } spec { generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } } } template { metadata { name = "{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } }` } func testAccArgoCDApplicationSet_matrixNestedInsufficientGenerators() string { return ` resource "argocd_application_set" "matrix_nested_insufficient_generators" { metadata { name = "matrix-nested-insufficient-generators" } spec { generator { matrix { generator { clusters{ selector{ match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } } } } } template { metadata { name = "nested-{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } }` } func testAccArgoCDApplicationSet_matrixOnly1LevelOfNesting() string { return ` resource "argocd_application_set" "matrix_nested_invalid" { metadata { name = "matrix-nested-invalid" } spec { generator { matrix { generator { clusters{ selector{ match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } generator { list { elements = [ { cluster = "engineering-dev" url = "https://kubernetes.default.svc" } ] } } } } } } } } template { metadata { name = "nested-{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } }` } func testAccArgoCDApplicationSet_merge() string { return ` resource "argocd_application_set" "merge" { metadata { name = "merge" } spec { generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } generator { clusters { selector { match_labels = { use-kafka = "false" } } values = { kafka = "false" } } } generator { list { elements = [ { server = "https://2.4.6.8" "values.redis" = "true" }, ] } } } } template { metadata { name = "{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "app" target_revision = "HEAD" helm { parameter { name = "kafka" value = "{{values.kafka}}" } parameter { name = "redis" value = "{{values.redis}}" } } } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_mergeNested() string { return ` resource "argocd_application_set" "merge_nested" { metadata { name = "merge-nested" } spec { generator { merge { merge_keys = [ "server" ] generator { list { elements = [ { server = "https://2.4.6.8" "values.redis" = "true" }, ] } } generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } generator { clusters { selector { match_labels = { use-kafka = "false" } } values = { kafka = "false" } } } } } } } template { metadata { name = "{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "app" target_revision = "HEAD" helm { parameter { name = "kafka" value = "{{values.kafka}}" } parameter { name = "redis" value = "{{values.redis}}" } } } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_mergeInsufficientGenerators() string { return ` resource "argocd_application_set" "merge_insufficient_generators" { metadata { name = "merge-insufficient-generators" } spec { generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } } } template { metadata { name = "{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "app" target_revision = "HEAD" helm { parameter { name = "kafka" value = "{{values.kafka}}" } parameter { name = "redis" value = "{{values.redis}}" } } } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_mergeNestedInsufficientGenerators() string { return ` resource "argocd_application_set" "merge_nested_insufficient_generators" { metadata { name = "merge-nested-insufficient-generators" } spec { generator { merge { merge_keys = [ "server" ] generator { list { elements = [ { server = "https://2.4.6.8" "values.redis" = "true" }, ] } } generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } } } } } template { metadata { name = "{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "app" target_revision = "HEAD" helm { parameter { name = "kafka" value = "{{values.kafka}}" } parameter { name = "redis" value = "{{values.redis}}" } } } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_mergeOnly1LevelOfNesting() string { return ` resource "argocd_application_set" "merge_nested_invalid" { metadata { name = "merge-nested-invalid" } spec { generator { merge { merge_keys = [ "server" ] generator { list { elements = [ { server = "https://2.4.6.8" "values.redis" = "true" }, ] } } generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } generator { clusters { selector { match_labels = { use-kafka = "false" } } values = { kafka = "false" } } } } } } } } } template { metadata { name = "{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "app" target_revision = "HEAD" helm { parameter { name = "kafka" value = "{{values.kafka}}" } parameter { name = "redis" value = "{{values.redis}}" } } } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_scmProviderAzureDevOps() string { return ` resource "argocd_application_set" "scm_ado" { metadata { name = "scm-ado" } spec { generator { scm_provider { azure_devops { all_branches = true api = "https://dev.azure.com" organization = "myorg" team_project = "myProject" access_token_ref { secret_name = "azure-devops-scm" key = "accesstoken" } } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_scmProviderBitbucketCloud() string { return ` resource "argocd_application_set" "scm_bitbucket_cloud" { metadata { name = "scm-bitbucket-cloud" } spec { generator { scm_provider { bitbucket_cloud { all_branches = true owner = "example-owner" user = "example-user" app_password_ref { secret_name = "appPassword" key = "password" } } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_scmProviderBitbucketServer() string { return ` resource "argocd_application_set" "scm_bitbucket_server" { metadata { name = "scm-bitbucket-server" } spec { generator { scm_provider { bitbucket_server { all_branches = true api = "https://bitbucket.org/rest" project = "myproject" basic_auth { username = "myuser" password_ref { secret_name = "mypassword" key = "password" } } } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_scmProviderGitea() string { return ` resource "argocd_application_set" "scm_gitea" { metadata { name = "scm-gitea" } spec { generator { scm_provider { gitea { all_branches = true owner = "myorg" api = "https://gitea.mydomain.com/" token_ref { secret_name = "gitea-token" key = "token" } } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_scmProviderGithub() string { return ` resource "argocd_application_set" "scm_github" { metadata { name = "scm-github" } spec { generator { scm_provider { github { all_branches = true api = "https://git.example.com/" app_secret_name = "gh-app-repo-creds" organization = "myorg" token_ref { secret_name = "github-token" key = "token" } } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_scmProviderGitlab() string { return ` resource "argocd_application_set" "scm_gitlab" { metadata { name = "scm-gitlab" } spec { generator { scm_provider { gitlab { all_branches = true api = "https://gitlab.example.com/" group = "8675309" include_subgroups = false token_ref { secret_name = "gitlab-token" key = "token" } } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_scmProviderWithFilters() string { return ` resource "argocd_application_set" "scm_filters" { metadata { name = "scm-filters" } spec { generator { scm_provider { github { all_branches = true api = "https://git.example.com/" app_secret_name = "gh-app-repo-creds" organization = "myorg" token_ref { secret_name = "github-token" key = "token" } } filter { repository_match = "^myapp" paths_exist = [ "kubernetes/kustomization.yaml" ] label_match = "deploy-ok" } filter { repository_match = "^otherapp" paths_exist = [ "helm" ] paths_do_not_exist = [ "disabledrepo.txt" ] } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_pullRequestBitbucketServer() string { return ` resource "argocd_application_set" "pr_bitbucket_server" { metadata { name = "pr-bitbucket-server" } spec { generator { pull_request { bitbucket_server { api = "https://bitbucket.org/rest" project = "myproject" repo = "myrepository" basic_auth { username = "myuser" password_ref { secret_name = "mypassword" key = "password" } } } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_pullRequestGitea() string { return ` resource "argocd_application_set" "pr_gitea" { metadata { name = "pr-gitea" } spec { generator { pull_request { gitea { api = "https://gitea.mydomain.com/" insecure = true owner = "myorg" repo = "myrepository" token_ref { secret_name = "gitea-token" key = "token" } } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_pullRequestGithub() string { return ` resource "argocd_application_set" "pr_github" { metadata { name = "pr-github" } spec { generator { pull_request { github { api = "https://git.example.com/" owner = "myorg" repo = "myrepository" app_secret_name = "github-app-repo-creds" token_ref { secret_name = "github-token" key = "token" } labels = [ "preview" ] } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_pullRequestGitlab() string { return ` resource "argocd_application_set" "pr_gitlab" { metadata { name = "pr-gitlab" } spec { generator { pull_request { gitlab { api = "https://git.example.com/" project = "myproject" pull_request_state = "opened" token_ref { secret_name = "gitlab-token" key = "token" } labels = [ "preview" ] } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_pullRequestGitlabInsecureAndCARef() string { return ` resource "argocd_application_set" "pr_gitlab_insecure" { metadata { name = "pr-gitlab-insecure" } spec { generator { pull_request { gitlab { api = "https://git.example.com/" project = "myproject" pull_request_state = "opened" insecure = true token_ref { secret_name = "gitlab-token" key = "token" } ca_ref { config_map_name = "gitlab-ca-cert" key = "ca.crt" } labels = [ "preview" ] } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_pullRequestAzureDevOps() string { return ` resource "argocd_application_set" "pr_azure_devops" { metadata { name = "pr-azure-devops" } spec { generator { pull_request { azure_devops { api = "https://dev.azure.com" organization = "myorg" project = "myproject" repo = "myrepository" labels = ["preview"] token_ref { secret_name = "azure-devops-token" key = "token" } } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_generatorTemplate() string { return ` resource "argocd_application_set" "generator_template" { metadata { name = "generator-template" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://kubernetes.default.svc" } ] template { metadata {} spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/template-override/{{.cluster}}-override" } destination {} } } } } go_template = true template { metadata { name = "appset-generator-template-{{.cluster}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/template-override/default" } destination { server = "{{.url}}" namespace = "guestbook" } } } } }` } func testAccArgoCDApplicationSet_goTemplate() string { return ` resource "argocd_application_set" "go_template" { metadata { name = "go-template" } spec { generator { clusters {} # Automatically use all clusters defined within Argo CD } go_template = true go_template_options = [ "missingkey=error" ] template { metadata { name = "appset-go-template-{{.name}}" } spec { source { repo_url = "https://github.com/argoproj/argo-cd/" target_revision = "HEAD" path = "test/e2e/testdata/guestbook" } destination { server = "{{.server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_syncPolicy() string { return ` resource "argocd_application_set" "sync_policy" { metadata { name = "sync-policy" } spec { generator { clusters {} # Automatically use all clusters defined within Argo CD } sync_policy { preserve_resources_on_deletion = true } template { metadata { name = "appset-sync-policy-{{name}}" } spec { source { repo_url = "https://github.com/argoproj/argo-cd/" target_revision = "HEAD" path = "test/e2e/testdata/guestbook" } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_syncPolicyWithApplicationsSync() string { return ` resource "argocd_application_set" "applications_sync_policy" { metadata { name = "applications-sync-policy" } spec { generator { clusters {} # Automatically use all clusters defined within Argo CD } sync_policy { preserve_resources_on_deletion = true applications_sync = "create-update" } template { metadata { name = "appset-sync-policy-{{name}}" } spec { source { repo_url = "https://github.com/argoproj/argo-cd/" target_revision = "HEAD" path = "test/e2e/testdata/guestbook" } destination { server = "{{server}}" namespace = "default" } } } } }` } func testAccArgoCDApplicationSet_progressiveSync() string { return ` resource "argocd_application_set" "progressive_sync" { metadata { name = "progressive-sync" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://1.2.3.4" env = "env-dev" }, { cluster = "engineering-qa" url = "https://2.4.6.8" env = "env-qa" }, { cluster = "engineering-prod" url = "https://9.8.7.6/" env = "env-prod" } ] } } strategy { type = "RollingSync" rolling_sync { step { match_expressions { key = "envLabel" operator = "In" values = [ "env-dev" ] } # max_update = "100%" # if undefined, all applications matched are updated together (default is 100%) } step { match_expressions { key = "envLabel" operator = "In" values = [ "env-qa" ] } max_update = "0" } step { match_expressions { key = "envLabel" operator = "In" values = [ "env-prod" ] } max_update = "10%" } } } go_template = true template { metadata { name = "appset-progressive-sync-{{.cluster}}" labels = { envLabel = "{{.env}}" } } spec { project = "default" source { repo_url = "https://github.com/infra-team/cluster-deployments.git" path = "guestbook/{{.cluster}}" target_revision = "HEAD" } destination { server = "{{.url}}" namespace = "guestbook" } } } } }` } func testAccArgoCDApplicationSet_templatePatch() string { return ` locals { mytemplate = < 0 { for _, existingCluster := range existingClusters.Items { if rtrimmedServer == strings.TrimRight(existingCluster.Server, "/") { tokenMutexClusters.Unlock() return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("cluster with server address %s already exists", cluster.Server), }, } } } } c, err := si.ClusterClient.Create(ctx, &clusterClient.ClusterCreateRequest{ Cluster: cluster, Upsert: false, }) tokenMutexClusters.Unlock() if err != nil { return argoCDAPIError("create", "cluster", cluster.Server, err) } // Check if the name has been defaulted to server (when omitted) if c.Name != "" && c.Name != c.Server { d.SetId(fmt.Sprintf("%s/%s", c.Server, c.Name)) } else { d.SetId(c.Server) } return resourceArgoCDClusterRead(ctx, d, meta) } func resourceArgoCDClusterRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } tokenMutexClusters.RLock() c, err := si.ClusterClient.Get(ctx, getClusterQueryFromID(d)) tokenMutexClusters.RUnlock() if err != nil { if strings.Contains(err.Error(), "NotFound") { d.SetId("") return nil } // Fix for https://github.com/oboukili/terraform-provider-argocd/issues/266 // This fix is added here as a workaround to ensure backward compatibility, as // it is triggered only on the specific usecase where the issue happens. // Additional remarks about this code: // * it is a copy/paste of the code used by resourceArgoCDClusterCreate to check if // the cluster already exists (with some obvious changes to return value and mutex type) // * it should at term replace the `si.ClusterClient.Get` code for this method if strings.Contains(err.Error(), "PermissionDenied") { cluster, err := expandCluster(d) if err != nil { return errorToDiagnostics("failed to expand cluster", err) } tokenMutexClusters.RLock() rtrimmedServer := strings.TrimRight(cluster.Server, "/") // Cluster are unique by "server address" so we should check there is no existing cluster with this address before existingClusters, err := si.ClusterClient.List(ctx, &clusterClient.ClusterQuery{ // Starting argo-cd server v2.8.0 filtering on list api endpoint is fixed, else it is ignored, see: // - https://github.com/oboukili/terraform-provider-argocd/issues/266#issuecomment-1739122022 // - https://github.com/argoproj/argo-cd/pull/13363 Id: &clusterClient.ClusterID{ Type: "server", Value: rtrimmedServer, }, }) tokenMutexClusters.RUnlock() if err != nil { return errorToDiagnostics(fmt.Sprintf("failed to list existing clusters when reading cluster %s", cluster.Server), err) } // Here we will filter ourselves on the list so that we are backward compatible for argo-cd server with version < v2.8.0 (see coment above) if len(existingClusters.Items) > 0 { for _, existingCluster := range existingClusters.Items { if rtrimmedServer == strings.TrimRight(existingCluster.Server, "/") { // Cluster was found, return return nil } } } // Cluster was not found, return with empty Id d.SetId("") return nil } else { return argoCDAPIError("read", "cluster", d.Id(), err) } } if err = flattenCluster(c, d); err != nil { return errorToDiagnostics(fmt.Sprintf("failed to flatten cluster %s", d.Id()), err) } return nil } func resourceArgoCDClusterUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } cluster, err := expandCluster(d) if err != nil { return errorToDiagnostics(fmt.Sprintf("failed to expand cluster %s", d.Id()), err) } tokenMutexClusters.Lock() _, err = si.ClusterClient.Update(ctx, &clusterClient.ClusterUpdateRequest{Cluster: cluster}) tokenMutexClusters.Unlock() if err != nil { return argoCDAPIError("update", "cluster", cluster.Server, err) } return resourceArgoCDClusterRead(ctx, d, meta) } func resourceArgoCDClusterDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { si := meta.(*ServerInterface) if diags := si.InitClients(ctx); diags != nil { return pluginSDKDiags(diags) } tokenMutexClusters.Lock() _, err := si.ClusterClient.Delete(ctx, getClusterQueryFromID(d)) tokenMutexClusters.Unlock() if err != nil { if strings.Contains(err.Error(), "NotFound") { d.SetId("") return nil } return argoCDAPIError("delete", "cluster", d.Id(), err) } d.SetId("") return nil } func getClusterQueryFromID(d *schema.ResourceData) *clusterClient.ClusterQuery { cq := &clusterClient.ClusterQuery{} id := strings.Split(strings.TrimPrefix(d.Id(), "https://"), "/") if len(id) > 1 { cq.Name = id[len(id)-1] cq.Server = fmt.Sprintf("https://%s", strings.Join(id[:len(id)-1], "/")) } else { cq.Server = d.Id() } return cq } ================================================ FILE: argocd/resource_argocd_cluster_test.go ================================================ package argocd import ( "context" "fmt" "os" "regexp" "runtime" "strconv" "testing" "time" "github.com/argoproj-labs/terraform-provider-argocd/internal/provider" "github.com/argoproj-labs/terraform-provider-argocd/internal/testhelpers" "github.com/argoproj/argo-cd/v3/pkg/apiclient/cluster" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/util/homedir" ) func TestAccArgoCDCluster(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDClusterBearerToken(acctest.RandString(10)), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.simple", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttr( "argocd_cluster.simple", "shard", "1", ), resource.TestCheckResourceAttrSet( "argocd_cluster.simple", "info.0.server_version", ), resource.TestCheckResourceAttr( "argocd_cluster.simple", "info.0.applications_count", "0", ), resource.TestCheckResourceAttr( "argocd_cluster.simple", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), ), }, { ResourceName: "argocd_cluster.simple", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"config.0.bearer_token", "info", "config.0.tls_client_config.0.key_data"}, }, { Config: testAccArgoCDClusterTLSCertificate(t, acctest.RandString(10)), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.tls", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttrSet( "argocd_cluster.tls", "info.0.server_version", ), resource.TestCheckResourceAttr( "argocd_cluster.tls", "config.0.tls_client_config.0.insecure", "false", ), ), }, }, }) } func TestAccArgoCDCluster_projectScope(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDClusterProjectScope(acctest.RandString(10), "myproject1"), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.project_scope", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttr( "argocd_cluster.project_scope", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), resource.TestCheckResourceAttr( "argocd_cluster.project_scope", "project", "myproject1", ), ), }, { ResourceName: "argocd_cluster.project_scope", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"config.0.bearer_token", "info", "config.0.tls_client_config.0.key_data"}, }, }, }) } func TestAccArgoCDCluster_optionalName(t *testing.T) { name := acctest.RandString(10) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDClusterMetadataNoName(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "name", "https://kubernetes.default.svc.cluster.local", ), ), }, { Config: testAccArgoCDClusterMetadata(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "name", name, ), ), }, { Config: testAccArgoCDClusterMetadataNoName(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "name", "https://kubernetes.default.svc.cluster.local", ), ), }, }, }) } func TestAccArgoCDCluster_metadata(t *testing.T) { clusterName := acctest.RandString(10) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDClusterMetadata(clusterName), Check: resource.ComposeTestCheckFunc( resource.TestCheckNoResourceAttr( "argocd_cluster.cluster_metadata", "metadata.0", ), ), }, { ResourceName: "argocd_cluster.cluster_metadata", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"config.0.bearer_token", "info", "config.0.tls_client_config.0.key_data"}, }, { Config: testAccArgoCDClusterMetadata_addLabels(clusterName), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "metadata.0.labels.test", "label", ), resource.TestCheckNoResourceAttr( "argocd_cluster.cluster_metadata", "metadata.0.annotations", ), ), }, { ResourceName: "argocd_cluster.cluster_metadata", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"config.0.bearer_token", "info", "config.0.tls_client_config.0.key_data"}, }, { Config: testAccArgoCDClusterMetadata_addAnnotations(clusterName), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "metadata.0.labels.test", "label", ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "metadata.0.annotations.test", "annotation", ), ), }, { ResourceName: "argocd_cluster.cluster_metadata", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"config.0.bearer_token", "info", "config.0.tls_client_config.0.key_data"}, }, { Config: testAccArgoCDClusterMetadata_removeLabels(clusterName), Check: resource.ComposeTestCheckFunc( resource.TestCheckNoResourceAttr( "argocd_cluster.cluster_metadata", "metadata.0.labels.test", ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "metadata.0.annotations.test", "annotation", ), ), }, { ResourceName: "argocd_cluster.cluster_metadata", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"config.0.bearer_token", "info", "config.0.tls_client_config.0.key_data"}, }, }, }) } func TestAccArgoCDCluster_invalidSameServer(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDClusterTwiceWithSameServer(), ExpectError: regexp.MustCompile("cluster with server address .* already exists"), }, { Config: testAccArgoCDClusterTwiceWithSameServerNoNames(), ExpectError: regexp.MustCompile("cluster with server address .* already exists"), }, { Config: testAccArgoCDClusterTwiceWithSameLogicalServer(), ExpectError: regexp.MustCompile("cluster with server address .* already exists"), }, }, }) } func TestAccArgoCDCluster_outsideDeletion(t *testing.T) { clusterName := acctest.RandString(10) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDClusterMetadata(clusterName), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "name", clusterName, ), ), }, { PreConfig: func() { // delete cluster and validate refresh generates a plan // (non-regression test for https://github.com/oboukili/terraform-provider-argocd/issues/266) si, err := getServerInterface() if err != nil { t.Error(fmt.Errorf("failed to get server interface: %s", err.Error())) } ctx, cancel := context.WithTimeout(t.Context(), 120*time.Second) defer cancel() _, err = si.ClusterClient.Delete(ctx, &cluster.ClusterQuery{Name: clusterName}) if err != nil { t.Error(fmt.Errorf("failed to delete cluster '%s': %s", clusterName, err.Error())) } }, RefreshState: true, ExpectNonEmptyPlan: true, }, { Config: testAccArgoCDClusterMetadata(clusterName), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), resource.TestCheckResourceAttr( "argocd_cluster.cluster_metadata", "name", clusterName, ), ), }, }, }) } func TestAccArgoCDCluster_urlUpdate(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDClusterBearerToken_urlChange("https://kubernetes.default.svc.cluster.local"), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.check_url_change", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttrSet( "argocd_cluster.check_url_change", "info.0.server_version", ), resource.TestCheckResourceAttr( "argocd_cluster.check_url_change", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), ), }, { Config: testAccArgoCDClusterBearerToken_urlChange("https://kubernetes.default"), ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ plancheck.ExpectResourceAction("argocd_cluster.check_url_change", plancheck.ResourceActionReplace), }, }, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_cluster.check_url_change", "info.0.connection_state.0.status", "Successful", ), resource.TestCheckResourceAttrSet( "argocd_cluster.check_url_change", "info.0.server_version", ), resource.TestCheckResourceAttr( "argocd_cluster.check_url_change", "config.0.tls_client_config.0.insecure", strconv.FormatBool(isInsecure()), ), ), }, }, }) } func TestAccArgoCDCluster_namespacesErrorWhenEmpty(t *testing.T) { name := acctest.RandString(10) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProviderFactories: testAccProviders, Steps: []resource.TestStep{ { Config: testAccArgoCDClusterNamespacesContainsEmptyString(name), ExpectError: regexp.MustCompile("namespaces: must contain non-empty strings"), }, { Config: testAccArgoCDClusterNamespacesContainsEmptyString_MultipleItems(name), ExpectError: regexp.MustCompile("namespaces: must contain non-empty strings"), }, }, }) } func testAccArgoCDClusterBearerToken(clusterName string) string { return fmt.Sprintf(` resource "argocd_cluster" "simple" { server = "https://kubernetes.default.svc.cluster.local" name = "%s" shard = "1" namespaces = ["default", "foo"] config { %s } } `, clusterName, getConfig()) } func testAccArgoCDClusterTLSCertificate(t *testing.T, clusterName string) string { // Skip if we're not in an acceptance test environment if os.Getenv("TF_ACC") == "" { t.Skip("Acceptance tests skipped unless env 'TF_ACC' set") } rc, err := getInternalRestConfig() if err != nil { t.Error(err) } return fmt.Sprintf(` resource "argocd_cluster" "tls" { server = "https://kubernetes.default.svc.cluster.local" name = "%s" namespaces = ["bar", "baz"] config { tls_client_config { key_data = <0%). Default is 100%, unbounded.", ValidateFunc: validateIntOrStringPercentage, Optional: true, }, }, }, }, }, }, }, }, }, }, "sync_policy": { Type: schema.TypeList, Description: "Application Set [sync policy](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/).", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "preserve_resources_on_deletion": { Type: schema.TypeBool, Description: "Label selector used to narrow the scope of targeted clusters.", Optional: true, }, "applications_sync": { Type: schema.TypeString, Description: "Represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, and sync.", Optional: true, }, }, }, }, "template": { Type: schema.TypeList, Description: "Application set template. The template fields of the ApplicationSet spec are used to generate Argo CD Application resources.", Required: true, MinItems: 1, MaxItems: 1, Elem: applicationSetTemplateResource(false), }, "template_patch": { Type: schema.TypeString, Description: "Application set template patch, as in the [Argo CD ApplicationSet spec](https://argocd-applicationset.readthedocs.io/en/stable/fields/#templatepatch).", Optional: true, }, }, }, } } func applicationSetSpecSchemaV1() *schema.Schema { // To support deploying applicationsets to non-default namespaces we need to // do a state migration to ensure that the Id on existing resources is // updated to include the namespace. For this to happen, we need to trigger // a schema version upgrade on the applicationset resource however, the // schema of the applicationset `spec` has not changed from `v0`. return applicationSetSpecSchemaV0() } func applicationSetGeneratorSchemaV0() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "Application set generators. Generators are responsible for generating parameters, which are then rendered into the template: fields of the ApplicationSet resource.", Required: true, MinItems: 1, Elem: generatorResourceV0(generatorSchemaLevel), } } func resourceArgoCDApplicationSetStateUpgradeV0(_ context.Context, rawState map[string]interface{}, _ interface{}) (map[string]interface{}, error) { _metadata, ok := rawState["metadata"].([]interface{}) if !ok || len(_metadata) == 0 { return nil, fmt.Errorf("failed to read metadata during state migration v0 to v1") } metadata := _metadata[0].(map[string]interface{}) rawState["id"] = fmt.Sprintf("%s:%s", metadata["name"].(string), metadata["namespace"].(string)) return rawState, nil } func generatorResourceV0(level int) *schema.Resource { if level > 1 { return &schema.Resource{ Schema: map[string]*schema.Schema{ "cluster_decision_resource": applicationSetClusterDecisionResourceGeneratorSchemaV0(), "clusters": applicationSetClustersGeneratorSchemaV0(), "git": applicationSetGitGeneratorSchemaV0(), "list": applicationSetListGeneratorSchemaV0(), "matrix": applicationSetMatrixGeneratorSchemaV0(level), "merge": applicationSetMergeGeneratorSchemaV0(level), "plugin": applicationSetPluginGeneratorSchemaV0(), "pull_request": applicationSetPullRequestGeneratorSchemaV0(), "scm_provider": applicationSetSCMProviderGeneratorSchemaV0(), "selector": { Type: schema.TypeList, Description: "The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: labelSelectorSchema(), }, }, }, } } return &schema.Resource{ Schema: map[string]*schema.Schema{ "plugin": applicationSetPluginGeneratorSchemaV0(), "cluster_decision_resource": applicationSetClusterDecisionResourceGeneratorSchemaV0(), "clusters": applicationSetClustersGeneratorSchemaV0(), "git": applicationSetGitGeneratorSchemaV0(), "list": applicationSetListGeneratorSchemaV0(), "pull_request": applicationSetPullRequestGeneratorSchemaV0(), "scm_provider": applicationSetSCMProviderGeneratorSchemaV0(), "selector": { Type: schema.TypeList, Description: "The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: labelSelectorSchema(), }, }, }, } } func applicationSetClustersGeneratorSchemaV0() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "The [cluster generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/) produces parameters based on the list of items found within the cluster secret.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "selector": { Type: schema.TypeList, Description: "Label selector used to narrow the scope of targeted clusters.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: labelSelectorSchema(), }, }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, "values": { Type: schema.TypeMap, Description: "Arbitrary string key-value pairs to pass to the template via the values field of the cluster generator.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "enabled": { Type: schema.TypeBool, Description: "Boolean value defaulting to `true` to indicate that this block has been added thereby allowing all other attributes to be optional.", Required: true, DefaultFunc: func() (interface{}, error) { return true, nil }, }, }, }, } } func applicationSetClusterDecisionResourceGeneratorSchemaV0() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "The [cluster decision resource](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster-Decision-Resource/) generates a list of Argo CD clusters.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "config_map_ref": { Type: schema.TypeString, Description: "ConfigMap with the duck type definitions needed to retrieve the data this includes apiVersion(group/version), kind, matchKey and validation settings.", Required: true, }, "name": { Type: schema.TypeString, Description: "Resource name of the kind, group and version, defined in the `config_map_ref`.", Optional: true, }, "label_selector": { Type: schema.TypeList, Description: "Label selector used to find the resource defined in the `config_map_ref`. Alternative to `name`.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: labelSelectorSchema(), }, }, "requeue_after_seconds": { Type: schema.TypeString, Description: "How often to check for changes (in seconds). Default: 3min.", Optional: true, }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, "values": { Type: schema.TypeMap, Description: "Arbitrary string key-value pairs which are passed directly as parameters to the template.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, }, }, } } func applicationSetPluginGeneratorSchemaV0() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "[Plugin generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Plugin/) generates parameters using a custom plugin.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "config_map_ref": { Type: schema.TypeString, Description: "ConfigMap with the plugin configuration needed to retrieve the data.", Required: true, }, "requeue_after_seconds": { Type: schema.TypeString, Description: "How often to check for changes (in seconds). Default: 3min.", Optional: true, }, "input": { Type: schema.TypeList, Description: "The input parameters used for calling the plugin.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "parameters": { Type: schema.TypeMap, Description: "Arbitrary key-value pairs which are passed directly as parameters to the plugin. A current limitation is that this cannot fully express the parameters that can be accepted by the plugin generator.", Required: true, Elem: &schema.Schema{Type: schema.TypeString}, }, }, }, }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, "values": { Type: schema.TypeMap, Description: "Arbitrary string key-value pairs to pass to the template via the values field of the git generator.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, }, }, } } func applicationSetGitGeneratorSchemaV0() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "[Git generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git/) generates parameters using either the directory structure of a specified Git repository (directory generator), or, using the contents of JSON/YAML files found within a specified repository (file generator). ", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "directory": { Type: schema.TypeList, Description: "List of directories in the source repository to use when template the Application..", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "path": { Type: schema.TypeString, Description: "Path in the repository.", Required: true, }, "exclude": { Type: schema.TypeBool, Description: "Flag indicating whether or not the directory should be excluded when templating.", Optional: true, Default: false, }, }, }, }, "file": { Type: schema.TypeList, Description: "List of files in the source repository to use when template the Application.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "path": { Type: schema.TypeString, Description: "Path to the file in the repository.", Required: true, }, }, }, }, "repo_url": { Type: schema.TypeString, Description: "URL to the repository to use.", Required: true, }, "revision": { Type: schema.TypeString, Description: "Revision of the source repository to use.", Optional: true, }, "path_param_prefix": { Type: schema.TypeString, Description: "Prefix for all path-related parameter names.", Optional: true, }, "requeue_after_seconds": { Type: schema.TypeString, Description: "How often to check for changes (in seconds). Default: 3min.", Optional: true, }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, "values": { Type: schema.TypeMap, Description: "Arbitrary string key-value pairs to pass to the template via the values field of the git generator.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, }, }, } } func applicationSetListGeneratorSchemaV0() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "[List generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-List/) generate parameters based on an arbitrary list of key/value pairs (as long as the values are string values).", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "elements": { Type: schema.TypeList, Description: "List of key/value pairs to pass as parameters into the template", Optional: true, Elem: &schema.Schema{ Type: schema.TypeMap, Elem: &schema.Schema{Type: schema.TypeString}, }, }, "elements_yaml": { Type: schema.TypeString, Description: "YAML string containing list of key/value pairs to pass as parameters into the template", Optional: true, }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, }, }, } } func applicationSetMatrixGeneratorSchemaV0(level int) *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "[Matrix generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Matrix/) combine the parameters generated by two child generators, iterating through every combination of each generator's generated parameters. Take note of the [restrictions](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Matrix/#restrictions) regarding their usage - particularly regarding nesting matrix generators.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "generator": { Type: schema.TypeList, Description: "Child generator. Generators are responsible for generating parameters, which are then combined by the parent matrix generator into the template fields of the ApplicationSet resource.", Required: true, MinItems: 2, MaxItems: 2, Elem: generatorResourceV0(level - 1), }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, }, }, } } func applicationSetMergeGeneratorSchemaV0(level int) *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "[Merge generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Merge/) combine parameters produced by the base (first) generator with matching parameter sets produced by subsequent generators. Take note of the [restrictions](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Merge/#restrictions) regarding their usage - particularly regarding nesting merge generators.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "merge_keys": { Type: schema.TypeList, Description: "Keys to merge into resulting parameter set.", Required: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "generator": { Type: schema.TypeList, Description: "Child generator. Generators are responsible for generating parameters, which are then combined by the parent merge generator.", Required: true, MinItems: 2, Elem: generatorResourceV0(level - 1), }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, }, }, } } func applicationSetSCMProviderGeneratorSchemaV0() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "[SCM Provider generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-SCM-Provider/) uses the API of an SCMaaS provider to automatically discover repositories within an organization.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "azure_devops": { Type: schema.TypeList, Description: "Uses the Azure DevOps API to look up eligible repositories based on a team project within an Azure DevOps organization.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "all_branches": { Type: schema.TypeBool, Description: "Scan all branches instead of just the default branch.", Optional: true, }, "access_token_ref": { Type: schema.TypeList, Description: "The Personal Access Token (PAT) to use when connecting.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, "api": { Type: schema.TypeString, Description: "The URL to Azure DevOps. Defaults to https://dev.azure.com.", Optional: true, }, "organization": { Type: schema.TypeString, Description: "Azure Devops organization. E.g. \"my-organization\".", Required: true, }, "team_project": { Type: schema.TypeString, Description: "Azure Devops team project. E.g. \"my-team\".", Required: true, }, }, }, }, "bitbucket_cloud": { Type: schema.TypeList, Description: "Uses the Bitbucket API V2 to scan a workspace in bitbucket.org.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "all_branches": { Type: schema.TypeBool, Description: "Scan all branches instead of just the default branch.", Optional: true, }, "app_password_ref": { Type: schema.TypeList, Description: "The app password to use for the user. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, "owner": { Type: schema.TypeString, Description: "Bitbucket workspace to scan.", Required: true, }, "user": { Type: schema.TypeString, Description: "Bitbucket user to use when authenticating. Should have a \"member\" role to be able to read all repositories and branches.", Required: true, }, }, }, }, "bitbucket_server": { Type: schema.TypeList, Description: "Use the Bitbucket Server API (1.0) to scan repos in a project.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "all_branches": { Type: schema.TypeBool, Description: "Scan all branches instead of just the default branch.", Optional: true, }, "api": { Type: schema.TypeString, Description: "The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest.", Required: true, }, "basic_auth": { Type: schema.TypeList, Description: "Credentials for Basic auth.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "username": { Type: schema.TypeString, Description: "Username for Basic auth.", Optional: true, }, "password_ref": { Type: schema.TypeList, Description: "Password (or personal access token) reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, }, }, }, "project": { Type: schema.TypeString, Description: "Project to scan.", Required: true, }, }, }, }, "clone_protocol": { Type: schema.TypeString, Description: "Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers necessarily support all protocols.", Optional: true, }, "filter": { Type: schema.TypeList, Description: "Filters for which repos should be considered.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "branch_match": { Type: schema.TypeString, Description: "A regex which must match the branch name.", Optional: true, }, "label_match": { Type: schema.TypeString, Description: "A regex which must match at least one label.", Optional: true, }, "paths_do_not_exist": { Type: schema.TypeList, Description: "An array of paths, all of which must not exist.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "paths_exist": { Type: schema.TypeList, Description: "An array of paths, all of which must exist.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "repository_match": { Type: schema.TypeString, Description: "A regex for repo names.", Optional: true, }, }, }, }, "gitea": { Type: schema.TypeList, Description: "Gitea mode uses the Gitea API to scan organizations in your instance.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "all_branches": { Type: schema.TypeBool, Description: "Scan all branches instead of just the default branch.", Optional: true, }, "api": { Type: schema.TypeString, Description: "The Gitea URL to talk to. For example https://gitea.mydomain.com/.", Optional: true, }, "insecure": { Type: schema.TypeBool, Description: "Allow self-signed TLS / Certificates.", Optional: true, }, "owner": { Type: schema.TypeString, Description: "Gitea organization or user to scan.", Required: true, }, "token_ref": { Type: schema.TypeList, Description: "Authentication token reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, }, }, }, "github": { Type: schema.TypeList, Description: "Uses the GitHub API to scan an organization in either github.com or GitHub Enterprise.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "all_branches": { Type: schema.TypeBool, Description: "If true, scan every branch of every repository. If false, scan only the default branch.", Optional: true, }, "api": { Type: schema.TypeString, Description: "The GitHub API URL to talk to. Default https://api.github.com/.", Optional: true, }, "app_secret_name": { Type: schema.TypeString, Description: "Reference to a GitHub App repo-creds secret. Uses a GitHub App to access the API instead of a PAT.", Optional: true, }, "organization": { Type: schema.TypeString, Description: "GitHub org to scan.", Required: true, }, "token_ref": { Type: schema.TypeList, Description: "Authentication token reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, }, }, }, "gitlab": { Type: schema.TypeList, Description: "Uses the GitLab API to scan and organization in either gitlab.com or self-hosted GitLab.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "all_branches": { Type: schema.TypeBool, Description: "If true, scan every branch of every repository. If false, scan only the default branch.", Optional: true, }, "api": { Type: schema.TypeString, Description: "The Gitlab API URL to talk to.", Optional: true, }, "group": { Type: schema.TypeString, Description: "Gitlab group to scan. You can use either the project id (recommended) or the full namespaced path.", Required: true, }, "include_subgroups": { Type: schema.TypeBool, Description: "Recurse through subgroups (true) or scan only the base group (false). Defaults to `false`.", Optional: true, }, "token_ref": { Type: schema.TypeList, Description: "Authentication token reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, }, }, }, "requeue_after_seconds": { Type: schema.TypeString, Description: "How often to check for changes (in seconds). Default: 3min.", Optional: true, }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, }, }, } } func applicationSetPullRequestGeneratorSchemaV0() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "[Pull Request generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/) uses the API of an SCMaaS provider to automatically discover open pull requests within a repository.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "bitbucket_server": { Type: schema.TypeList, Description: "Fetch pull requests from a repo hosted on a Bitbucket Server.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "api": { Type: schema.TypeString, Description: "The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest.", Required: true, }, "basic_auth": { Type: schema.TypeList, Description: "Credentials for Basic auth.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "username": { Type: schema.TypeString, Description: "Username for Basic auth.", Optional: true, }, "password_ref": { Type: schema.TypeList, Description: "Password (or personal access token) reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, }, }, }, "project": { Type: schema.TypeString, Description: "Project to scan.", Required: true, }, "repo": { Type: schema.TypeString, Description: "Repo name to scan.", Required: true, }, }, }, }, "azure_devops": { Type: schema.TypeList, Description: "Fetch pull requests from an Azure DevOps repository.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "api": { Type: schema.TypeString, Description: "The Azure DevOps API URL to talk to. If blank, uses https://dev.azure.com/.", Optional: true, }, "labels": { Type: schema.TypeList, Description: "Labels is used to filter the PRs that you want to target.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "organization": { Type: schema.TypeString, Description: "Azure DevOps org to scan. Required.", Required: true, }, "project": { Type: schema.TypeString, Description: "Azure DevOps project name to scan. Required.", Required: true, }, "repo": { Type: schema.TypeString, Description: "Azure DevOps repo name to scan. Required.", Required: true, }, "token_ref": { Type: schema.TypeList, Description: "Authentication token reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, }, }, }, "filter": { Type: schema.TypeList, Description: "Filters allow selecting which pull requests to generate for.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "branch_match": { Type: schema.TypeString, Description: "A regex which must match the branch name.", Optional: true, }, }, }, }, "gitea": { Type: schema.TypeList, Description: "Specify the repository from which to fetch the Gitea Pull requests.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "api": { Type: schema.TypeString, Description: "The Gitea API URL to talk to.", Required: true, }, "insecure": { Type: schema.TypeBool, Description: "Allow insecure tls, for self-signed certificates; default: false.", Optional: true, }, "owner": { Type: schema.TypeString, Description: "Gitea org or user to scan.", Required: true, }, "repo": { Type: schema.TypeString, Description: "Gitea repo name to scan.", Required: true, }, "token_ref": { Type: schema.TypeList, Description: "Authentication token reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, }, }, }, "github": { Type: schema.TypeList, Description: "Specify the repository from which to fetch the GitHub Pull requests.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "api": { Type: schema.TypeString, Description: "The GitHub API URL to talk to. Default https://api.github.com/.", Optional: true, }, "app_secret_name": { Type: schema.TypeString, Description: "Reference to a GitHub App repo-creds secret with permission to access pull requests.", Optional: true, }, "labels": { Type: schema.TypeList, Description: "Labels is used to filter the PRs that you want to target.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "owner": { Type: schema.TypeString, Description: "GitHub org or user to scan.", Required: true, }, "repo": { Type: schema.TypeString, Description: "GitHub repo name to scan.", Required: true, }, "token_ref": { Type: schema.TypeList, Description: "Authentication token reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, }, }, }, "gitlab": { Type: schema.TypeList, Description: "Specify the project from which to fetch the GitLab merge requests.", Optional: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "api": { Type: schema.TypeString, Description: "The GitLab API URL to talk to. If blank, uses https://gitlab.com/.", Optional: true, }, "labels": { Type: schema.TypeList, Description: "Labels is used to filter the PRs that you want to target.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "project": { Type: schema.TypeString, Description: "GitLab project to scan.", Required: true, }, "pull_request_state": { Type: schema.TypeString, Description: "additional MRs filter to get only those with a certain state. Default: \"\" (all states).", Optional: true, }, "token_ref": { Type: schema.TypeList, Description: "Authentication token reference.", Optional: true, MaxItems: 1, Elem: secretRefResource(), }, "insecure": { Type: schema.TypeBool, Description: "A flag for checking the validity of the SCM's certificates.", Optional: true, }, "ca_ref": { Type: schema.TypeList, Description: "Reference to a ConfigMap key containing trusted CA certificates for verifying the SCM server's TLS certificate.", Optional: true, MaxItems: 1, Elem: configMapRefResource(), }, }, }, }, "requeue_after_seconds": { Type: schema.TypeString, Description: "How often to check for changes (in seconds). Default: 30min.", Optional: true, }, "template": { Type: schema.TypeList, Description: "Generator template. Used to override the values of the spec-level template.", Optional: true, MaxItems: 1, Elem: applicationSetTemplateResource(true), }, }, }, } } func applicationSetTemplateResource(allOptional bool) *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ "metadata": { Type: schema.TypeList, Description: "Kubernetes object metadata for templated Application.", Optional: allOptional, Required: !allOptional, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "annotations": { Type: schema.TypeMap, Description: "An unstructured key value map that may be used to store arbitrary metadata for the resulting Application.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "labels": { Type: schema.TypeMap, Description: "Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "name": { Type: schema.TypeString, Description: "Name of the resulting Application", Optional: allOptional, Required: !allOptional, }, "namespace": { Type: schema.TypeString, Description: "Namespace of the resulting Application", Optional: true, }, "finalizers": { Type: schema.TypeList, Description: "List of finalizers to apply to the resulting Application.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, }, }, }, "spec": applicationSpecSchemaV4(allOptional, true), }, } } func secretRefResource() *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { Type: schema.TypeString, Description: "Key containing information in Kubernetes `Secret`.", Required: true, }, "secret_name": { Type: schema.TypeString, Description: "Name of Kubernetes `Secret`.", Required: true, }, }, } } func configMapRefResource() *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { Type: schema.TypeString, Description: "Key containing information in trusted CA certs.", Required: true, }, "config_map_name": { Type: schema.TypeString, Description: "Name of the ConfigMap.", Required: true, }, }, } } ================================================ FILE: argocd/schema_application_test.go ================================================ package argocd import ( "reflect" "strings" "testing" ) func TestUpgradeSchemaApplication_V0V1_Default_SkipCrds(t *testing.T) { t.Parallel() v0 := map[string]interface{}{ "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", "helm": []interface{}{map[string]interface{}{ "release_name": "testing", }}, }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, }, }, } v1 := map[string]interface{}{ "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", "helm": []interface{}{map[string]interface{}{ "release_name": "testing", "skip_crds": false, }}, }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, }, }, } actual, _ := resourceArgoCDApplicationStateUpgradeV0(t.Context(), v0, nil) if !reflect.DeepEqual(v1, actual) { t.Fatalf("\n\nexpected:\n\n%#v\n\ngot:\n\n%#v\n\n", v1, actual) } } func TestUpgradeSchemaApplication_V0V1_Default_SkipCrds_NoChange(t *testing.T) { t.Parallel() v0 := map[string]interface{}{ "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, }, }, } actual, _ := resourceArgoCDApplicationStateUpgradeV0(t.Context(), v0, nil) if !reflect.DeepEqual(v0, actual) { t.Fatalf("\n\nexpected:\n\n%#v\n\ngot:\n\n%#v\n\n", v0, actual) } } func TestUpgradeSchemaApplication_V1V2_Default_NoChange(t *testing.T) { t.Parallel() v1 := map[string]interface{}{ "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", "helm": []interface{}{map[string]interface{}{ "release_name": "testing", "skip_crds": false, }}, }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, }, }, } actual, _ := resourceArgoCDApplicationStateUpgradeV1(t.Context(), v1, nil) if !reflect.DeepEqual(v1, actual) { t.Fatalf("\n\nexpected:\n\n%#v\n\ngot:\n\n%#v\n\n", v1, actual) } } func TestUpgradeSchemaApplication_V1V2_WithKsonnet(t *testing.T) { t.Parallel() v1 := map[string]interface{}{ "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", "ksonnet": []interface{}{map[string]interface{}{ "destination": []interface{}{map[string]interface{}{ "namespace": "foo", }}, }}, }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, }, }, } _, err := resourceArgoCDApplicationStateUpgradeV1(t.Context(), v1, nil) if err == nil || !strings.Contains(err.Error(), "'ksonnet' support has been removed") { t.Fatalf("\n\nexpected error during state migration was not found - err returned was: %v", err) } } func TestUpgradeSchemaApplication_V2V3_Default_NoChange(t *testing.T) { t.Parallel() v2 := map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", "helm": []interface{}{map[string]interface{}{ "release_name": "testing", "skip_crds": false, }}, }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, }, }, } actual, _ := resourceArgoCDApplicationStateUpgradeV2(t.Context(), v2, nil) if !reflect.DeepEqual(v2, actual) { t.Fatalf("\n\nexpected:\n\n%#v\n\ngot:\n\n%#v\n\n", v2, actual) } } func TestUpgradeSchemaApplication_V3V4(t *testing.T) { t.Parallel() type stateUpgradeTestCases []struct { name string sourceState map[string]interface{} expectedState map[string]interface{} } cases := stateUpgradeTestCases{ { name: "no sync policy", sourceState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, }, }, }, expectedState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, }, }, }, }, { name: "full sync policy", sourceState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, "sync_policy": []interface{}{map[string]interface{}{ "automated": map[string]interface{}{ "prune": true, "self_heal": true, "allow_empty": true, }, "sync_options": []string{ "Validate=false", }, "retry": []interface{}{map[string]interface{}{ "limit": "5", "backoff": map[string]interface{}{ "duration": "30s", "max_duration": "2m", "factor": "2", }, }}, }}, }, }, }, expectedState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, "sync_policy": []interface{}{map[string]interface{}{ "automated": []map[string]interface{}{ { "prune": true, "self_heal": true, "allow_empty": true, }, }, "sync_options": []string{ "Validate=false", }, "retry": []interface{}{map[string]interface{}{ "limit": "5", "backoff": []map[string]interface{}{ { "duration": "30s", "max_duration": "2m", "factor": "2", }, }, }}, }}, }, }, }, }, { name: "no automated block", sourceState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, "sync_policy": []interface{}{map[string]interface{}{ "sync_options": []string{ "Validate=false", }, "retry": []interface{}{map[string]interface{}{ "limit": "5", "backoff": map[string]interface{}{ "duration": "30s", "max_duration": "2m", "factor": "2", }, }}, }}, }, }, }, expectedState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, "sync_policy": []interface{}{map[string]interface{}{ "sync_options": []string{ "Validate=false", }, "retry": []interface{}{map[string]interface{}{ "limit": "5", "backoff": []map[string]interface{}{ { "duration": "30s", "max_duration": "2m", "factor": "2", }, }, }}, }}, }, }, }, }, { name: "blank automated block", sourceState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, "sync_policy": []interface{}{map[string]interface{}{ "automated": map[string]interface{}{}, "sync_options": []string{ "Validate=false", }, "retry": []interface{}{map[string]interface{}{ "limit": "5", "backoff": map[string]interface{}{ "duration": "30s", "max_duration": "2m", "factor": "2", }, }}, }}, }, }, }, expectedState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, "sync_policy": []interface{}{map[string]interface{}{ "automated": []map[string]interface{}{{}}, "sync_options": []string{ "Validate=false", }, "retry": []interface{}{map[string]interface{}{ "limit": "5", "backoff": []map[string]interface{}{ { "duration": "30s", "max_duration": "2m", "factor": "2", }, }, }}, }}, }, }, }, }, { name: "no backoff", sourceState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, "sync_policy": []interface{}{map[string]interface{}{ "automated": map[string]interface{}{ "prune": true, "self_heal": true, "allow_empty": true, }, "sync_options": []string{ "Validate=false", }, "retry": []interface{}{map[string]interface{}{ "limit": "5", }}, }}, }, }, }, expectedState: map[string]interface{}{ "metadata": []interface{}{ map[string]interface{}{ "name": "test", "namespace": "argocd", }, }, "spec": []interface{}{ map[string]interface{}{ "source": []interface{}{map[string]interface{}{ "repo_url": "https://kubernetes-sigs.github.io/descheduler", "chart": "descheduler", "target_revision": "0.33.0", }}, "destination": []interface{}{map[string]interface{}{ "server": "https://kubernetes.default.svc", "namespace": "default", }}, "sync_policy": []interface{}{map[string]interface{}{ "automated": []map[string]interface{}{ { "prune": true, "self_heal": true, "allow_empty": true, }, }, "sync_options": []string{ "Validate=false", }, "retry": []interface{}{map[string]interface{}{ "limit": "5", }}, }}, }, }, }, }, } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { t.Parallel() actualState, err := resourceArgoCDApplicationStateUpgradeV3(t.Context(), tc.sourceState, nil) if err != nil { t.Fatalf("error migrating state: %s", err) } if !reflect.DeepEqual(actualState, tc.expectedState) { t.Fatalf("\n\nexpected:\n\n%#v\n\ngot:\n\n%#v\n\n", tc.expectedState, actualState) } }) } } ================================================ FILE: argocd/schema_cluster.go ================================================ package argocd import ( "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func clusterSchema() map[string]*schema.Schema { return map[string]*schema.Schema{ "name": { Type: schema.TypeString, Description: "Name of the cluster. If omitted, will use the server address.", Optional: true, DiffSuppressFunc: func(k, oldValue, newValue string, d *schema.ResourceData) bool { if k == "name" { name, nameOk := d.GetOk("name") server, serverOk := d.GetOk("server") // Actual value is same as 'server' but not explicitly set if nameOk && serverOk && name == server && oldValue == server && newValue == "" { return true } } return false }, }, "server": { Type: schema.TypeString, Description: "Server is the API server URL of the Kubernetes cluster.", Optional: true, ForceNew: true, DiffSuppressFunc: func(k, oldValue, newValue string, d *schema.ResourceData) bool { return oldValue == strings.TrimRight(newValue, "/") }, }, "shard": { Type: schema.TypeString, Description: "Optional shard number. Calculated on the fly by the application controller if not specified.", Optional: true, }, "namespaces": { Type: schema.TypeList, Description: "List of namespaces which are accessible in that cluster. Cluster level resources would be ignored if namespace list is not empty.", Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, }, }, "config": { Type: schema.TypeList, Description: "Cluster information for connecting to a cluster.", Required: true, MinItems: 1, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "aws_auth_config": { Type: schema.TypeList, Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "cluster_name": { Type: schema.TypeString, Description: "AWS cluster name.", Optional: true, }, "role_arn": { Type: schema.TypeString, Optional: true, Description: "IAM role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.", }, }, }, }, "bearer_token": { Type: schema.TypeString, Description: "Server requires Bearer authentication. The client will not attempt to use refresh tokens for an OAuth2 flow.", Optional: true, Sensitive: true, }, "exec_provider_config": { Type: schema.TypeList, Optional: true, MaxItems: 1, Description: "Configuration for an exec provider used to call an external command to perform cluster authentication See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "api_version": { Type: schema.TypeString, Optional: true, Description: "Preferred input version of the ExecInfo", }, "args": { Type: schema.TypeList, Optional: true, Description: "Arguments to pass to the command when executing it", Sensitive: true, Elem: &schema.Schema{ Type: schema.TypeString, }, }, "command": { Type: schema.TypeString, Optional: true, Description: "Command to execute", }, "env": { Type: schema.TypeMap, Optional: true, Description: "Env defines additional environment variables to expose to the process. Passed as a map of strings", Sensitive: true, Elem: &schema.Schema{ Type: schema.TypeString, }, }, "install_hint": { Type: schema.TypeString, Description: "This text is shown to the user when the executable doesn't seem to be present", Optional: true, }, }, }, }, "tls_client_config": { Type: schema.TypeList, Description: "Settings to enable transport layer security when connecting to the cluster.", MaxItems: 1, Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "ca_data": { Type: schema.TypeString, Optional: true, Description: "PEM-encoded bytes (typically read from a root certificates bundle).", }, "cert_data": { Type: schema.TypeString, Optional: true, Description: "PEM-encoded bytes (typically read from a client certificate file).", }, "insecure": { Type: schema.TypeBool, Optional: true, Description: "Whether server should be accessed without verifying the TLS certificate.", }, "key_data": { Type: schema.TypeString, Optional: true, Sensitive: true, Description: "PEM-encoded bytes (typically read from a client certificate key file).", }, "server_name": { Type: schema.TypeString, Optional: true, Description: "Name to pass to the server for SNI and used in the client to check server certificates against. If empty, the hostname used to contact the server is used.", }, }, }, }, "username": { Type: schema.TypeString, Optional: true, Description: "Username for servers that require Basic authentication.", }, "password": { Type: schema.TypeString, Description: "Password for servers that require Basic authentication.", Optional: true, Sensitive: true, }, }, }, }, "info": { Type: schema.TypeList, Description: "Information about cluster cache and state.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "server_version": { Type: schema.TypeString, Description: "Kubernetes version of the cluster.", Computed: true, }, "applications_count": { Type: schema.TypeString, Description: "Number of applications managed by Argo CD on the cluster.", Computed: true, }, "connection_state": { Type: schema.TypeList, Description: "Information about the connection to the cluster.", Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "message": { Type: schema.TypeString, Description: "Human readable information about the connection status.", Computed: true, }, "status": { Type: schema.TypeString, Description: "Current status indicator for the connection.", Computed: true, }, }, }, }, }, }, }, "metadata": { Type: schema.TypeList, Description: "Standard cluster secret's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata", Optional: true, MaxItems: 2, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "annotations": { Type: schema.TypeMap, Description: "An unstructured key value map stored with the cluster secret that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, ValidateFunc: validateMetadataAnnotations, }, "labels": { Type: schema.TypeMap, Description: "Map of string keys and values that can be used to organize and categorize (scope and select) the cluster secret. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, ValidateFunc: validateMetadataLabels(false), }, }, }, }, "project": { Type: schema.TypeString, Description: "Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters.", Optional: true, }, } } ================================================ FILE: argocd/schema_label_selector.go ================================================ package argocd import "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" func labelSelectorSchema() map[string]*schema.Schema { return map[string]*schema.Schema{ "match_expressions": matchExpressionsSchema(), "match_labels": { Type: schema.TypeMap, Description: "A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", Optional: true, }, } } func matchExpressionsSchema() *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "A list of label selector requirements. The requirements are ANDed.", Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "key": { Type: schema.TypeString, Description: "The label key that the selector applies to.", Optional: true, }, "operator": { Type: schema.TypeString, Description: "A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`.", Optional: true, }, "values": { Type: schema.TypeSet, Description: "An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch.", Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, }, }, }, } } ================================================ FILE: argocd/schema_metadata.go ================================================ package argocd import ( "fmt" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func metadataSchema(name string) *schema.Schema { return &schema.Schema{ Type: schema.TypeList, Description: "Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).", Required: true, MaxItems: 1, Elem: &schema.Resource{ Schema: metadataFields(name), }, } } func metadataFields(objectName string) map[string]*schema.Schema { return map[string]*schema.Schema{ "annotations": { Type: schema.TypeMap, Description: fmt.Sprintf("An unstructured key value map stored with the %s that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations", objectName), Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, ValidateFunc: validateMetadataAnnotations, }, "generation": { Type: schema.TypeInt, Description: "A sequence number representing a specific generation of the desired state.", Computed: true, }, "labels": { Type: schema.TypeMap, Description: fmt.Sprintf("Map of string keys and values that can be used to organize and categorize (scope and select) the %s. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", objectName), Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, ValidateFunc: validateMetadataLabels(false), }, "name": { Type: schema.TypeString, Description: fmt.Sprintf("Name of the %s, must be unique. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", objectName), Optional: true, ForceNew: true, Computed: true, ValidateFunc: validateMetadataName, }, "namespace": { Type: schema.TypeString, Description: fmt.Sprintf("Namespace of the %s, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", objectName), Optional: true, ForceNew: true, Computed: true, ValidateFunc: validateMetadataName, }, "resource_version": { Type: schema.TypeString, Description: fmt.Sprintf("An opaque value that represents the internal version of this %s that can be used by clients to determine when %s has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", objectName, objectName), Computed: true, }, "uid": { Type: schema.TypeString, Description: fmt.Sprintf("The unique in time and space value for this %s. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", objectName), Computed: true, }, } } ================================================ FILE: argocd/server_interface.go ================================================ package argocd import ( "context" "fmt" "os" "strconv" "sync" "github.com/Masterminds/semver/v3" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/argoproj/argo-cd/v3/pkg/apiclient" "github.com/argoproj/argo-cd/v3/pkg/apiclient/account" "github.com/argoproj/argo-cd/v3/pkg/apiclient/application" "github.com/argoproj/argo-cd/v3/pkg/apiclient/applicationset" "github.com/argoproj/argo-cd/v3/pkg/apiclient/certificate" "github.com/argoproj/argo-cd/v3/pkg/apiclient/cluster" "github.com/argoproj/argo-cd/v3/pkg/apiclient/gpgkey" "github.com/argoproj/argo-cd/v3/pkg/apiclient/project" "github.com/argoproj/argo-cd/v3/pkg/apiclient/repocreds" "github.com/argoproj/argo-cd/v3/pkg/apiclient/repository" "github.com/argoproj/argo-cd/v3/pkg/apiclient/session" "github.com/argoproj/argo-cd/v3/pkg/apiclient/version" "github.com/argoproj/argo-cd/v3/util/io" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" "google.golang.org/protobuf/types/known/emptypb" "k8s.io/apimachinery/pkg/util/runtime" ) var runtimeErrorHandlers []runtime.ErrorHandler type ServerInterface struct { AccountClient account.AccountServiceClient ApiClient apiclient.Client ApplicationClient application.ApplicationServiceClient ApplicationSetClient applicationset.ApplicationSetServiceClient CertificateClient certificate.CertificateServiceClient ClusterClient cluster.ClusterServiceClient GPGKeysClient gpgkey.GPGKeyServiceClient ProjectClient project.ProjectServiceClient RepoCredsClient repocreds.RepoCredsServiceClient RepositoryClient repository.RepositoryServiceClient SessionClient session.SessionServiceClient ServerVersion *semver.Version ServerVersionMessage *version.VersionMessage config ArgoCDProviderConfig initialized bool sync.RWMutex } func NewServerInterface(c ArgoCDProviderConfig) *ServerInterface { return &ServerInterface{ config: c, } } func (si *ServerInterface) InitClients(ctx context.Context) diag.Diagnostics { si.Lock() defer si.Unlock() if si.initialized { return nil } opts, d := si.config.getApiClientOptions(ctx) if d.HasError() { return d } ac, err := apiclient.NewClient(opts) if err != nil { return diagnostics.Error("failed to create new API client", err) } var diags diag.Diagnostics _, si.AccountClient, err = ac.NewAccountClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize account client", err)...) } _, si.ApplicationClient, err = ac.NewApplicationClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize application client", err)...) } _, si.ApplicationSetClient, err = ac.NewApplicationSetClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize application set client", err)...) } _, si.CertificateClient, err = ac.NewCertClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize certificate client", err)...) } _, si.ClusterClient, err = ac.NewClusterClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize cluster client", err)...) } _, si.GPGKeysClient, err = ac.NewGPGKeyClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize GPG keys client", err)...) } _, si.ProjectClient, err = ac.NewProjectClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize project client", err)...) } _, si.RepositoryClient, err = ac.NewRepoClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize repository client", err)...) } _, si.RepoCredsClient, err = ac.NewRepoCredsClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize repository credentials client", err)...) } _, si.SessionClient, err = ac.NewSessionClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize session client", err)...) } acCloser, versionClient, err := ac.NewVersionClient() if err != nil { diags.Append(diagnostics.Error("failed to initialize version client", err)...) } else { defer io.Close(acCloser) serverVersionMessage, err := versionClient.Version(ctx, &emptypb.Empty{}) if err != nil { return diagnostics.Error("failed to read server version", err) } if serverVersionMessage == nil { return diagnostics.Error("could not get server version information", nil) } si.ServerVersionMessage = serverVersionMessage serverVersion, err := semver.NewVersion(serverVersionMessage.Version) if err != nil { diags.Append(diagnostics.Error(fmt.Sprintf("could not parse server semantic version: %s", serverVersionMessage.Version), nil)...) } si.ServerVersion = serverVersion } si.initialized = !diags.HasError() return diags } // Checks that a specific feature is available for the current ArgoCD server version. // 'feature' argument must match one of the predefined feature* constants. func (si *ServerInterface) IsFeatureSupported(feature features.Feature) bool { fc, ok := features.ConstraintsMap[feature] if fc.MinVersion == nil { return true } return ok && fc.MinVersion.Compare(si.ServerVersion) != 1 } func getDefaultString(s types.String, envKey string) string { if !s.IsNull() && !s.IsUnknown() { return s.ValueString() } return os.Getenv(envKey) } func getDefaultBool(ctx context.Context, b types.Bool, envKey string) bool { if !b.IsNull() && !b.IsUnknown() { return b.ValueBool() } env, ok := os.LookupEnv(envKey) if !ok { return false } pb, err := strconv.ParseBool(env) if err == nil { return pb } tflog.Warn(ctx, fmt.Sprintf("failed to parse env var %s with value %s as bool. Will default to `false`.", envKey, env)) return false } ================================================ FILE: argocd/server_interface_test.go ================================================ package argocd import ( "fmt" "testing" "github.com/Masterminds/semver/v3" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/argoproj/argo-cd/v3/pkg/apiclient/version" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) const ( semverEquals = iota semverGreater semverLess ) func serverInterfaceTestData(t *testing.T, argocdVersion string, semverOperator int) *ServerInterface { v, err := semver.NewVersion(argocdVersion) require.NoError(t, err) require.True(t, v.Major() >= 1) switch semverOperator { case semverEquals: case semverGreater: inc := v.IncMajor() v = &inc assert.NoError(t, err) case semverLess: v, err = semver.NewVersion( fmt.Sprintf("%d.%d.%d", v.Major()-1, v.Minor(), v.Patch(), )) assert.NoError(t, err) default: t.Error("unsupported semver test semverOperator") } vm := &version.VersionMessage{ Version: v.String(), } return &ServerInterface{ ServerVersion: v, ServerVersionMessage: vm, } } func TestServerInterface_isFeatureSupported(t *testing.T) { t.Parallel() type args struct { feature features.Feature } tests := []struct { name string si *ServerInterface args args want bool }{ { name: "featureExecLogsPolicy-2.7.2", si: serverInterfaceTestData(t, "2.7.2", semverEquals), args: args{feature: features.ExecLogsPolicy}, want: true, }, { name: "featureExecLogsPolicy-2.7.2+", si: serverInterfaceTestData(t, "2.7.2", semverGreater), args: args{feature: features.ExecLogsPolicy}, want: true, }, { name: "featureExecLogsPolicy-2.7.2-", si: serverInterfaceTestData(t, "2.7.2", semverLess), args: args{feature: features.ExecLogsPolicy}, want: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { t.Parallel() got := tt.si.IsFeatureSupported(tt.args.feature) if got != tt.want { t.Errorf("isFeatureSupported() got = %v, want %v, version %s", got, tt.want, tt.si.ServerVersion.String(), ) } }) } } ================================================ FILE: argocd/structure_application.go ================================================ package argocd import ( "encoding/json" "fmt" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" application "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" meta "k8s.io/apimachinery/pkg/apis/meta/v1" ) // Expand func expandApplication(d *schema.ResourceData, featureApplicationSourceNameSupported bool) (metadata meta.ObjectMeta, spec application.ApplicationSpec, err error) { metadata = expandMetadata(d) spec, err = expandApplicationSpec(d.Get("spec.0").(map[string]interface{}), featureApplicationSourceNameSupported) return } func expandApplicationSpec(s map[string]interface{}, featureApplicationSourceNameSupported bool) (spec application.ApplicationSpec, err error) { if v, ok := s["project"]; ok { spec.Project = v.(string) } if v, ok := s["revision_history_limit"]; ok { pv := int64(v.(int)) spec.RevisionHistoryLimit = &pv } if v, ok := s["info"]; ok { spec.Info, err = expandApplicationInfo(v.(*schema.Set)) if err != nil { return spec, err } } if v, ok := s["ignore_difference"]; ok { spec.IgnoreDifferences = expandApplicationIgnoreDifferences(v.([]interface{})) } if v, ok := s["sync_policy"].([]interface{}); ok && len(v) > 0 { spec.SyncPolicy, err = expandApplicationSyncPolicy(v[0]) if err != nil { return spec, err } } if v, ok := s["destination"]; ok { spec.Destination = expandApplicationDestination(v.(*schema.Set).List()[0]) } if v, ok := s["source"].([]interface{}); ok && len(v) > 0 { spec.Sources, err = expandApplicationSource(v, featureApplicationSourceNameSupported) if err != nil { return spec, err } } return spec, nil } func expandApplicationSource(_ass []interface{}, featureApplicationSourceNameSupported bool) (ass []application.ApplicationSource, err error) { ass = make([]application.ApplicationSource, len(_ass)) for i, v := range _ass { as := v.(map[string]interface{}) s := application.ApplicationSource{} if v, ok := as["repo_url"]; ok { s.RepoURL = v.(string) } if v, ok := as["path"]; ok { s.Path = v.(string) } if v, ok := as["ref"]; ok { s.Ref = v.(string) } if v, ok := as["name"]; ok && v.(string) != "" { if !featureApplicationSourceNameSupported { f := features.ConstraintsMap[features.ApplicationSourceName] err = fmt.Errorf("%s is only supported from ArgoCD %s onwards", f.Name, f.MinVersion.String()) return ass, err } s.Name = v.(string) } if v, ok := as["target_revision"]; ok { s.TargetRevision = v.(string) } if v, ok := as["chart"]; ok { s.Chart = v.(string) } if v, ok := as["helm"]; ok { s.Helm = expandApplicationSourceHelm(v.([]interface{})) } if v, ok := as["kustomize"]; ok { s.Kustomize = expandApplicationSourceKustomize(v.([]interface{})) } if v, ok := as["directory"].([]interface{}); ok && len(v) > 0 { s.Directory = expandApplicationSourceDirectory(v[0]) } if v, ok := as["plugin"]; ok { s.Plugin = expandApplicationSourcePlugin(v.([]interface{})) } ass[i] = s } return ass, err } func expandApplicationSourcePlugin(in []interface{}) *application.ApplicationSourcePlugin { if len(in) == 0 { return nil } result := &application.ApplicationSourcePlugin{} a := in[0].(map[string]interface{}) if v, ok := a["name"]; ok { result.Name = v.(string) } if env, ok := a["env"]; ok { for _, v := range env.(*schema.Set).List() { result.Env = append(result.Env, &application.EnvEntry{ Name: v.(map[string]interface{})["name"].(string), Value: v.(map[string]interface{})["value"].(string), }) } } return result } func expandApplicationSourceDirectory(in interface{}) *application.ApplicationSourceDirectory { result := &application.ApplicationSourceDirectory{} if in == nil { return result } a := in.(map[string]interface{}) if v, ok := a["recurse"]; ok { result.Recurse = v.(bool) } if v, ok := a["exclude"]; ok { result.Exclude = v.(string) } if v, ok := a["include"]; ok { result.Include = v.(string) } if aj, ok := a["jsonnet"].([]interface{}); ok { jsonnet := application.ApplicationSourceJsonnet{} if len(aj) > 0 && aj[0] != nil { j := aj[0].(map[string]interface{}) if evs, ok := j["ext_var"].([]interface{}); ok && len(evs) > 0 { for _, v := range evs { if vv, ok := v.(map[string]interface{}); ok { jsonnet.ExtVars = append(jsonnet.ExtVars, application.JsonnetVar{ Name: vv["name"].(string), Value: vv["value"].(string), Code: vv["code"].(bool), }) } } } if tlas, ok := j["tla"].(*schema.Set); ok && len(tlas.List()) > 0 { for _, v := range tlas.List() { if vv, ok := v.(map[string]interface{}); ok { jsonnet.TLAs = append(jsonnet.TLAs, application.JsonnetVar{ Name: vv["name"].(string), Value: vv["value"].(string), Code: vv["code"].(bool), }) } } } if libs, ok := j["libs"].([]interface{}); ok && len(libs) > 0 { for _, lib := range libs { jsonnet.Libs = append(jsonnet.Libs, lib.(string)) } } } result.Jsonnet = jsonnet } return result } func expandApplicationSourceKustomize(in []interface{}) *application.ApplicationSourceKustomize { if len(in) == 0 { return nil } result := &application.ApplicationSourceKustomize{} if a, ok := in[0].(map[string]interface{}); ok { if v, ok := a["name_prefix"]; ok { result.NamePrefix = v.(string) } if v, ok := a["name_suffix"]; ok { result.NameSuffix = v.(string) } if v, ok := a["version"]; ok { result.Version = v.(string) } if v, ok := a["images"]; ok { for _, i := range v.(*schema.Set).List() { result.Images = append(result.Images, application.KustomizeImage(i.(string))) } } if cls, ok := a["common_labels"]; ok { result.CommonLabels = make(map[string]string, 0) for k, v := range cls.(map[string]interface{}) { result.CommonLabels[k] = v.(string) } } if cas, ok := a["common_annotations"]; ok { result.CommonAnnotations = make(map[string]string, 0) for k, v := range cas.(map[string]interface{}) { result.CommonAnnotations[k] = v.(string) } } if patches, ok := a["patches"]; ok { for _, v := range patches.([]interface{}) { patchMap := v.(map[string]interface{}) kustomizePatch := application.KustomizePatch{} if patch, ok := patchMap["patch"]; ok { kustomizePatch.Patch = patch.(string) } if target, ok := patchMap["target"]; ok { kustomizePatch.Target = expandApplicationSourceKustomizePatchTarget(target.([]interface{})) } if options, ok := patchMap["options"]; ok { kustomizePatch.Options = expandBoolMap(options.(map[string]interface{})) } result.Patches = append(result.Patches, kustomizePatch) } } } return result } func expandApplicationSourceKustomizePatchTarget(in []interface{}) *application.KustomizeSelector { if len(in) == 0 { return nil } result := &application.KustomizeSelector{ KustomizeResId: application.KustomizeResId{ KustomizeGvk: application.KustomizeGvk{}, }, } t := in[0].(map[string]interface{}) if group, ok := t["group"]; ok { result.Group = group.(string) } if version, ok := t["version"]; ok { result.Version = version.(string) } if kind, ok := t["kind"]; ok { result.Kind = kind.(string) } if name, ok := t["name"]; ok { result.Name = name.(string) } if namespace, ok := t["namespace"]; ok { result.Namespace = namespace.(string) } if label_selector, ok := t["label_selector"]; ok { result.LabelSelector = label_selector.(string) } if annotation_selector, ok := t["annotation_selector"]; ok { result.AnnotationSelector = annotation_selector.(string) } return result } func expandApplicationSourceHelm(in []interface{}) *application.ApplicationSourceHelm { if len(in) == 0 { return nil } result := &application.ApplicationSourceHelm{} if a, ok := in[0].(map[string]interface{}); ok { if v, ok := a["value_files"]; ok { for _, vf := range v.([]interface{}) { result.ValueFiles = append(result.ValueFiles, vf.(string)) } } if v, ok := a["values"]; ok { result.Values = v.(string) } if v, ok := a["release_name"]; ok { result.ReleaseName = v.(string) } if v, ok := a["pass_credentials"]; ok { result.PassCredentials = v.(bool) } if v, ok := a["ignore_missing_value_files"]; ok { result.IgnoreMissingValueFiles = v.(bool) } if parameters, ok := a["parameter"]; ok { for _, _p := range parameters.(*schema.Set).List() { p := _p.(map[string]interface{}) parameter := application.HelmParameter{} if v, ok := p["force_string"]; ok { parameter.ForceString = v.(bool) } if v, ok := p["name"]; ok { parameter.Name = v.(string) } if v, ok := p["value"]; ok { parameter.Value = v.(string) } result.Parameters = append(result.Parameters, parameter) } } if fileParameters, ok := a["file_parameter"]; ok { for _, _p := range fileParameters.(*schema.Set).List() { p := _p.(map[string]interface{}) parameter := application.HelmFileParameter{} if v, ok := p["name"]; ok { parameter.Name = v.(string) } if v, ok := p["path"]; ok { parameter.Path = v.(string) } result.FileParameters = append(result.FileParameters, parameter) } } if v, ok := a["skip_crds"]; ok { result.SkipCrds = v.(bool) } if v, ok := a["skip_schema_validation"]; ok { result.SkipSchemaValidation = v.(bool) } if v, ok := a["version"]; ok { result.Version = v.(string) } } return result } func expandApplicationSyncPolicy(sp interface{}) (*application.SyncPolicy, error) { syncPolicy := &application.SyncPolicy{} if sp == nil { return syncPolicy, nil } p := sp.(map[string]interface{}) if _a, ok := p["automated"].(*schema.Set); ok { automated := &application.SyncPolicyAutomated{} list := _a.List() if len(list) > 0 { a := list[0].(map[string]interface{}) if v, ok := a["prune"]; ok { automated.Prune = v.(bool) } if v, ok := a["self_heal"]; ok { automated.SelfHeal = v.(bool) } if v, ok := a["allow_empty"]; ok { automated.AllowEmpty = v.(bool) } syncPolicy.Automated = automated } } if _sOpts, ok := p["sync_options"].([]interface{}); ok && len(_sOpts) > 0 { var syncOptions application.SyncOptions for _, so := range _sOpts { syncOptions = append(syncOptions, so.(string)) } syncPolicy.SyncOptions = syncOptions } if _retry, ok := p["retry"].([]interface{}); ok && len(_retry) > 0 { retry := &application.RetryStrategy{} r := (_retry[0]).(map[string]interface{}) if v, ok := r["limit"]; ok { var err error retry.Limit, err = convertStringToInt64(v.(string)) if err != nil { return nil, fmt.Errorf("failed to convert retry limit to integer: %w", err) } } if _b, ok := r["backoff"].(*schema.Set); ok { retry.Backoff = &application.Backoff{} list := _b.List() if len(list) > 0 { b := list[0].(map[string]interface{}) if v, ok := b["duration"]; ok { retry.Backoff.Duration = v.(string) } if v, ok := b["max_duration"]; ok { retry.Backoff.MaxDuration = v.(string) } if v, ok := b["factor"]; ok { factor, err := convertStringToInt64Pointer(v.(string)) if err != nil { return nil, fmt.Errorf("failed to convert backoff factor to integer: %w", err) } retry.Backoff.Factor = factor } } } syncPolicy.Retry = retry } if _mnm, ok := p["managed_namespace_metadata"].([]interface{}); ok && len(_mnm) > 0 { if mnm, ok := _mnm[0].(map[string]interface{}); ok { syncPolicy.ManagedNamespaceMetadata = &application.ManagedNamespaceMetadata{} if a, ok := mnm["annotations"]; ok { syncPolicy.ManagedNamespaceMetadata.Annotations = expandStringMap(a.(map[string]interface{})) } if l, ok := mnm["labels"]; ok { syncPolicy.ManagedNamespaceMetadata.Labels = expandStringMap(l.(map[string]interface{})) } } } return syncPolicy, nil } func expandApplicationIgnoreDifferences(ids []interface{}) (result []application.ResourceIgnoreDifferences) { for _, _id := range ids { id := _id.(map[string]interface{}) elem := application.ResourceIgnoreDifferences{} if v, ok := id["group"]; ok { elem.Group = v.(string) } if v, ok := id["kind"]; ok { elem.Kind = v.(string) } if v, ok := id["name"]; ok { elem.Name = v.(string) } if v, ok := id["namespace"]; ok { elem.Namespace = v.(string) } if v, ok := id["json_pointers"]; ok { jps := v.(*schema.Set).List() for _, jp := range jps { elem.JSONPointers = append(elem.JSONPointers, jp.(string)) } } if v, ok := id["jq_path_expressions"]; ok { jqpes := v.(*schema.Set).List() for _, jqpe := range jqpes { elem.JQPathExpressions = append(elem.JQPathExpressions, jqpe.(string)) } } if v, ok := id["managed_fields_managers"]; ok { managedFieldsManagers := v.(*schema.Set).List() for _, fieldsManager := range managedFieldsManagers { elem.ManagedFieldsManagers = append(elem.ManagedFieldsManagers, fieldsManager.(string)) } } result = append(result, elem) } return //nolint:nakedret // overriding as function follows pattern in rest of file } func expandApplicationInfo(infos *schema.Set) (result []application.Info, err error) { for _, i := range infos.List() { item := i.(map[string]interface{}) info := application.Info{} fieldSet := false if name, ok := item["name"].(string); ok && name != "" { info.Name = name fieldSet = true } if value, ok := item["value"].(string); ok && value != "" { info.Value = value fieldSet = true } if !fieldSet { return result, fmt.Errorf("spec.info: cannot be empty - must only contains 'name' or 'value' fields") } result = append(result, info) } return } func expandApplicationDestination(dest interface{}) (result application.ApplicationDestination) { d, ok := dest.(map[string]interface{}) if !ok { panic(fmt.Errorf("could not expand application destination")) } return application.ApplicationDestination{ Server: d["server"].(string), Namespace: d["namespace"].(string), Name: d["name"].(string), } } // Flatten func flattenApplication(app *application.Application, d *schema.ResourceData) error { metadata := flattenMetadata(app.ObjectMeta, d) if err := d.Set("metadata", metadata); err != nil { e, _ := json.MarshalIndent(metadata, "", "\t") return fmt.Errorf("error persisting metadata: %s\n%s", err, e) } spec := flattenApplicationSpec(app.Spec) if err := d.Set("spec", spec); err != nil { e, _ := json.MarshalIndent(spec, "", "\t") return fmt.Errorf("error persisting spec: %s\n%s", err, e) } status := flattenApplicationStatus(app.Status) if err := d.Set("status", status); err != nil { e, _ := json.MarshalIndent(status, "", "\t") return fmt.Errorf("error persisting status: %s\n%s", err, e) } return nil } func flattenApplicationSpec(s application.ApplicationSpec) []map[string]interface{} { spec := map[string]interface{}{ "destination": flattenApplicationDestinations([]application.ApplicationDestination{s.Destination}), "ignore_difference": flattenApplicationIgnoreDifferences(s.IgnoreDifferences), "info": flattenApplicationInfo(s.Info), "project": s.Project, "sync_policy": flattenApplicationSyncPolicy(s.SyncPolicy), } if s.Source != nil { spec["source"] = flattenApplicationSource([]application.ApplicationSource{*s.Source}) } else { spec["source"] = flattenApplicationSource(s.Sources) } if s.RevisionHistoryLimit != nil { spec["revision_history_limit"] = int(*s.RevisionHistoryLimit) } return []map[string]interface{}{spec} } func flattenApplicationSyncPolicy(sp *application.SyncPolicy) []map[string]interface{} { if sp == nil { return nil } result := make(map[string]interface{}, 0) if sp.Automated != nil { result["automated"] = []map[string]interface{}{ { "prune": sp.Automated.Prune, "self_heal": sp.Automated.SelfHeal, "allow_empty": sp.Automated.AllowEmpty, }, } } if sp.ManagedNamespaceMetadata != nil { result["managed_namespace_metadata"] = []map[string]interface{}{ { "annotations": sp.ManagedNamespaceMetadata.Annotations, "labels": sp.ManagedNamespaceMetadata.Labels, }, } } result["sync_options"] = []string(sp.SyncOptions) if sp.Retry != nil { limit := convertInt64ToString(sp.Retry.Limit) if sp.Retry.Backoff != nil { backoff := map[string]interface{}{ "duration": sp.Retry.Backoff.Duration, "max_duration": sp.Retry.Backoff.MaxDuration, } if sp.Retry.Backoff.Factor != nil { backoff["factor"] = convertInt64PointerToString(sp.Retry.Backoff.Factor) } result["retry"] = []map[string]interface{}{ { "limit": limit, "backoff": []map[string]interface{}{backoff}, }, } } else { result["retry"] = []map[string]interface{}{ { "limit": limit, }, } } } return []map[string]interface{}{result} } func flattenApplicationInfo(infos []application.Info) (result []map[string]string) { for _, i := range infos { info := map[string]string{} if i.Name != "" { info["name"] = i.Name } if i.Value != "" { info["value"] = i.Value } if len(info) > 0 { result = append(result, info) } } return } func flattenApplicationIgnoreDifferences(ids []application.ResourceIgnoreDifferences) (result []map[string]interface{}) { for _, id := range ids { result = append(result, map[string]interface{}{ "group": id.Group, "kind": id.Kind, "name": id.Name, "namespace": id.Namespace, "json_pointers": id.JSONPointers, "jq_path_expressions": id.JQPathExpressions, "managed_fields_managers": id.ManagedFieldsManagers, }) } return } func flattenApplicationSource(source []application.ApplicationSource) (result []map[string]interface{}) { for _, s := range source { result = append(result, map[string]interface{}{ "chart": s.Chart, "directory": flattenApplicationSourceDirectory([]*application.ApplicationSourceDirectory{s.Directory}), "helm": flattenApplicationSourceHelm([]*application.ApplicationSourceHelm{s.Helm}), "kustomize": flattenApplicationSourceKustomize([]*application.ApplicationSourceKustomize{s.Kustomize}), "name": s.Name, "path": s.Path, "plugin": flattenApplicationSourcePlugin([]*application.ApplicationSourcePlugin{s.Plugin}), "ref": s.Ref, "repo_url": s.RepoURL, "target_revision": s.TargetRevision, }) } return } func flattenApplicationSourcePlugin(as []*application.ApplicationSourcePlugin) (result []map[string]interface{}) { for _, a := range as { if a != nil { var env []map[string]string for _, e := range a.Env { env = append(env, map[string]string{ "name": e.Name, "value": e.Value, }) } result = append(result, map[string]interface{}{ "name": a.Name, "env": env, }) } } return } func flattenApplicationSourceDirectory(as []*application.ApplicationSourceDirectory) (result []map[string]interface{}) { for _, a := range as { if a != nil && !a.IsZero() { jsonnet := make(map[string][]interface{}, 0) for _, jev := range a.Jsonnet.ExtVars { jsonnet["ext_var"] = append(jsonnet["ext_var"], map[string]interface{}{ "code": jev.Code, "name": jev.Name, "value": jev.Value, }) } for _, jtla := range a.Jsonnet.TLAs { jsonnet["tla"] = append(jsonnet["tla"], map[string]interface{}{ "code": jtla.Code, "name": jtla.Name, "value": jtla.Value, }) } for _, lib := range a.Jsonnet.Libs { jsonnet["libs"] = append(jsonnet["libs"], lib) } m := map[string]interface{}{ "recurse": a.Recurse, "exclude": a.Exclude, "include": a.Include, } if len(jsonnet) > 0 { m["jsonnet"] = []map[string][]interface{}{jsonnet} } result = append(result, m) } } return //nolint:nakedret // only just breaching - function follows pattern in rest of file } func flattenApplicationSourceKustomize(as []*application.ApplicationSourceKustomize) (result []map[string]interface{}) { for _, a := range as { if a != nil { var images []string for _, i := range a.Images { images = append(images, string(i)) } var patches []map[string]interface{} for _, p := range a.Patches { patch := map[string]interface{}{ "patch": p.Patch, "path": p.Path, } if p.Target != nil { patch["target"] = []map[string]interface{}{ { "group": p.Target.Group, "version": p.Target.Version, "kind": p.Target.Kind, "name": p.Target.Name, "namespace": p.Target.Namespace, "label_selector": p.Target.LabelSelector, "annotation_selector": p.Target.AnnotationSelector, }, } } if p.Options != nil { patch["options"] = p.Options } patches = append(patches, patch) } result = append(result, map[string]interface{}{ "patches": patches, "common_annotations": a.CommonAnnotations, "common_labels": a.CommonLabels, "images": images, "name_prefix": a.NamePrefix, "name_suffix": a.NameSuffix, "version": a.Version, }) } } return result } func flattenApplicationSourceHelm(as []*application.ApplicationSourceHelm) (result []map[string]interface{}) { for _, a := range as { if a != nil { var parameters []map[string]interface{} for _, p := range a.Parameters { parameters = append(parameters, map[string]interface{}{ "force_string": p.ForceString, "name": p.Name, "value": p.Value, }) } var fileParameters []map[string]interface{} for _, p := range a.FileParameters { fileParameters = append(fileParameters, map[string]interface{}{ "name": p.Name, "path": p.Path, }) } result = append(result, map[string]interface{}{ "parameter": parameters, "file_parameter": fileParameters, "release_name": a.ReleaseName, "skip_crds": a.SkipCrds, "skip_schema_validation": a.SkipSchemaValidation, "value_files": a.ValueFiles, "values": a.Values, "pass_credentials": a.PassCredentials, "ignore_missing_value_files": a.IgnoreMissingValueFiles, "version": a.Version, }) } } return result } func flattenApplicationDestinations(ds []application.ApplicationDestination) (result []map[string]string) { for _, d := range ds { result = append(result, map[string]string{ "namespace": d.Namespace, "server": d.Server, "name": d.Name, }) } return } func flattenApplicationStatus(s application.ApplicationStatus) []map[string]interface{} { status := map[string]interface{}{ "conditions": flattenApplicationConditions(s.Conditions), "health": flattenApplicationHealthStatus(s.Health), "resources": flattenApplicationResourceStatuses(s.Resources), "summary": flattenApplicationSummary(s.Summary), "sync": flattenApplicationSyncStatus(s.Sync), } if s.OperationState != nil { status["operation_state"] = flattenApplicationOperationState(*s.OperationState) } if s.ReconciledAt != nil { status["reconciled_at"] = s.ReconciledAt.String() } return []map[string]interface{}{status} } func flattenApplicationConditions(aacs []application.ApplicationCondition) []map[string]interface{} { acs := make([]map[string]interface{}, len(aacs)) for i, v := range aacs { acs[i] = map[string]interface{}{ "message": v.Message, "type": v.Type, } if v.LastTransitionTime != nil { acs[i]["last_transition_time"] = v.LastTransitionTime.String() } } return acs } func flattenHealthStatus(hs application.HealthStatus) []map[string]interface{} { h := map[string]interface{}{ "message": hs.Message, "status": hs.Status, } return []map[string]interface{}{h} } func flattenApplicationHealthStatus(hs application.AppHealthStatus) []map[string]interface{} { h := map[string]interface{}{ "status": hs.Status, } return []map[string]interface{}{h} } func flattenApplicationSyncStatus(ss application.SyncStatus) []map[string]interface{} { s := map[string]interface{}{ "revision": ss.Revision, "revisions": ss.Revisions, "status": ss.Status, } return []map[string]interface{}{s} } func flattenApplicationResourceStatuses(arss []application.ResourceStatus) []map[string]interface{} { rss := make([]map[string]interface{}, len(arss)) for i, v := range arss { rss[i] = map[string]interface{}{ "group": v.Group, "hook": v.Hook, "kind": v.Kind, "name": v.Name, "namespace": v.Namespace, "requires_pruning": v.RequiresPruning, "status": v.Status, "sync_wave": convertInt64ToString(v.SyncWave), "version": v.Version, } if v.Health != nil { rss[i]["health"] = flattenHealthStatus(*v.Health) } } return rss } func flattenApplicationSummary(as application.ApplicationSummary) []map[string]interface{} { s := map[string]interface{}{ "external_urls": as.ExternalURLs, "images": as.Images, } return []map[string]interface{}{s} } func flattenApplicationOperationState(os application.OperationState) []map[string]interface{} { s := map[string]interface{}{ "message": os.Message, "phase": os.Phase, "retry_count": convertInt64ToString(os.RetryCount), "started_at": os.StartedAt.String(), } if os.FinishedAt != nil { s["finished_at"] = os.FinishedAt.String() } return []map[string]interface{}{s} } ================================================ FILE: argocd/structure_application_set.go ================================================ package argocd import ( "encoding/json" "fmt" "reflect" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" meta "k8s.io/apimachinery/pkg/apis/meta/v1" application "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" ) func expandApplicationSet(d *schema.ResourceData, featureMultipleApplicationSourcesSupported bool, featureApplicationSetIgnoreApplicationDifferences bool, featureApplicationSetTemplatePatch bool, featureApplicationSourceNameSupported bool) (metadata meta.ObjectMeta, spec application.ApplicationSetSpec, err error) { metadata = expandMetadata(d) spec, err = expandApplicationSetSpec(d, featureMultipleApplicationSourcesSupported, featureApplicationSetIgnoreApplicationDifferences, featureApplicationSetTemplatePatch, featureApplicationSourceNameSupported) return } func expandApplicationSetSpec(d *schema.ResourceData, featureMultipleApplicationSourcesSupported bool, featureApplicationSetIgnoreApplicationDifferences bool, featureApplicationSetTemplatePatch bool, featureApplicationSourceNameSupported bool) (spec application.ApplicationSetSpec, err error) { s := d.Get("spec.0").(map[string]interface{}) if v, ok := s["generator"].([]interface{}); ok && len(v) > 0 { spec.Generators, err = expandApplicationSetGenerators(v, featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return spec, err } } spec.GoTemplate = s["go_template"].(bool) if v, ok := s["go_template_options"]; ok { opts := v.(*schema.Set).List() for _, opt := range opts { spec.GoTemplateOptions = append(spec.GoTemplateOptions, opt.(string)) } } if featureApplicationSetTemplatePatch { if v, ok := s["template_patch"].(string); ok { spec.TemplatePatch = &v } } if v, ok := s["strategy"].([]interface{}); ok && len(v) > 0 { spec.Strategy, err = expandApplicationSetStrategy(v[0].(map[string]interface{})) if err != nil { return spec, err } } if v, ok := s["sync_policy"].([]interface{}); ok && len(v) > 0 { spec.SyncPolicy = expandApplicationSetSyncPolicy(v[0].(map[string]interface{})) } if v, ok := s["ignore_application_differences"].([]interface{}); ok && len(v) > 0 { spec.IgnoreApplicationDifferences = expandApplicationSetIgnoreDifferences(v, featureApplicationSetIgnoreApplicationDifferences) } if v, ok := s["template"].([]interface{}); ok && len(v) > 0 { spec.Template, err = expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return spec, err } } return spec, nil } func expandApplicationSetGenerators(g []interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) ([]application.ApplicationSetGenerator, error) { asgs := make([]application.ApplicationSetGenerator, len(g)) for i, v := range g { v := v.(map[string]interface{}) var g *application.ApplicationSetGenerator var err error if asg, ok := v["clusters"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetClustersGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } else if asg, ok = v["cluster_decision_resource"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetClusterDecisionResourceGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } else if asg, ok = v["git"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetGitGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } else if asg, ok = v["list"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetListGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } else if asg, ok = v["matrix"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetMatrixGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } else if asg, ok = v["merge"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetMergeGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } else if asg, ok = v["scm_provider"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetSCMProviderGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } else if asg, ok = v["pull_request"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetPullRequestGeneratorGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } else if asg, ok = v["plugin"].([]interface{}); ok && len(asg) > 0 { g, err = expandApplicationSetPluginGenerator(asg[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) } if err != nil { return nil, err } if s, ok := v["selector"].([]interface{}); ok && len(s) > 0 { ls := expandLabelSelector(s) g.Selector = &ls } asgs[i] = *g } return asgs, nil } func expandApplicationSetClustersGenerator(cg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { asg := &application.ApplicationSetGenerator{ Clusters: &application.ClusterGenerator{}, } c := cg.(map[string]interface{}) if v, ok := c["selector"]; ok { asg.Clusters.Selector = expandLabelSelector(v.([]interface{})) } if v, ok := c["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.Clusters.Template = temp } if v, ok := c["values"]; ok { asg.Clusters.Values = expandStringMap(v.(map[string]interface{})) } return asg, nil } func expandApplicationSetClusterDecisionResourceGenerator(cdrg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { c := cdrg.(map[string]interface{}) asg := &application.ApplicationSetGenerator{ ClusterDecisionResource: &application.DuckTypeGenerator{ ConfigMapRef: c["config_map_ref"].(string), Name: c["name"].(string), }, } if v, ok := c["label_selector"]; ok { asg.ClusterDecisionResource.LabelSelector = expandLabelSelector(v.([]interface{})) } if v, ok := c["requeue_after_seconds"].(string); ok && len(v) > 0 { ras, err := convertStringToInt64Pointer(v) if err != nil { return nil, fmt.Errorf("failed to convert requeue_after_seconds to *int64: %w", err) } asg.ClusterDecisionResource.RequeueAfterSeconds = ras } if v, ok := c["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.ClusterDecisionResource.Template = temp } if v, ok := c["values"]; ok { asg.ClusterDecisionResource.Values = expandStringMap(v.(map[string]interface{})) } return asg, nil } func expandApplicationSetGitGenerator(gg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { g := gg.(map[string]interface{}) asg := &application.ApplicationSetGenerator{ Git: &application.GitGenerator{ PathParamPrefix: g["path_param_prefix"].(string), RepoURL: g["repo_url"].(string), Revision: g["revision"].(string), }, } if v, ok := g["directory"].([]interface{}); ok && len(v) > 0 { for _, d := range v { d := d.(map[string]interface{}) dir := application.GitDirectoryGeneratorItem{ Path: d["path"].(string), } if e, ok := d["exclude"].(bool); ok { dir.Exclude = e } asg.Git.Directories = append(asg.Git.Directories, dir) } } if v, ok := g["file"].([]interface{}); ok && len(v) > 0 { for _, f := range v { f := f.(map[string]interface{}) file := application.GitFileGeneratorItem{ Path: f["path"].(string), } asg.Git.Files = append(asg.Git.Files, file) } } if v, ok := g["requeue_after_seconds"].(string); ok && len(v) > 0 { ras, err := convertStringToInt64Pointer(v) if err != nil { return nil, fmt.Errorf("failed to convert requeue_after_seconds to *int64: %w", err) } asg.Git.RequeueAfterSeconds = ras } if v, ok := g["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.Git.Template = temp } if v, ok := g["values"]; ok { asg.Git.Values = expandStringMap(v.(map[string]interface{})) } return asg, nil } func expandApplicationSetListGenerator(lg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { asg := &application.ApplicationSetGenerator{ List: &application.ListGenerator{}, } l := lg.(map[string]interface{}) // Handle elements field if e, ok := l["elements"].([]interface{}); ok && len(e) > 0 { for _, v := range e { data, err := json.Marshal(v) if err != nil { return asg, fmt.Errorf("failed to marshal list generator value: %w", err) } asg.List.Elements = append(asg.List.Elements, apiextensionsv1.JSON{ Raw: data, }) } } // Handle elements_yaml field if yamlStr, ok := l["elements_yaml"].(string); ok && yamlStr != "" { asg.List.ElementsYaml = yamlStr } if v, ok := l["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.List.Template = temp } return asg, nil } func expandApplicationSetMatrixGenerator(mg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { asg := &application.ApplicationSetGenerator{} m := mg.(map[string]interface{}) gs := m["generator"].([]interface{}) asgs, err := expandApplicationSetGenerators(gs, featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } ngs := make([]application.ApplicationSetNestedGenerator, len(asgs)) for i, g := range asgs { ngs[i] = application.ApplicationSetNestedGenerator{ ClusterDecisionResource: g.ClusterDecisionResource, Clusters: g.Clusters, Git: g.Git, List: g.List, Plugin: g.Plugin, PullRequest: g.PullRequest, SCMProvider: g.SCMProvider, } if g.Matrix != nil { json, err := json.Marshal(g.Matrix) if err != nil { return asg, fmt.Errorf("failed to marshal nested matrix generator to json: %w", err) } ngs[i].Matrix = &apiextensionsv1.JSON{ Raw: json, } } if g.Merge != nil { json, err := json.Marshal(g.Merge) if err != nil { return asg, fmt.Errorf("failed to marshal nested merge generator to json: %w", err) } ngs[i].Merge = &apiextensionsv1.JSON{ Raw: json, } } } asg.Matrix = &application.MatrixGenerator{ Generators: ngs, } if v, ok := m["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.Matrix.Template = temp } return asg, nil } func expandApplicationSetMergeGenerator(mg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { asg := &application.ApplicationSetGenerator{ Merge: &application.MergeGenerator{}, } m := mg.(map[string]interface{}) mks := m["merge_keys"].([]interface{}) for _, k := range mks { asg.Merge.MergeKeys = append(asg.Merge.MergeKeys, k.(string)) } gs := m["generator"].([]interface{}) asgs, err := expandApplicationSetGenerators(gs, featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } ngs := make([]application.ApplicationSetNestedGenerator, len(asgs)) for i, g := range asgs { ngs[i] = application.ApplicationSetNestedGenerator{ ClusterDecisionResource: g.ClusterDecisionResource, Clusters: g.Clusters, Git: g.Git, List: g.List, Plugin: g.Plugin, PullRequest: g.PullRequest, SCMProvider: g.SCMProvider, } if g.Matrix != nil { json, err := json.Marshal(g.Matrix) if err != nil { return asg, fmt.Errorf("failed to marshal nested matrix generator to json: %w", err) } ngs[i].Matrix = &apiextensionsv1.JSON{ Raw: json, } } if g.Merge != nil { json, err := json.Marshal(g.Merge) if err != nil { return asg, fmt.Errorf("failed to marshal nested merge generator to json: %w", err) } ngs[i].Merge = &apiextensionsv1.JSON{ Raw: json, } } } asg.Merge.Generators = ngs if v, ok := m["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.Merge.Template = temp } return asg, nil } func expandApplicationSetPluginGenerator(mg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { asg := &application.ApplicationSetGenerator{ Plugin: &application.PluginGenerator{}, } m := mg.(map[string]interface{}) if v, ok := m["input"].([]interface{}); ok && len(v) > 0 { tmp, err := expandApplicationSetInputParameters(v[0].(map[string]interface{})) if err != nil { return nil, err } asg.Plugin.Input.Parameters = tmp } if v, ok := m["config_map_ref"].(string); ok && v != "" { asg.Plugin.ConfigMapRef.Name = v } if v, ok := m["requeue_after_seconds"].(string); ok && v != "" { ras, err := convertStringToInt64Pointer(v) if err != nil { return nil, fmt.Errorf("failed to convert requeue_after_seconds to *int64: %w", err) } asg.Plugin.RequeueAfterSeconds = ras } if v, ok := m["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.Plugin.Template = temp } if v, ok := m["values"]; ok { asg.Plugin.Values = expandStringMap(v.(map[string]interface{})) } return asg, nil } func expandApplicationSetInputParameters(m map[string]interface{}) (application.PluginParameters, error) { params := application.PluginParameters{} if v, ok := m["parameters"].(map[string]interface{}); ok && len(v) > 0 { for k, v := range v { json, err := json.Marshal(v) if err != nil { return params, fmt.Errorf("failed to marshal plugin param to json: %w", err) } params[k] = apiextensionsv1.JSON{ Raw: json, } } } return params, nil } func expandApplicationSetPullRequestGeneratorGenerator(mg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { asg := &application.ApplicationSetGenerator{ PullRequest: &application.PullRequestGenerator{}, } m := mg.(map[string]interface{}) if v, ok := m["azure_devops"].([]interface{}); ok && len(v) > 0 { asg.PullRequest.AzureDevOps = expandApplicationSetPullRequestGeneratorAzureDevOps(v[0].(map[string]interface{})) } else if v, ok := m["bitbucket_server"].([]interface{}); ok && len(v) > 0 { asg.PullRequest.BitbucketServer = expandApplicationSetPullRequestGeneratorBitbucketServer(v[0].(map[string]interface{})) } else if v, ok := m["gitea"].([]interface{}); ok && len(v) > 0 { asg.PullRequest.Gitea = expandApplicationSetPullRequestGeneratorGitea(v[0].(map[string]interface{})) } else if v, ok := m["github"].([]interface{}); ok && len(v) > 0 { asg.PullRequest.Github = expandApplicationSetPullRequestGeneratorGithub(v[0].(map[string]interface{})) } else if v, ok := m["gitlab"].([]interface{}); ok && len(v) > 0 { asg.PullRequest.GitLab = expandApplicationSetPullRequestGeneratorGitlab(v[0].(map[string]interface{})) } if v, ok := m["filter"].([]interface{}); ok && len(v) > 0 { asg.PullRequest.Filters = expandApplicationSetPullRequestGeneratorFilters(v) } if v, ok := m["requeue_after_seconds"].(string); ok && v != "" { ras, err := convertStringToInt64Pointer(v) if err != nil { return nil, fmt.Errorf("failed to convert requeue_after_seconds to *int64: %w", err) } asg.PullRequest.RequeueAfterSeconds = ras } if v, ok := m["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.PullRequest.Template = temp } return asg, nil } func expandApplicationSetPullRequestGeneratorBitbucketServer(bs map[string]interface{}) *application.PullRequestGeneratorBitbucketServer { spgbs := &application.PullRequestGeneratorBitbucketServer{ API: bs["api"].(string), Project: bs["project"].(string), Repo: bs["repo"].(string), } if v, ok := bs["basic_auth"].([]interface{}); ok && len(v) > 0 { ba := v[0].(map[string]interface{}) spgbs.BasicAuth = &application.BasicAuthBitbucketServer{ Username: ba["username"].(string), } if pr, ok := ba["password_ref"].([]interface{}); ok && len(pr) > 0 { spgbs.BasicAuth.PasswordRef = expandSecretRef(pr[0].(map[string]interface{})) } } return spgbs } func expandApplicationSetPullRequestGeneratorGitea(g map[string]interface{}) *application.PullRequestGeneratorGitea { prgg := &application.PullRequestGeneratorGitea{ API: g["api"].(string), Insecure: g["insecure"].(bool), Owner: g["owner"].(string), Repo: g["repo"].(string), } if v, ok := g["token_ref"].([]interface{}); ok && len(v) > 0 { prgg.TokenRef = expandSecretRef(v[0].(map[string]interface{})) } return prgg } func expandApplicationSetPullRequestGeneratorGithub(g map[string]interface{}) *application.PullRequestGeneratorGithub { spgg := &application.PullRequestGeneratorGithub{ API: g["api"].(string), AppSecretName: g["app_secret_name"].(string), Owner: g["owner"].(string), Repo: g["repo"].(string), } if v, ok := g["labels"].([]interface{}); ok && len(v) > 0 { for _, l := range v { spgg.Labels = append(spgg.Labels, l.(string)) } } if v, ok := g["token_ref"].([]interface{}); ok && len(v) > 0 { spgg.TokenRef = expandSecretRef(v[0].(map[string]interface{})) } return spgg } func expandApplicationSetPullRequestGeneratorAzureDevOps(ado map[string]interface{}) *application.PullRequestGeneratorAzureDevOps { prgado := &application.PullRequestGeneratorAzureDevOps{ API: ado["api"].(string), Organization: ado["organization"].(string), Project: ado["project"].(string), Repo: ado["repo"].(string), } if v, ok := ado["labels"].([]interface{}); ok && len(v) > 0 { for _, l := range v { prgado.Labels = append(prgado.Labels, l.(string)) } } if v, ok := ado["token_ref"].([]interface{}); ok && len(v) > 0 { prgado.TokenRef = expandSecretRef(v[0].(map[string]interface{})) } return prgado } func expandApplicationSetPullRequestGeneratorGitlab(g map[string]interface{}) *application.PullRequestGeneratorGitLab { spgg := &application.PullRequestGeneratorGitLab{ API: g["api"].(string), Project: g["project"].(string), PullRequestState: g["pull_request_state"].(string), } if v, ok := g["labels"].([]interface{}); ok && len(v) > 0 { for _, l := range v { spgg.Labels = append(spgg.Labels, l.(string)) } } if v, ok := g["token_ref"].([]interface{}); ok && len(v) > 0 { spgg.TokenRef = expandSecretRef(v[0].(map[string]interface{})) } if v, ok := g["insecure"].(bool); ok { spgg.Insecure = v } if v, ok := g["ca_ref"].([]interface{}); ok && len(v) > 0 { spgg.CARef = expandConfigMapKeyRef(v[0].(map[string]interface{})) } return spgg } func expandApplicationSetPullRequestGeneratorFilters(fs []interface{}) []application.PullRequestGeneratorFilter { prgfs := make([]application.PullRequestGeneratorFilter, len(fs)) for i, v := range fs { f := v.(map[string]interface{}) spgf := application.PullRequestGeneratorFilter{} if bm, ok := f["branch_match"].(string); ok && bm != "" { spgf.BranchMatch = &bm } prgfs[i] = spgf } return prgfs } func expandApplicationSetSCMProviderGenerator(mg interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (*application.ApplicationSetGenerator, error) { m := mg.(map[string]interface{}) asg := &application.ApplicationSetGenerator{ SCMProvider: &application.SCMProviderGenerator{ CloneProtocol: m["clone_protocol"].(string), }, } if v, ok := m["azure_devops"].([]interface{}); ok && len(v) > 0 { asg.SCMProvider.AzureDevOps = expandApplicationSetSCMProviderAzureDevOps(v[0].(map[string]interface{})) } else if v, ok := m["bitbucket_cloud"].([]interface{}); ok && len(v) > 0 { asg.SCMProvider.Bitbucket = expandApplicationSetSCMProviderBitbucket(v[0].(map[string]interface{})) } else if v, ok := m["bitbucket_server"].([]interface{}); ok && len(v) > 0 { asg.SCMProvider.BitbucketServer = expandApplicationSetSCMProviderBitbucketServer(v[0].(map[string]interface{})) } else if v, ok := m["gitea"].([]interface{}); ok && len(v) > 0 { asg.SCMProvider.Gitea = expandApplicationSetSCMProviderGitea(v[0].(map[string]interface{})) } else if v, ok := m["github"].([]interface{}); ok && len(v) > 0 { asg.SCMProvider.Github = expandApplicationSetSCMProviderGithub(v[0].(map[string]interface{})) } else if v, ok := m["gitlab"].([]interface{}); ok && len(v) > 0 { asg.SCMProvider.Gitlab = expandApplicationSetSCMProviderGitlab(v[0].(map[string]interface{})) } if v, ok := m["filter"].([]interface{}); ok && len(v) > 0 { asg.SCMProvider.Filters = expandApplicationSetSCMProviderGeneratorFilters(v) } if v, ok := m["requeue_after_seconds"].(string); ok && v != "" { ras, err := convertStringToInt64Pointer(v) if err != nil { return nil, fmt.Errorf("failed to convert requeue_after_seconds to *int64: %w", err) } asg.SCMProvider.RequeueAfterSeconds = ras } if v, ok := m["template"].([]interface{}); ok && len(v) > 0 { temp, err := expandApplicationSetTemplate(v[0], featureMultipleApplicationSourcesSupported, featureApplicationSourceNameSupported) if err != nil { return nil, err } asg.SCMProvider.Template = temp } return asg, nil } func expandApplicationSetSCMProviderAzureDevOps(ado map[string]interface{}) *application.SCMProviderGeneratorAzureDevOps { spgado := &application.SCMProviderGeneratorAzureDevOps{ AllBranches: ado["all_branches"].(bool), API: ado["api"].(string), Organization: ado["organization"].(string), TeamProject: ado["team_project"].(string), } if v, ok := ado["access_token_ref"].([]interface{}); ok && len(v) > 0 { spgado.AccessTokenRef = expandSecretRef(v[0].(map[string]interface{})) } return spgado } func expandApplicationSetSCMProviderBitbucket(b map[string]interface{}) *application.SCMProviderGeneratorBitbucket { spgb := &application.SCMProviderGeneratorBitbucket{ AllBranches: b["all_branches"].(bool), Owner: b["owner"].(string), User: b["user"].(string), } if v, ok := b["app_password_ref"].([]interface{}); ok && len(v) > 0 { spgb.AppPasswordRef = expandSecretRef(v[0].(map[string]interface{})) } return spgb } func expandApplicationSetSCMProviderBitbucketServer(bs map[string]interface{}) *application.SCMProviderGeneratorBitbucketServer { spgbs := &application.SCMProviderGeneratorBitbucketServer{ AllBranches: bs["all_branches"].(bool), API: bs["api"].(string), Project: bs["project"].(string), } if v, ok := bs["basic_auth"].([]interface{}); ok && len(v) > 0 { ba := v[0].(map[string]interface{}) spgbs.BasicAuth = &application.BasicAuthBitbucketServer{ Username: ba["username"].(string), } if pr, ok := ba["password_ref"].([]interface{}); ok && len(pr) > 0 { spgbs.BasicAuth.PasswordRef = expandSecretRef(pr[0].(map[string]interface{})) } } return spgbs } func expandApplicationSetSCMProviderGitea(g map[string]interface{}) *application.SCMProviderGeneratorGitea { spgg := &application.SCMProviderGeneratorGitea{ AllBranches: g["all_branches"].(bool), API: g["api"].(string), Insecure: g["insecure"].(bool), Owner: g["owner"].(string), } if v, ok := g["token_ref"].([]interface{}); ok && len(v) > 0 { spgg.TokenRef = expandSecretRef(v[0].(map[string]interface{})) } return spgg } func expandApplicationSetSCMProviderGithub(g map[string]interface{}) *application.SCMProviderGeneratorGithub { spgg := &application.SCMProviderGeneratorGithub{ AllBranches: g["all_branches"].(bool), API: g["api"].(string), Organization: g["organization"].(string), AppSecretName: g["app_secret_name"].(string), } if v, ok := g["token_ref"].([]interface{}); ok && len(v) > 0 { spgg.TokenRef = expandSecretRef(v[0].(map[string]interface{})) } return spgg } func expandApplicationSetSCMProviderGitlab(g map[string]interface{}) *application.SCMProviderGeneratorGitlab { spgg := &application.SCMProviderGeneratorGitlab{ AllBranches: g["all_branches"].(bool), API: g["api"].(string), IncludeSubgroups: g["include_subgroups"].(bool), Group: g["group"].(string), } if v, ok := g["token_ref"].([]interface{}); ok && len(v) > 0 { spgg.TokenRef = expandSecretRef(v[0].(map[string]interface{})) } return spgg } func expandApplicationSetSCMProviderGeneratorFilters(fs []interface{}) []application.SCMProviderGeneratorFilter { spgfs := make([]application.SCMProviderGeneratorFilter, len(fs)) for i, v := range fs { f := v.(map[string]interface{}) spgf := application.SCMProviderGeneratorFilter{} if bm, ok := f["branch_match"].(string); ok && bm != "" { spgf.BranchMatch = &bm } if lm, ok := f["label_match"].(string); ok && lm != "" { spgf.LabelMatch = &lm } if pdne, ok := f["paths_do_not_exist"].([]interface{}); ok && len(pdne) > 0 { for _, p := range pdne { spgf.PathsDoNotExist = append(spgf.PathsDoNotExist, p.(string)) } } if pe, ok := f["paths_exist"].([]interface{}); ok && len(pe) > 0 { for _, p := range pe { spgf.PathsExist = append(spgf.PathsExist, p.(string)) } } if rm, ok := f["repository_match"].(string); ok && rm != "" { spgf.RepositoryMatch = &rm } spgfs[i] = spgf } return spgfs } func expandApplicationSetStrategy(sp map[string]interface{}) (*application.ApplicationSetStrategy, error) { s := &application.ApplicationSetStrategy{ Type: sp["type"].(string), } if v, ok := sp["rolling_sync"].([]interface{}); ok && len(v) > 0 { rs, err := expandApplicationSetRolloutStrategy(v[0].(map[string]interface{})) if err != nil { return nil, err } s.RollingSync = rs } return s, nil } func expandApplicationSetRolloutStrategy(rs map[string]interface{}) (*application.ApplicationSetRolloutStrategy, error) { asrs := &application.ApplicationSetRolloutStrategy{} if s, ok := rs["step"].([]interface{}); ok && len(s) > 0 { ss, err := expandApplicationSetRolloutSteps(s) if err != nil { return nil, err } asrs.Steps = ss } return asrs, nil } func expandApplicationSetRolloutSteps(rss []interface{}) ([]application.ApplicationSetRolloutStep, error) { if len(rss) == 0 || rss[0] == nil { return []application.ApplicationSetRolloutStep{}, nil } asrss := make([]application.ApplicationSetRolloutStep, len(rss)) for i, rs := range rss { rs := rs.(map[string]interface{}) asrs := application.ApplicationSetRolloutStep{} if v, ok := rs["match_expressions"].([]interface{}); ok && len(v) > 0 { asrs.MatchExpressions = expandApplicationMatchExpressions(v) } if v, ok := rs["max_update"]; ok { mu, err := expandIntOrString(v.(string)) if err != nil { return nil, fmt.Errorf("could not expand max_update: %w", err) } asrs.MaxUpdate = mu } asrss[i] = asrs } return asrss, nil } func expandApplicationMatchExpressions(mes []interface{}) []application.ApplicationMatchExpression { asrss := make([]application.ApplicationMatchExpression, len(mes)) for i, me := range mes { me := me.(map[string]interface{}) asrss[i] = application.ApplicationMatchExpression{ Key: me["key"].(string), Operator: me["operator"].(string), Values: sliceOfString(me["values"].(*schema.Set).List()), } } return asrss } func expandApplicationSetSyncPolicyApplicationsSyncPolicy(p string) (asp application.ApplicationsSyncPolicy) { switch p { case "create-only": asp = application.ApplicationsSyncPolicyCreateOnly case "create-update": asp = application.ApplicationsSyncPolicyCreateUpdate case "create-delete": asp = application.ApplicationsSyncPolicyCreateDelete case "sync": asp = application.ApplicationsSyncPolicySync } return asp } func expandApplicationSetSyncPolicy(sp map[string]interface{}) (assp *application.ApplicationSetSyncPolicy) { assp = &application.ApplicationSetSyncPolicy{} if v, ok := sp["applications_sync"].(string); ok && len(v) > 0 { asp := expandApplicationSetSyncPolicyApplicationsSyncPolicy(v) assp.ApplicationsSync = &asp } if v, ok := sp["preserve_resources_on_deletion"]; ok { assp.PreserveResourcesOnDeletion = v.(bool) } return assp } func expandApplicationSetTemplate(temp interface{}, featureMultipleApplicationSourcesSupported bool, featureApplicationSourceNameSupported bool) (template application.ApplicationSetTemplate, err error) { t, ok := temp.(map[string]interface{}) if !ok { return template, fmt.Errorf("could not expand application set template") } if v, ok := t["metadata"]; ok { template.ApplicationSetTemplateMeta, err = expandApplicationSetTemplateMeta(v.([]interface{})[0]) if err != nil { return template, err } } if v, ok := t["spec"]; ok { s := v.([]interface{})[0].(map[string]interface{}) template.Spec, err = expandApplicationSpec(s, featureApplicationSourceNameSupported) if err != nil { return template, err } l := len(template.Spec.Sources) switch { case l == 1: template.Spec.Source = &template.Spec.Sources[0] template.Spec.Sources = nil case l > 1 && !featureMultipleApplicationSourcesSupported: f := features.ConstraintsMap[features.MultipleApplicationSources] return template, fmt.Errorf("%s is only supported from ArgoCD %s onwards", f.Name, f.MinVersion.String()) } } return template, nil } func expandApplicationSetTemplateMeta(meta interface{}) (metadata application.ApplicationSetTemplateMeta, err error) { if meta == nil { return metadata, err } m, ok := meta.(map[string]interface{}) if !ok { return metadata, fmt.Errorf("could not expand application set template metadata") } if v, ok := m["annotations"].(map[string]interface{}); ok && len(v) > 0 { metadata.Annotations = expandStringMap(v) } if v, ok := m["labels"].(map[string]interface{}); ok && len(v) > 0 { metadata.Labels = expandStringMap(v) } if v, ok := m["name"]; ok { metadata.Name = v.(string) } if v, ok := m["namespace"]; ok { metadata.Namespace = v.(string) } if v, ok := m["finalizers"].([]interface{}); ok && len(v) > 0 { metadata.Finalizers = expandStringList(v) } return metadata, nil } func expandApplicationSetIgnoreDifferences(ids []interface{}, featureApplicationSetIgnoreApplicationDifferences bool) (result []application.ApplicationSetResourceIgnoreDifferences) { if !featureApplicationSetIgnoreApplicationDifferences { return result } for _, _id := range ids { id := _id.(map[string]interface{}) var elem = application.ApplicationSetResourceIgnoreDifferences{} if v, ok := id["json_pointers"]; ok { jps := v.(*schema.Set).List() for _, jp := range jps { elem.JSONPointers = append(elem.JSONPointers, jp.(string)) } } if v, ok := id["jq_path_expressions"]; ok { jqpes := v.(*schema.Set).List() for _, jqpe := range jqpes { elem.JQPathExpressions = append(elem.JQPathExpressions, jqpe.(string)) } } if v, ok := id["name"]; ok { elem.Name = v.(string) } result = append(result, elem) } return result } func flattenApplicationSet(as *application.ApplicationSet, d *schema.ResourceData) error { fMetadata := flattenMetadata(as.ObjectMeta, d) if err := d.Set("metadata", fMetadata); err != nil { e, _ := json.MarshalIndent(fMetadata, "", "\t") return fmt.Errorf("error persisting metadata: %s\n%s", err, e) } fSpec, err := flattenApplicationSetSpec(as.Spec) if err != nil { return err } if err := d.Set("spec", fSpec); err != nil { e, _ := json.MarshalIndent(fSpec, "", "\t") return fmt.Errorf("error persisting spec: %s\n%s", err, e) } return nil } func flattenApplicationSetSpec(s application.ApplicationSetSpec) ([]map[string]interface{}, error) { generators := make([]interface{}, len(s.Generators)) for i, g := range s.Generators { generator, err := flattenGenerator(g) if err != nil { return nil, err } generators[i] = generator } spec := map[string]interface{}{ "generator": generators, "go_template": s.GoTemplate, "go_template_options": s.GoTemplateOptions, "template": flattenApplicationSetTemplate(s.Template), "template_patch": s.TemplatePatch, } if s.Strategy != nil { spec["strategy"] = flattenApplicationSetStrategy(*s.Strategy) } if s.SyncPolicy != nil { spec["sync_policy"] = flattenApplicationSetSyncPolicy(*s.SyncPolicy) } if s.IgnoreApplicationDifferences != nil { spec["ignore_application_differences"] = flattenApplicationSetIgnoreDifferences(s.IgnoreApplicationDifferences) } return []map[string]interface{}{spec}, nil } func flattenApplicationSetIgnoreDifferences(ids application.ApplicationSetIgnoreDifferences) (result []map[string]interface{}) { for _, id := range ids { result = append(result, map[string]interface{}{ "name": id.Name, "json_pointers": id.JSONPointers, "jq_path_expressions": id.JQPathExpressions, }) } return } func flattenGenerator(g application.ApplicationSetGenerator) (map[string]interface{}, error) { generator := map[string]interface{}{} if g.Clusters != nil { generator["clusters"] = flattenApplicationSetClusterGenerator(g.Clusters) } else if g.ClusterDecisionResource != nil { generator["cluster_decision_resource"] = flattenApplicationSetClusterDecisionResourceGenerator(g.ClusterDecisionResource) } else if g.Git != nil { generator["git"] = flattenApplicationSetGitGenerator(g.Git) } else if g.List != nil { list, err := flattenApplicationSetListGenerator(g.List) if err != nil { return nil, err } generator["list"] = list } else if g.Matrix != nil { matrix, err := flattenApplicationSetMatrixGenerator(g.Matrix) if err != nil { return nil, err } generator["matrix"] = matrix } else if g.Merge != nil { matrix, err := flattenApplicationSetMergeGenerator(g.Merge) if err != nil { return nil, err } generator["merge"] = matrix } else if g.SCMProvider != nil { generator["scm_provider"] = flattenApplicationSetSCMProviderGenerator(g.SCMProvider) } else if g.PullRequest != nil { generator["pull_request"] = flattenApplicationSetPullRequestGenerator(g.PullRequest) } else if g.Plugin != nil { pluginGenerator, err := flattenApplicationSetPluginGenerator(g.Plugin) if err != nil { return nil, err } generator["plugin"] = pluginGenerator } if g.Selector != nil { generator["selector"] = flattenLabelSelector(g.Selector) } return generator, nil } func flattenApplicationSetClusterGenerator(c *application.ClusterGenerator) []map[string]interface{} { g := map[string]interface{}{ "enabled": true, "selector": flattenLabelSelector(&c.Selector), "template": flattenApplicationSetTemplate(c.Template), "values": c.Values, } return []map[string]interface{}{g} } func flattenApplicationSetClusterDecisionResourceGenerator(c *application.DuckTypeGenerator) []map[string]interface{} { g := map[string]interface{}{ "config_map_ref": c.ConfigMapRef, "label_selector": flattenLabelSelector(&c.LabelSelector), "name": c.Name, "template": flattenApplicationSetTemplate(c.Template), "values": c.Values, } if c.RequeueAfterSeconds != nil { g["requeue_after_seconds"] = convertInt64PointerToString(c.RequeueAfterSeconds) } return []map[string]interface{}{g} } func flattenApplicationSetGitGenerator(gg *application.GitGenerator) []map[string]interface{} { g := map[string]interface{}{ "repo_url": gg.RepoURL, "revision": gg.Revision, "path_param_prefix": gg.PathParamPrefix, "template": flattenApplicationSetTemplate(gg.Template), "values": gg.Values, } if len(gg.Directories) > 0 { directories := make([]map[string]interface{}, len(gg.Directories)) for i, d := range gg.Directories { directories[i] = map[string]interface{}{ "path": d.Path, "exclude": d.Exclude, } } g["directory"] = directories } if len(gg.Files) > 0 { files := make([]map[string]interface{}, len(gg.Files)) for i, f := range gg.Files { files[i] = map[string]interface{}{ "path": f.Path, } } g["file"] = files } if gg.RequeueAfterSeconds != nil { g["requeue_after_seconds"] = convertInt64PointerToString(gg.RequeueAfterSeconds) } return []map[string]interface{}{g} } func flattenApplicationSetListGenerator(lg *application.ListGenerator) ([]map[string]interface{}, error) { elements := make([]interface{}, len(lg.Elements)) for i, e := range lg.Elements { element := make(map[string]interface{}) err := json.Unmarshal(e.Raw, &element) if err != nil { return nil, fmt.Errorf("failed to unmarshal list generator element: %w", err) } elements[i] = element } g := map[string]interface{}{ "elements": elements, "template": flattenApplicationSetTemplate(lg.Template), } // Add elements_yaml field if it's set if lg.ElementsYaml != "" { g["elements_yaml"] = lg.ElementsYaml } return []map[string]interface{}{g}, nil } func flattenApplicationSetMatrixGenerator(mg *application.MatrixGenerator) ([]map[string]interface{}, error) { generators := make([]interface{}, len(mg.Generators)) for i, g := range mg.Generators { fg, err := flattenNestedGenerator(g) if err != nil { return nil, err } generators[i] = fg } g := map[string]interface{}{ "generator": generators, "template": flattenApplicationSetTemplate(mg.Template), } return []map[string]interface{}{g}, nil } func flattenApplicationSetMergeGenerator(mg *application.MergeGenerator) ([]map[string]interface{}, error) { generators := make([]interface{}, len(mg.Generators)) for i, g := range mg.Generators { fg, err := flattenNestedGenerator(g) if err != nil { return nil, err } generators[i] = fg } g := map[string]interface{}{ "merge_keys": mg.MergeKeys, "generator": generators, "template": flattenApplicationSetTemplate(mg.Template), } return []map[string]interface{}{g}, nil } func flattenApplicationSetPluginGenerator(plg *application.PluginGenerator) ([]map[string]interface{}, error) { g := map[string]interface{}{} if plg.Input.Parameters != nil { input := map[string]interface{}{} parameters := map[string]string{} // TODO: In reality, the parameters map can potentially contain anything, but // terraform-plugin-sdk doesn't really support the notion of `any`. We need to // improve this once we upgrade to terraform-plugin-framework for k, v := range plg.Input.Parameters { var str string err := json.Unmarshal(v.Raw, &str) if err != nil { return nil, err } parameters[k] = str } input["parameters"] = parameters g["input"] = []map[string]interface{}{input} } if plg.ConfigMapRef.Name != "" { g["config_map_ref"] = plg.ConfigMapRef.Name } if plg.RequeueAfterSeconds != nil { g["requeue_after_seconds"] = convertInt64PointerToString(plg.RequeueAfterSeconds) } g["template"] = flattenApplicationSetTemplate(plg.Template) return []map[string]interface{}{g}, nil } func flattenApplicationSetPullRequestGenerator(prg *application.PullRequestGenerator) []map[string]interface{} { g := map[string]interface{}{} if prg.AzureDevOps != nil { g["azure_devops"] = flattenApplicationSetPullRequestGeneratorAzureDevOps(prg.AzureDevOps) } else if prg.BitbucketServer != nil { g["bitbucket_server"] = flattenApplicationSetPullRequestGeneratorBitbucketServer(prg.BitbucketServer) } else if prg.Gitea != nil { g["gitea"] = flattenApplicationSetPullRequestGeneratorGitea(prg.Gitea) } else if prg.Github != nil { g["github"] = flattenApplicationSetPullRequestGeneratorGithub(prg.Github) } else if prg.GitLab != nil { g["gitlab"] = flattenApplicationSetPullRequestGeneratorGitlab(prg.GitLab) } if len(prg.Filters) > 0 { g["filter"] = flattenApplicationSetPullRequestGeneratorFilter(prg.Filters) } if prg.RequeueAfterSeconds != nil { g["requeue_after_seconds"] = convertInt64PointerToString(prg.RequeueAfterSeconds) } g["template"] = flattenApplicationSetTemplate(prg.Template) return []map[string]interface{}{g} } func flattenApplicationSetPullRequestGeneratorBitbucketServer(prgbs *application.PullRequestGeneratorBitbucketServer) []map[string]interface{} { bb := map[string]interface{}{ "api": prgbs.API, "project": prgbs.Project, "repo": prgbs.Repo, } if prgbs.BasicAuth != nil { ba := map[string]interface{}{ "username": prgbs.BasicAuth.Username, } if prgbs.BasicAuth.PasswordRef != nil { ba["password_ref"] = flattenSecretRef(*prgbs.BasicAuth.PasswordRef) } bb["basic_auth"] = []map[string]interface{}{ba} } return []map[string]interface{}{bb} } func flattenApplicationSetPullRequestGeneratorGitea(prgg *application.PullRequestGeneratorGitea) []map[string]interface{} { g := map[string]interface{}{ "api": prgg.API, "insecure": prgg.Insecure, "owner": prgg.Owner, "repo": prgg.Repo, } if prgg.TokenRef != nil { g["token_ref"] = flattenSecretRef(*prgg.TokenRef) } return []map[string]interface{}{g} } func flattenApplicationSetPullRequestGeneratorGithub(prgg *application.PullRequestGeneratorGithub) []map[string]interface{} { g := map[string]interface{}{ "api": prgg.API, "app_secret_name": prgg.AppSecretName, "owner": prgg.Owner, "repo": prgg.Repo, } if len(prgg.Labels) > 0 { g["labels"] = prgg.Labels } if prgg.TokenRef != nil { g["token_ref"] = flattenSecretRef(*prgg.TokenRef) } return []map[string]interface{}{g} } func flattenApplicationSetPullRequestGeneratorGitlab(prgg *application.PullRequestGeneratorGitLab) []map[string]interface{} { g := map[string]interface{}{ "api": prgg.API, "project": prgg.Project, "pull_request_state": prgg.PullRequestState, "insecure": prgg.Insecure, } if len(prgg.Labels) > 0 { g["labels"] = prgg.Labels } if prgg.TokenRef != nil { g["token_ref"] = flattenSecretRef(*prgg.TokenRef) } if prgg.CARef != nil { g["ca_ref"] = flattenConfigMapKeyRef(*prgg.CARef) } return []map[string]interface{}{g} } func flattenApplicationSetPullRequestGeneratorAzureDevOps(prgado *application.PullRequestGeneratorAzureDevOps) []map[string]interface{} { a := map[string]interface{}{ "api": prgado.API, "organization": prgado.Organization, "project": prgado.Project, "repo": prgado.Repo, } if len(prgado.Labels) > 0 { a["labels"] = prgado.Labels } if prgado.TokenRef != nil { a["token_ref"] = flattenSecretRef(*prgado.TokenRef) } return []map[string]interface{}{a} } func flattenApplicationSetPullRequestGeneratorFilter(spgfs []application.PullRequestGeneratorFilter) []map[string]interface{} { fs := make([]map[string]interface{}, len(spgfs)) for i, v := range spgfs { fs[i] = map[string]interface{}{} if v.BranchMatch != nil { fs[i]["branch_match"] = *v.BranchMatch } } return fs } func flattenApplicationSetSCMProviderGenerator(spg *application.SCMProviderGenerator) []map[string]interface{} { g := map[string]interface{}{ "clone_protocol": spg.CloneProtocol, } if spg.AzureDevOps != nil { g["azure_devops"] = flattenApplicationSetSCMProviderGeneratorAzureDevOps(spg.AzureDevOps) } else if spg.Bitbucket != nil { g["bitbucket_cloud"] = flattenApplicationSetSCMProviderGeneratorBitbucket(spg.Bitbucket) } else if spg.BitbucketServer != nil { g["bitbucket_server"] = flattenApplicationSetSCMProviderGeneratorBitbucketServer(spg.BitbucketServer) } else if spg.Gitea != nil { g["gitea"] = flattenApplicationSetSCMProviderGeneratorGitea(spg.Gitea) } else if spg.Github != nil { g["github"] = flattenApplicationSetSCMProviderGeneratorGithub(spg.Github) } else if spg.Gitlab != nil { g["gitlab"] = flattenApplicationSetSCMProviderGeneratorGitlab(spg.Gitlab) } if len(spg.Filters) > 0 { g["filter"] = flattenApplicationSetSCMProviderGeneratorFilter(spg.Filters) } if spg.RequeueAfterSeconds != nil { g["requeue_after_seconds"] = convertInt64PointerToString(spg.RequeueAfterSeconds) } g["template"] = flattenApplicationSetTemplate(spg.Template) return []map[string]interface{}{g} } func flattenApplicationSetSCMProviderGeneratorAzureDevOps(spgado *application.SCMProviderGeneratorAzureDevOps) []map[string]interface{} { a := map[string]interface{}{ "all_branches": spgado.AllBranches, "api": spgado.API, "organization": spgado.Organization, "team_project": spgado.TeamProject, } if spgado.AccessTokenRef != nil { a["access_token_ref"] = flattenSecretRef(*spgado.AccessTokenRef) } return []map[string]interface{}{a} } func flattenApplicationSetSCMProviderGeneratorBitbucket(spgb *application.SCMProviderGeneratorBitbucket) []map[string]interface{} { bb := map[string]interface{}{ "all_branches": spgb.AllBranches, "owner": spgb.Owner, "user": spgb.User, } if spgb.AppPasswordRef != nil { bb["app_password_ref"] = flattenSecretRef(*spgb.AppPasswordRef) } return []map[string]interface{}{bb} } func flattenApplicationSetSCMProviderGeneratorBitbucketServer(spgbs *application.SCMProviderGeneratorBitbucketServer) []map[string]interface{} { bb := map[string]interface{}{ "all_branches": spgbs.AllBranches, "api": spgbs.API, "project": spgbs.Project, } if spgbs.BasicAuth != nil { ba := map[string]interface{}{ "username": spgbs.BasicAuth.Username, } if spgbs.BasicAuth.PasswordRef != nil { ba["password_ref"] = flattenSecretRef(*spgbs.BasicAuth.PasswordRef) } bb["basic_auth"] = []map[string]interface{}{ba} } return []map[string]interface{}{bb} } func flattenApplicationSetSCMProviderGeneratorGitea(spgg *application.SCMProviderGeneratorGitea) []map[string]interface{} { g := map[string]interface{}{ "all_branches": spgg.AllBranches, "api": spgg.API, "insecure": spgg.Insecure, "owner": spgg.Owner, } if spgg.TokenRef != nil { g["token_ref"] = flattenSecretRef(*spgg.TokenRef) } return []map[string]interface{}{g} } func flattenApplicationSetSCMProviderGeneratorGithub(spgg *application.SCMProviderGeneratorGithub) []map[string]interface{} { g := map[string]interface{}{ "all_branches": spgg.AllBranches, "api": spgg.API, "app_secret_name": spgg.AppSecretName, "organization": spgg.Organization, } if spgg.TokenRef != nil { g["token_ref"] = flattenSecretRef(*spgg.TokenRef) } return []map[string]interface{}{g} } func flattenApplicationSetSCMProviderGeneratorGitlab(spgg *application.SCMProviderGeneratorGitlab) []map[string]interface{} { g := map[string]interface{}{ "all_branches": spgg.AllBranches, "api": spgg.API, "group": spgg.Group, "include_subgroups": spgg.IncludeSubgroups, } if spgg.TokenRef != nil { g["token_ref"] = flattenSecretRef(*spgg.TokenRef) } return []map[string]interface{}{g} } func flattenApplicationSetSCMProviderGeneratorFilter(spgfs []application.SCMProviderGeneratorFilter) []map[string]interface{} { fs := make([]map[string]interface{}, len(spgfs)) for i, v := range spgfs { fs[i] = map[string]interface{}{} if v.BranchMatch != nil { fs[i]["branch_match"] = *v.BranchMatch } if v.LabelMatch != nil { fs[i]["label_match"] = *v.LabelMatch } if len(v.PathsDoNotExist) > 0 { fs[i]["paths_do_not_exist"] = v.PathsDoNotExist } if len(v.PathsExist) > 0 { fs[i]["paths_exist"] = v.PathsExist } if v.RepositoryMatch != nil { fs[i]["repository_match"] = *v.RepositoryMatch } } return fs } func flattenNestedGenerator(g application.ApplicationSetNestedGenerator) (map[string]interface{}, error) { generator := map[string]interface{}{} if g.Clusters != nil { generator["clusters"] = flattenApplicationSetClusterGenerator(g.Clusters) } else if g.ClusterDecisionResource != nil { generator["cluster_decision_resource"] = flattenApplicationSetClusterDecisionResourceGenerator(g.ClusterDecisionResource) } else if g.Git != nil { generator["git"] = flattenApplicationSetGitGenerator(g.Git) } else if g.List != nil { list, err := flattenApplicationSetListGenerator(g.List) if err != nil { return nil, err } generator["list"] = list } else if g.Matrix != nil { mg, err := application.ToNestedMatrixGenerator(g.Matrix) if err != nil { return nil, fmt.Errorf("failed to unmarshal nested matrix generator: %w", err) } matrix, err := flattenApplicationSetMatrixGenerator(mg.ToMatrixGenerator()) if err != nil { return nil, err } generator["matrix"] = matrix } else if g.Merge != nil { mg, err := application.ToNestedMergeGenerator(g.Merge) if err != nil { return nil, fmt.Errorf("failed to unmarshal nested matrix generator: %w", err) } merge, err := flattenApplicationSetMergeGenerator(mg.ToMergeGenerator()) if err != nil { return nil, err } generator["merge"] = merge } else if g.SCMProvider != nil { generator["scm_provider"] = flattenApplicationSetSCMProviderGenerator(g.SCMProvider) } else if g.PullRequest != nil { generator["pull_request"] = flattenApplicationSetPullRequestGenerator(g.PullRequest) } else if g.Plugin != nil { plugin, err := flattenApplicationSetPluginGenerator(g.Plugin) if err != nil { return nil, err } generator["plugin"] = plugin } if g.Selector != nil { generator["selector"] = flattenLabelSelector(g.Selector) } return generator, nil } func flattenApplicationSetStrategy(ass application.ApplicationSetStrategy) []map[string]interface{} { p := map[string]interface{}{ "type": ass.Type, } if ass.RollingSync != nil { p["rolling_sync"] = flattenApplicationSetRolloutStrategy(*ass.RollingSync) } return []map[string]interface{}{p} } func flattenApplicationSetRolloutStrategy(asrs application.ApplicationSetRolloutStrategy) []map[string]interface{} { rs := map[string]interface{}{ "step": flattenApplicationSetRolloutSteps(asrs.Steps), } return []map[string]interface{}{rs} } func flattenApplicationSetRolloutSteps(asrss []application.ApplicationSetRolloutStep) []map[string]interface{} { rss := make([]map[string]interface{}, len(asrss)) for i, s := range asrss { rss[i] = map[string]interface{}{ "match_expressions": flattenApplicationMatchExpression(s.MatchExpressions), } if s.MaxUpdate != nil { rss[i]["max_update"] = flattenIntOrString(s.MaxUpdate) } } return rss } func flattenApplicationMatchExpression(in []application.ApplicationMatchExpression) []map[string]interface{} { me := make([]map[string]interface{}, len(in)) for i, n := range in { me[i] = map[string]interface{}{ "key": n.Key, "operator": n.Operator, "values": newStringSet(schema.HashString, n.Values), } } return me } func flattenApplicationSetSyncPolicy(assp application.ApplicationSetSyncPolicy) []map[string]interface{} { p := map[string]interface{}{ "preserve_resources_on_deletion": assp.PreserveResourcesOnDeletion, "applications_sync": assp.ApplicationsSync, } return []map[string]interface{}{p} } func flattenApplicationSetTemplate(ast application.ApplicationSetTemplate) []map[string]interface{} { // Hack: Prior to ArgoCD 2.6.3, `Source` was not a pointer and as such a // zero value would be returned. However, this "zero" value means that the // `Template` is considered as non-zero in newer versions because the // pointer contains an object. To support versions of ArgoCD prior to 2.6.3, // we need to explicitly set the pointer to nil. if ast.Spec.Source != nil && ast.Spec.Source.IsZero() { ast.Spec.Source = nil } if reflect.ValueOf(ast).IsZero() { return nil } t := map[string]interface{}{ "metadata": flattenApplicationSetTemplateMetadata(ast.ApplicationSetTemplateMeta), "spec": flattenApplicationSpec(ast.Spec), } return []map[string]interface{}{t} } func flattenApplicationSetTemplateMetadata(tm application.ApplicationSetTemplateMeta) []map[string]interface{} { m := map[string]interface{}{ "annotations": tm.Annotations, "finalizers": tm.Finalizers, "labels": tm.Labels, "name": tm.Name, "namespace": tm.Namespace, } return []map[string]interface{}{m} } ================================================ FILE: argocd/structure_cluster.go ================================================ package argocd import ( "fmt" application "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func expandCluster(d *schema.ResourceData) (*application.Cluster, error) { cluster := &application.Cluster{} if v, ok := d.GetOk("name"); ok { cluster.Name = v.(string) } if v, ok := d.GetOk("server"); ok { cluster.Server = v.(string) } if v, ok := d.GetOk("shard"); ok { shard, err := convertStringToInt64Pointer(v.(string)) if err != nil { return nil, err } cluster.Shard = shard } if ns, ok := d.GetOk("namespaces"); ok { for _, n := range ns.([]interface{}) { if n == nil { return nil, fmt.Errorf("namespaces: must contain non-empty strings") } cluster.Namespaces = append(cluster.Namespaces, n.(string)) } } if v, ok := d.GetOk("config"); ok { cluster.Config = expandClusterConfig(v.([]interface{})[0]) } m := expandMetadata(d) cluster.Annotations = m.Annotations cluster.Labels = m.Labels if v, ok := d.GetOk("project"); ok { cluster.Project = v.(string) } return cluster, nil } func expandClusterConfig(config interface{}) application.ClusterConfig { clusterConfig := application.ClusterConfig{} c := config.(map[string]interface{}) if aws, ok := c["aws_auth_config"].([]interface{}); ok && len(aws) > 0 { clusterConfig.AWSAuthConfig = &application.AWSAuthConfig{} for k, v := range aws[0].(map[string]interface{}) { switch k { case "cluster_name": clusterConfig.AWSAuthConfig.ClusterName = v.(string) case "role_arn": clusterConfig.AWSAuthConfig.RoleARN = v.(string) } } } if v, ok := c["bearer_token"]; ok { clusterConfig.BearerToken = v.(string) } if v, ok := c["username"]; ok { clusterConfig.Username = v.(string) } if v, ok := c["password"]; ok { clusterConfig.Password = v.(string) } if tls, ok := c["tls_client_config"].([]interface{}); ok && len(tls) > 0 { clusterConfig.TLSClientConfig = application.TLSClientConfig{} for k, v := range tls[0].(map[string]interface{}) { switch k { case "ca_data": clusterConfig.CAData = []byte(v.(string)) case "cert_data": clusterConfig.CertData = []byte(v.(string)) case "key_data": clusterConfig.KeyData = []byte(v.(string)) case "insecure": clusterConfig.Insecure = v.(bool) case "server_name": clusterConfig.ServerName = v.(string) } } } if epc, ok := c["exec_provider_config"].([]interface{}); ok && len(epc) > 0 { clusterConfig.ExecProviderConfig = &application.ExecProviderConfig{} for k, v := range epc[0].(map[string]interface{}) { switch k { case "api_version": clusterConfig.ExecProviderConfig.APIVersion = v.(string) case "args": argsI := v.([]interface{}) for _, argI := range argsI { clusterConfig.ExecProviderConfig.Args = append(clusterConfig.ExecProviderConfig.Args, argI.(string)) } case "command": clusterConfig.ExecProviderConfig.Command = v.(string) case "install_hint": clusterConfig.ExecProviderConfig.InstallHint = v.(string) case "env": clusterConfig.ExecProviderConfig.Env = make(map[string]string) envI := v.(map[string]interface{}) for key, val := range envI { clusterConfig.ExecProviderConfig.Env[key] = val.(string) } } } } return clusterConfig } func flattenCluster(cluster *application.Cluster, d *schema.ResourceData) error { r := map[string]interface{}{ "name": cluster.Name, "server": cluster.Server, "namespaces": cluster.Namespaces, "info": flattenClusterInfo(cluster.Info), "config": flattenClusterConfig(cluster.Config, d), "project": cluster.Project, } if len(cluster.Annotations) != 0 || len(cluster.Labels) != 0 { // The generic flattenMetadata function can not be used since the Cluster // object does not actually have ObjectMeta, just label and annotation maps r["metadata"] = flattenClusterMetadata(cluster.Annotations, cluster.Labels) } if cluster.Shard != nil { r["shard"] = convertInt64PointerToString(cluster.Shard) } for k, v := range r { if err := persistToState(k, v, d); err != nil { return err } } return nil } func flattenClusterInfo(info application.ClusterInfo) []map[string]interface{} { return []map[string]interface{}{ { "server_version": info.ServerVersion, "applications_count": convertInt64ToString(info.ApplicationsCount), "connection_state": []map[string]string{ { "message": info.ConnectionState.Message, "status": info.ConnectionState.Status, }, }, }, } } func flattenClusterConfig(config application.ClusterConfig, d *schema.ResourceData) []map[string]interface{} { r := map[string]interface{}{ "username": config.Username, "exec_provider_config": flattenClusterConfigExecProviderConfig(d), "tls_client_config": flattenClusterConfigTLSClientConfig(config.TLSClientConfig, d), } if config.AWSAuthConfig != nil { r["aws_auth_config"] = []map[string]string{ { "cluster_name": config.AWSAuthConfig.ClusterName, "role_arn": config.AWSAuthConfig.RoleARN, }, } } // ArgoCD API does not return these fields as they may contain // sensitive data. Thus, we can't track the state of these // attributes and load them from state instead. // See https://github.com/argoproj/argo-cd/blob/8840929187f4dd7b9d9fd908ea5085a006895507/server/cluster/cluster.go#L448-L466 if bt, ok := d.GetOk("config.0.bearer_token"); ok { r["bearer_token"] = bt } if p, ok := d.GetOk("config.0.password"); ok { r["password"] = p } return []map[string]interface{}{r} } func flattenClusterConfigTLSClientConfig(tcc application.TLSClientConfig, d *schema.ResourceData) []map[string]interface{} { c := map[string]interface{}{ "ca_data": string(tcc.CAData), "cert_data": string(tcc.CertData), "insecure": tcc.Insecure, "server_name": tcc.ServerName, } // ArgoCD API does not return sensitive data. Thus, we can't track // the state of this attribute and load it from state instead. // See https://github.com/argoproj/argo-cd/commit/60c62a944b155702e6d89cbef4c04ff0f525692f#diff-47255bee56d3ad7830d9721f65c73fac53009229cb98c63c67745527d598835bL473-L486 if kd, ok := d.GetOk("config.0.tls_client_config.0.key_data"); ok { c["key_data"] = kd } if dd, ok := d.GetOk("config.0.tls_client_config.0.cert_data"); ok { c["cert_data"] = dd } if cd, ok := d.GetOk("config.0.tls_client_config.0.ca_data"); ok { c["ca_data"] = cd } if sn, ok := d.GetOk("config.0.tls_client_config.0.server_name"); ok { c["server_name"] = sn } return []map[string]interface{}{c} } func flattenClusterConfigExecProviderConfig(d *schema.ResourceData) []map[string]interface{} { // ArgoCD API does not return the execProvider block as it may contain // sensitive data. Thus, we can't track the state of it // and load it from state instead. // See https://github.com/argoproj/argo-cd/commit/60c62a944b155702e6d89cbef4c04ff0f525692f#diff-47255bee56d3ad7830d9721f65c73fac53009229cb98c63c67745527d598835bL473-L486 c := map[string]interface{}{} if args, ok := d.GetOk("config.0.exec_provider_config.0.args"); ok { c["args"] = args } if env, ok := d.GetOk("config.0.exec_provider_config.0.env"); ok { c["env"] = env } if command, ok := d.GetOk("config.0.exec_provider_config.0.command"); ok { c["command"] = command } if apiVersion, ok := d.GetOk("config.0.exec_provider_config.0.api_version"); ok { c["api_version"] = apiVersion } if installHint, ok := d.GetOk("config.0.exec_provider_config.0.install_hint"); ok { c["install_hint"] = installHint } if len(c) == 0 { return nil } return []map[string]interface{}{c} } func flattenClusterMetadata(annotations, labels map[string]string) []map[string]interface{} { return []map[string]interface{}{ { "annotations": annotations, "labels": labels, }, } } ================================================ FILE: argocd/structure_label_selector.go ================================================ package argocd import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func flattenLabelSelector(in *metav1.LabelSelector) []interface{} { if len(in.MatchLabels) == 0 && len(in.MatchExpressions) == 0 { return nil } att := make(map[string]interface{}) if len(in.MatchLabels) > 0 { att["match_labels"] = in.MatchLabels } if len(in.MatchExpressions) > 0 { att["match_expressions"] = flattenLabelSelectorRequirement(in.MatchExpressions) } return []interface{}{att} } func flattenLabelSelectorRequirement(in []metav1.LabelSelectorRequirement) []interface{} { att := make([]interface{}, len(in)) for i, n := range in { m := make(map[string]interface{}) m["key"] = n.Key m["operator"] = n.Operator m["values"] = newStringSet(schema.HashString, n.Values) att[i] = m } return att } func expandLabelSelector(l []interface{}) metav1.LabelSelector { if len(l) == 0 || l[0] == nil { return metav1.LabelSelector{} } obj := metav1.LabelSelector{} in := l[0].(map[string]interface{}) if v, ok := in["match_labels"].(map[string]interface{}); ok && len(v) > 0 { obj.MatchLabels = expandStringMap(v) } if v, ok := in["match_expressions"].([]interface{}); ok && len(v) > 0 { obj.MatchExpressions = expandLabelSelectorRequirement(v) } return obj } func expandLabelSelectorRequirement(l []interface{}) []metav1.LabelSelectorRequirement { if len(l) == 0 || l[0] == nil { return []metav1.LabelSelectorRequirement{} } obj := make([]metav1.LabelSelectorRequirement, len(l)) for i, n := range l { in := n.(map[string]interface{}) obj[i] = metav1.LabelSelectorRequirement{ Key: in["key"].(string), Operator: metav1.LabelSelectorOperator(in["operator"].(string)), Values: sliceOfString(in["values"].(*schema.Set).List()), } } return obj } ================================================ FILE: argocd/structure_metadata.go ================================================ package argocd import ( "fmt" "net/url" "strings" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" meta "k8s.io/apimachinery/pkg/apis/meta/v1" ) func expandMetadata(d *schema.ResourceData) (meta meta.ObjectMeta) { m := d.Get("metadata.0").(map[string]interface{}) if v, ok := m["annotations"].(map[string]interface{}); ok && len(v) > 0 { meta.Annotations = expandStringMap(m["annotations"].(map[string]interface{})) } if v, ok := m["labels"].(map[string]interface{}); ok && len(v) > 0 { meta.Labels = expandStringMap(m["labels"].(map[string]interface{})) } if v, ok := m["name"]; ok { meta.Name = v.(string) } if v, ok := m["namespace"]; ok { meta.Namespace = v.(string) } return meta } func flattenMetadata(meta meta.ObjectMeta, d *schema.ResourceData) []interface{} { m := map[string]interface{}{ "generation": meta.Generation, "name": meta.Name, "namespace": meta.Namespace, "resource_version": meta.ResourceVersion, "uid": fmt.Sprintf("%v", meta.UID), } annotations := d.Get("metadata.0.annotations").(map[string]interface{}) m["annotations"] = metadataRemoveInternalKeys(meta.Annotations, annotations) labels := d.Get("metadata.0.labels").(map[string]interface{}) m["labels"] = metadataRemoveInternalKeys(meta.Labels, labels) return []interface{}{m} } func metadataRemoveInternalKeys(m map[string]string, d map[string]interface{}) map[string]string { for k := range m { if metadataIsInternalKey(k) && !isKeyInMap(k, d) { delete(m, k) } } return m } func metadataIsInternalKey(annotationKey string) bool { u, err := url.Parse("//" + annotationKey) if err != nil { return false } return strings.HasSuffix(u.Hostname(), "kubernetes.io") || annotationKey == "notified.notifications.argoproj.io" } ================================================ FILE: argocd/structure_metadata_test.go ================================================ package argocd import ( "fmt" "testing" ) func TestMetadataIsInternalKey(t *testing.T) { t.Parallel() testCases := []struct { Key string Expected bool }{ {"", false}, {"anyKey", false}, {"any.hostname.io", false}, {"any.hostname.com/with/path", false}, {"any.kubernetes.io", true}, {"kubernetes.io", true}, {"notified.notifications.argoproj.io", true}, } for i, tc := range testCases { t.Run(fmt.Sprintf("%d", i), func(t *testing.T) { t.Parallel() isInternal := metadataIsInternalKey(tc.Key) if tc.Expected && isInternal != tc.Expected { t.Fatalf("Expected %q to be internal", tc.Key) } if !tc.Expected && isInternal != tc.Expected { t.Fatalf("Expected %q not to be internal", tc.Key) } }) } } ================================================ FILE: argocd/structures.go ================================================ package argocd import ( "fmt" "strconv" "strings" application "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "k8s.io/apimachinery/pkg/util/intstr" ) func expandIntOrString(s string) (*intstr.IntOrString, error) { if len(s) == 0 { return nil, nil } if strings.HasSuffix(s, "%") { return &intstr.IntOrString{ StrVal: s, Type: intstr.String, }, nil } i, err := strconv.ParseInt(s, 10, 32) if err != nil { return nil, fmt.Errorf("failed to convert string to int32: %w", err) } return &intstr.IntOrString{ IntVal: int32(i), Type: intstr.Int, }, nil } func expandSecretRef(sr map[string]interface{}) *application.SecretRef { return &application.SecretRef{ Key: sr["key"].(string), SecretName: sr["secret_name"].(string), } } func expandConfigMapKeyRef(cmr map[string]interface{}) *application.ConfigMapKeyRef { return &application.ConfigMapKeyRef{ Key: cmr["key"].(string), ConfigMapName: cmr["config_map_name"].(string), } } func flattenIntOrString(ios *intstr.IntOrString) string { if ios == nil { return "" } switch { case ios.StrVal != "": return ios.StrVal default: return strconv.Itoa(int(ios.IntVal)) } } func flattenSecretRef(sr application.SecretRef) []map[string]interface{} { return []map[string]interface{}{ { "key": sr.Key, "secret_name": sr.SecretName, }, } } func flattenConfigMapKeyRef(cmr application.ConfigMapKeyRef) []map[string]interface{} { return []map[string]interface{}{ { "key": cmr.Key, "config_map_name": cmr.ConfigMapName, }, } } func newStringSet(f schema.SchemaSetFunc, in []string) *schema.Set { out := make([]interface{}, len(in)) for i, v := range in { out[i] = v } return schema.NewSet(f, out) } ================================================ FILE: argocd/utils.go ================================================ package argocd import ( "fmt" "regexp" "strconv" "strings" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/argoproj/argo-cd/v3/util/rbac" fwdiag "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func convertStringToInt64(s string) (i int64, err error) { i, err = strconv.ParseInt(s, 10, 64) return } func convertInt64ToString(i int64) string { return strconv.FormatInt(i, 10) } func convertInt64PointerToString(i *int64) string { return strconv.FormatInt(*i, 10) } func convertStringToInt64Pointer(s string) (*int64, error) { i, err := convertStringToInt64(s) if err != nil { return nil, fmt.Errorf("not a valid int64: %s", s) } return &i, nil } func isKeyInMap(key string, d map[string]interface{}) bool { if d == nil { return false } for k := range d { if k == key { return true } } return false } func expandBoolMap(m map[string]interface{}) map[string]bool { result := make(map[string]bool) for k, v := range m { result[k] = v.(bool) } return result } func expandStringMap(m map[string]interface{}) map[string]string { result := make(map[string]string) for k, v := range m { result[k] = v.(string) } return result } func expandStringList(l []interface{}) (result []string) { for _, p := range l { result = append(result, p.(string)) } return } func sliceOfString(slice []interface{}) []string { result := make([]string, len(slice)) for i, s := range slice { result[i] = s.(string) } return result } func isValidPolicyAction(action string) bool { validActions := map[string]bool{ rbac.ActionGet: true, rbac.ActionCreate: true, rbac.ActionUpdate: true, rbac.ActionDelete: true, rbac.ActionSync: true, rbac.ActionOverride: true, "*": true, } validActionPatterns := []*regexp.Regexp{ regexp.MustCompile("action/.*"), regexp.MustCompile("update/.*"), regexp.MustCompile("delete/.*"), } if validActions[action] { return true } for i := range validActionPatterns { if validActionPatterns[i].MatchString(action) { return true } } return false } func validatePolicy(project string, role string, policy string) error { policyComponents := strings.Split(policy, ",") if len(policyComponents) != 6 || strings.Trim(policyComponents[0], " ") != "p" { return fmt.Errorf("invalid policy rule '%s': must be of the form: 'p, sub, res, act, obj, eft'", policy) } // subject subject := strings.Trim(policyComponents[1], " ") expectedSubject := fmt.Sprintf("proj:%s:%s", project, role) if subject != expectedSubject { return fmt.Errorf("invalid policy rule '%s': policy subject must be: '%s', not '%s'", policy, expectedSubject, subject) } // resource // https://github.com/argoproj/argo-cd/blob/c99669e088b5f25c8ce8faff6df25797a8beb5ba/pkg/apis/application/v1alpha1/types.go#L1554 validResources := map[string]bool{ rbac.ResourceApplications: true, rbac.ResourceRepositories: true, rbac.ResourceClusters: true, rbac.ResourceExec: true, rbac.ResourceLogs: true, rbac.ResourceApplicationSets: true, rbac.ResourceProjects: true, } resource := strings.Trim(policyComponents[2], " ") if !validResources[resource] { return fmt.Errorf("invalid policy rule '%s': resource '%s' not recognised", policy, resource) } // action action := strings.Trim(policyComponents[3], " ") if !isValidPolicyAction(action) { return fmt.Errorf("invalid policy rule '%s': invalid action '%s'", policy, action) } // object object := strings.Trim(policyComponents[4], " ") objectRegexp, err := regexp.Compile(fmt.Sprintf(`^%s(/[*\w-.]+){1,2}$`, project)) if err != nil || !objectRegexp.MatchString(object) { return fmt.Errorf("invalid policy rule '%s': object must be of form '%s/*' or '%s/' or '%s//', not '%s'", policy, project, project, project, object) } // effect effect := strings.Trim(policyComponents[5], " ") if effect != "allow" && effect != "deny" { return fmt.Errorf("invalid policy rule '%s': effect must be: 'allow' or 'deny'", policy) } return nil } func persistToState(key string, data interface{}, d *schema.ResourceData) error { if err := d.Set(key, data); err != nil { return fmt.Errorf("error persisting %s: %s", key, err) } return nil } func argoCDAPIError(action, resource, id string, err error) diag.Diagnostics { return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("failed to %s %s %s", action, resource, id), Detail: err.Error(), }, } } func errorToDiagnostics(summary string, err error) diag.Diagnostics { d := diag.Diagnostic{ Severity: diag.Error, Summary: summary, } if err != nil { d.Detail = err.Error() } return []diag.Diagnostic{d} } func featureNotSupported(feature features.Feature) diag.Diagnostics { f := features.ConstraintsMap[feature] return []diag.Diagnostic{ { Severity: diag.Error, Summary: fmt.Sprintf("%s is only supported from ArgoCD %s onwards", f.Name, f.MinVersion.String()), }, } } // pluginSDKDiags converts diagnostics from `terraform-plugin-framework/diag` to // `terraform-plugin-sdk/v2/diag` func pluginSDKDiags(ds fwdiag.Diagnostics) diag.Diagnostics { var diags diag.Diagnostics for _, d := range ds { _diag := diag.Diagnostic{ Detail: d.Detail(), Summary: d.Summary(), } switch d.Severity() { case fwdiag.SeverityError: _diag.Severity = diag.Error default: _diag.Severity = diag.Warning } diags = append(diags, _diag) } return diags } ================================================ FILE: argocd/utils_test.go ================================================ package argocd import ( "testing" ) func TestValidatePolicy(t *testing.T) { t.Parallel() project := "myproject" role := "admin" tests := []struct { name string policy string expectError bool }{ { name: "Valid policy", policy: "p, proj:myproject:admin, applications, get, myproject/*, allow", expectError: false, }, { name: "Valid applicationsets policy", policy: "p, proj:myproject:admin, applicationsets, get, myproject/*, allow", expectError: false, }, { name: "Invalid format - not enough components", policy: "p, proj:myproject:admin, applications, get", expectError: true, }, { name: "Invalid subject", policy: "p, proj:otherproject:admin, applications, get, myproject/*, allow", expectError: true, }, { name: "Invalid resource", policy: "p, proj:myproject:admin, invalidResource, get, myproject/*, allow", expectError: true, }, { name: "Invalid action", policy: "p, proj:myproject:admin, applications, invalid, myproject/*, allow", expectError: true, }, { name: "Invalid object format", policy: "p, proj:myproject:admin, applications, get, otherproject/*, allow", expectError: true, }, { name: "Invalid effect", policy: "p, proj:myproject:admin, applications, get, myproject/*, maybe", expectError: true, }, { name: "Object with valid app name", policy: "p, proj:myproject:admin, applications, get, myproject/app-01, allow", expectError: false, }, { name: "Object with valid ns/app combo", policy: "p, proj:myproject:admin, applications, get, myproject/default/app-01, allow", expectError: false, }, { name: "Object with valid ns wildcard", policy: "p, proj:myproject:admin, applications, get, myproject/default/*, allow", expectError: false, }, { name: "Object with dash and dot in name", policy: "p, proj:myproject:admin, applications, get, myproject/app-1.2, allow", expectError: false, }, } for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { t.Parallel() err := validatePolicy(project, role, tc.policy) if (err != nil) != tc.expectError { t.Errorf("validatePolicy() error = %v, expectError = %v", err, tc.expectError) } }) } } ================================================ FILE: argocd/validators.go ================================================ package argocd import ( "fmt" "regexp" "strings" "time" _ "time/tzdata" apiValidation "k8s.io/apimachinery/pkg/api/validation" utilValidation "k8s.io/apimachinery/pkg/util/validation" ) func validateMetadataLabels(isAppSet bool) func(value interface{}, key string) (ws []string, es []error) { return func(value interface{}, key string) (ws []string, es []error) { m := value.(map[string]interface{}) for k, v := range m { for _, msg := range utilValidation.IsQualifiedName(k) { es = append(es, fmt.Errorf("%s (%q) %s", key, k, msg)) } val, isString := v.(string) if !isString { es = append(es, fmt.Errorf("%s.%s (%#v): Expected value to be string", key, k, v)) return } if isAppSet && strings.HasPrefix(val, "{{") && strings.HasSuffix(val, "}}") { return } for _, msg := range utilValidation.IsValidLabelValue(val) { es = append(es, fmt.Errorf("%s (%q) %s", key, val, msg)) } } return } } func validateMetadataAnnotations(value interface{}, key string) (ws []string, es []error) { m := value.(map[string]interface{}) for k := range m { errors := utilValidation.IsQualifiedName(strings.ToLower(k)) if len(errors) > 0 { for _, e := range errors { es = append(es, fmt.Errorf("%s (%q) %s", key, k, e)) } } } return } func validateMetadataName(value interface{}, key string) (ws []string, es []error) { v := value.(string) errors := apiValidation.NameIsDNSSubdomain(v, false) if len(errors) > 0 { for _, err := range errors { es = append(es, fmt.Errorf("%s %s", key, err)) } } return } func validateDuration(value interface{}, key string) (ws []string, es []error) { v := value.(string) if _, err := time.ParseDuration(v); err != nil { es = append(es, fmt.Errorf("%s: invalid duration '%s': %s", key, v, err)) } return } func validateIntOrStringPercentage(value interface{}, key string) (ws []string, es []error) { v := value.(string) positiveIntegerOrPercentageRegexp := regexp.MustCompile(`^[+]?\d+?%?$`) if !positiveIntegerOrPercentageRegexp.MatchString(v) { es = append(es, fmt.Errorf("%s: invalid input '%s'. String input must match a positive integer (e.g. '100') or percentage (e.g. '20%%')", key, v)) } return } ================================================ FILE: argocd/validators_test.go ================================================ package argocd import ( "fmt" "testing" "github.com/stretchr/testify/require" ) func Test_validateMetadataLabels(t *testing.T) { t.Parallel() tests := []struct { name string isAppSet bool value interface{} key string wantWs []string wantEs []error }{ { name: "Valid labels", isAppSet: false, value: map[string]interface{}{ "valid-key": "valid-value", }, key: "metadata_labels", wantWs: nil, wantEs: nil, }, { name: "Invalid label key", isAppSet: false, value: map[string]interface{}{ "Invalid Key!": "valid-value", }, key: "metadata_labels", wantWs: nil, wantEs: []error{ fmt.Errorf("metadata_labels (\"Invalid Key!\") name part must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')"), }, }, { name: "Invalid label value", isAppSet: false, value: map[string]interface{}{ "valid-key": "Invalid Value!", }, key: "metadata_labels", wantWs: nil, wantEs: []error{ fmt.Errorf("metadata_labels (\"Invalid Value!\") a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')"), }, }, { name: "Non-string label value", isAppSet: false, value: map[string]interface{}{ "valid-key": 123, }, key: "metadata_labels", wantWs: nil, wantEs: []error{ fmt.Errorf("metadata_labels.valid-key (123): Expected value to be string"), }, }, { name: "Valid templated value for AppSet", isAppSet: true, value: map[string]interface{}{ "valid-key": "{{ valid-template }}", }, key: "metadata_labels", wantWs: nil, wantEs: nil, }, { name: "Invalid templated value for non-AppSet", isAppSet: false, value: map[string]interface{}{ "valid-key": "{{ invalid-template }}", }, key: "metadata_labels", wantWs: nil, wantEs: []error{ fmt.Errorf("metadata_labels (\"{{ invalid-template }}\") a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')"), }, }, { name: "Empty label key", isAppSet: false, value: map[string]interface{}{ "": "valid-value", }, key: "metadata_labels", wantWs: nil, wantEs: []error{ fmt.Errorf("metadata_labels (\"\") name part must be non-empty"), fmt.Errorf("metadata_labels (\"\") name part must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')"), }, }, { name: "Empty label value", isAppSet: false, value: map[string]interface{}{ "valid-key": "", }, key: "metadata_labels", wantWs: nil, wantEs: nil, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { t.Parallel() gotWs, gotEs := validateMetadataLabels(tt.isAppSet)(tt.value, tt.key) require.Equal(t, tt.wantWs, gotWs) require.Equal(t, tt.wantEs, gotEs) }) } } ================================================ FILE: docs/data-sources/application.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_application Data Source - terraform-provider-argocd" subcategory: "" description: |- Reads an existing ArgoCD application. --- # argocd_application (Data Source) Reads an existing ArgoCD application. ## Example Usage ```terraform data "argocd_application" "foo" { metadata = { name = "foo" namespace = "argocd" } } ``` ## Schema ### Required - `metadata` (Attributes) Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata). (see [below for nested schema](#nestedatt--metadata)) ### Read-Only - `id` (String) ArgoCD application identifier - `spec` (Attributes) The application specification. (see [below for nested schema](#nestedatt--spec)) - `status` (Attributes) Status information for the application. (see [below for nested schema](#nestedatt--status)) ### Nested Schema for `metadata` Required: - `name` (String) Name of the applications.argoproj.io, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Optional: - `namespace` (String) Namespace of the applications.argoproj.io, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ Read-Only: - `annotations` (Map of String) An unstructured key value map stored with the applications.argoproj.io that may be used to store arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - `generation` (Number) A sequence number representing a specific generation of the desired state. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the applications.argoproj.io. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - `resource_version` (String) An opaque value that represents the internal version of this applications.argoproj.io that can be used by clients to determine when the applications.argoproj.io has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - `uid` (String) The unique in time and space value for this applications.argoproj.io. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids ### Nested Schema for `spec` Read-Only: - `destination` (Attributes) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedatt--spec--destination)) - `ignore_differences` (Attributes List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedatt--spec--ignore_differences)) - `infos` (Attributes List) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedatt--spec--infos)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `sources` (Attributes List) Location of the application's manifests or chart. (see [below for nested schema](#nestedatt--spec--sources)) - `sync_policy` (Attributes) Controls when and how a sync will be performed. (see [below for nested schema](#nestedatt--spec--sync_policy)) ### Nested Schema for `spec.destination` Read-Only: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.ignore_differences` Read-Only: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.infos` Read-Only: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.sources` Read-Only: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Attributes) Path/directory specific options. (see [below for nested schema](#nestedatt--spec--sources--directory)) - `helm` (Attributes) Helm specific options. (see [below for nested schema](#nestedatt--spec--sources--helm)) - `kustomize` (Attributes) Kustomize specific options. (see [below for nested schema](#nestedatt--spec--sources--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Attributes) Config management plugin specific options. (see [below for nested schema](#nestedatt--spec--sources--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.sources.directory` Read-Only: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Attributes) Jsonnet specific options. (see [below for nested schema](#nestedatt--spec--sources--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.sources.directory.jsonnet` Read-Only: - `ext_vars` (Attributes List) List of Jsonnet External Variables. (see [below for nested schema](#nestedatt--spec--sources--directory--jsonnet--ext_vars)) - `libs` (List of String) Additional library search dirs. - `tlas` (Attributes List) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedatt--spec--sources--directory--jsonnet--tlas)) ### Nested Schema for `spec.sources.directory.jsonnet.ext_vars` Read-Only: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.sources.directory.jsonnet.tlas` Read-Only: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.sources.helm` Read-Only: - `file_parameters` (Attributes List) File parameters for the helm template. (see [below for nested schema](#nestedatt--spec--sources--helm--file_parameters)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameters` (Attributes List) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedatt--spec--sources--helm--parameters)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a Attribute. ### Nested Schema for `spec.sources.helm.file_parameters` Read-Only: - `name` (String) Name of the Helm parameters. - `path` (String) Path to the file containing the values for the Helm parameters. ### Nested Schema for `spec.sources.helm.parameters` Read-Only: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameters. - `value` (String) Value of the Helm parameters. ### Nested Schema for `spec.sources.kustomize` Read-Only: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.sources.plugin` Read-Only: - `env` (Attributes List) Environment variables passed to the plugin. (see [below for nested schema](#nestedatt--spec--sources--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. - `parameters` (Attributes List) Parameters to supply to config management plugin. (see [below for nested schema](#nestedatt--spec--sources--plugin--parameters)) ### Nested Schema for `spec.sources.plugin.env` Read-Only: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.sources.plugin.parameters` Read-Only: - `array` (List of String) Value of an array type parameters. - `map` (Map of String) Value of a map type parameters. - `name` (String) Name identifying a parameters. - `string` (String) Value of a string type parameters. ### Nested Schema for `spec.sync_policy` Read-Only: - `automated` (Attributes) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedatt--spec--sync_policy--automated)) - `retry` (Attributes) Controls failed sync retry behavior. (see [below for nested schema](#nestedatt--spec--sync_policy--retry)) - `sync_options` (Set of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.sync_policy.automated` Read-Only: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.sync_policy.retry` Read-Only: - `backoff` (Attributes) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedatt--spec--sync_policy--retry--backoff)) - `limit` (Number) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.sync_policy.retry.backoff` Read-Only: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (Number) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `status` Read-Only: - `conditions` (Attributes List) List of currently observed application conditions. (see [below for nested schema](#nestedatt--status--conditions)) - `health` (Attributes) Application's current health status. (see [below for nested schema](#nestedatt--status--health)) - `operation_state` (Attributes) Information about any ongoing operations, such as a sync. (see [below for nested schema](#nestedatt--status--operation_state)) - `reconciled_at` (String) When the application state was reconciled using the latest git version. - `resources` (Attributes List) List of Kubernetes resources managed by this application. (see [below for nested schema](#nestedatt--status--resources)) - `summary` (Attributes) List of URLs and container images used by this application. (see [below for nested schema](#nestedatt--status--summary)) - `sync` (Attributes) Application's current sync status (see [below for nested schema](#nestedatt--status--sync)) ### Nested Schema for `status.conditions` Read-Only: - `last_transition_time` (String) The time the condition was last observed. - `message` (String) Human-readable message indicating details about condition. - `type` (String) Application condition type. ### Nested Schema for `status.health` Read-Only: - `message` (String) Human-readable informational message describing the health status. - `status` (String) Status code of the application or resource. ### Nested Schema for `status.operation_state` Read-Only: - `finished_at` (String) Time of operation completion. - `message` (String) Any pertinent messages when attempting to perform operation (typically errors). - `phase` (String) The current phase of the operation. - `retry_count` (Number) Count of operation retries. - `started_at` (String) Time of operation start. ### Nested Schema for `status.resources` Read-Only: - `group` (String) The Kubernetes resource Group. - `health` (Attributes) Resource health status. (see [below for nested schema](#nestedatt--status--resources--health)) - `hook` (Boolean) Indicates whether or not this resource has a hook annotation. - `kind` (String) The Kubernetes resource Kind. - `name` (String) The Kubernetes resource Name. - `namespace` (String) The Kubernetes resource Namespace. - `requires_pruning` (Boolean) Indicates if the resources requires pruning or not. - `status` (String) Resource sync status. - `sync_wave` (Number) Sync wave. - `version` (String) The Kubernetes resource Version. ### Nested Schema for `status.resources.health` Read-Only: - `message` (String) Human-readable informational message describing the health status. - `status` (String) Status code of the application or resource. ### Nested Schema for `status.summary` Read-Only: - `external_urls` (List of String) All external URLs of application child resources. - `images` (List of String) All images of application child resources. ### Nested Schema for `status.sync` Read-Only: - `revisions` (List of String) Information about the revision(s) the comparison has been performed to. - `status` (String) Sync state of the comparison. ================================================ FILE: docs/index.md ================================================ --- page_title: "Provider: ArgoCD" description: |- The ArgoCD provider provides lifecycle management of ArgoCD resources. --- # ArgoCD Provider The ArgoCD Provider provides lifecycle management of [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) resources. **NB**: The provider is not concerned with the installation/configuration of ArgoCD itself. To make use of the provider, you will need to have an existing ArgoCD installation. The correct provider configuration largely depends on whether or not your ArgoCD API server is exposed or not. If your ArgoCD API server is exposed, then: - use `server_addr` along with a `username`/`password` or `auth_token`. - use `use_local_config` if you have (pre)authenticated via the ArgoCD CLI (E.g. via SSO using `argocd login --sso`. If you have not exposed your ArgoCD API server or have not deployed the API server ([ArgoCD core](https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#core)), see below for options. **Note**: in both these cases, you need sufficient access to the Kubernetes API to perform any actions. - use `port_forward_with_namespace` and optionally `kubernetes` configuration (to temporarily expose the ArgoCD API server using port forwarding) along with a `username`/`password` or `auth_token`. - if you use port-forwarding and your argo-cd-server is running on plain HTTP you need to add the flag `plain_text = true` to the provider configuration as well - use `core` to run a local ArgoCD API server that communicates directly with the Kubernetes API. **NB**: When using `core`, take note of the warning in the docs below. If you are struggling to determine the correct configuration for the provider or the provider is behaving strangely and failing to connect for whatever reason, then we would suggest that you first figure out what combination of parameters work to log in using the ArgoCD CLI (`argocd login`) and then set the provider configuration to match what you used in the CLI. See also the ArgoCD [Getting Started](https://argo-cd.readthedocs.io/en/stable/getting_started/#3-access-the-argo-cd-api-server) docs. ## Example Usage ```terraform # Exposed ArgoCD API - authenticated using authentication token. provider "argocd" { server_addr = "argocd.local:443" auth_token = "1234..." } # Exposed ArgoCD API - authenticated using `username`/`password` provider "argocd" { server_addr = "argocd.local:443" username = "foo" password = local.password } # Exposed ArgoCD API - (pre)authenticated using local ArgoCD config (e.g. when # you have previously logged in using SSO). provider "argocd" { use_local_config = true # context = "foo" # Use explicit context from ArgoCD config instead of `current-context`. } # Unexposed ArgoCD API - using the current Kubernetes context and # port-forwarding to temporarily expose ArgoCD API and authenticating using # `auth_token`. provider "argocd" { auth_token = "1234..." port_forward = true } # Unexposed ArgoCD API - using port-forwarding to temporarily expose ArgoCD API # whilst overriding the current context in kubeconfig. provider "argocd" { auth_token = "1234..." port_forward_with_namespace = "custom-argocd-namespace" kubernetes { config_context = "kind-argocd" } } # Unexposed ArgoCD API - using `core` to run ArgoCD server locally and # communicate directly with the Kubernetes API. provider "argocd" { core = true } ```
## Schema ### Optional - `auth_token` (String, Sensitive) ArgoCD authentication token, takes precedence over `username`/`password`. Can be set through the `ARGOCD_AUTH_TOKEN` environment variable. - `cert_file` (String) Additional root CA certificates file to add to the client TLS connection pool. - `client_cert_file` (String) Client certificate. - `client_cert_key` (String) Client certificate key. - `config_path` (String) Override the default config path of `$HOME/.config/argocd/config`. Only relevant when `use_local_config`. Can be set through the `ARGOCD_CONFIG_PATH` environment variable. - `context` (String) Context to choose when using a local ArgoCD config file. Only relevant when `use_local_config`. Can be set through `ARGOCD_CONTEXT` environment variable. - `core` (Boolean) Configure direct access using Kubernetes API server. **Warning**: this feature works by starting a local ArgoCD API server that talks directly to the Kubernetes API using the **current context in the default kubeconfig** (`~/.kube/config`). This behavior cannot be overridden using either environment variables or the `kubernetes` block in the provider configuration at present). If the server fails to start (e.g. your kubeconfig is misconfigured) then the provider will fail as a result of the `argocd` module forcing it to exit and no logs will be available to help you debug this. The error message will be similar to > `The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may contain more details.` To debug this, you will need to login via the ArgoCD CLI using `argocd login --core` and then running an operation. E.g. `argocd app list`. - `grpc_web` (Boolean) Whether to use gRPC web proxy client. Useful if Argo CD server is behind proxy which does not support HTTP2. - `grpc_web_root_path` (String) Use the gRPC web proxy client and set the web root, e.g. `argo-cd`. Useful if the Argo CD server is behind a proxy at a non-root path. - `headers` (Set of String) Additional headers to add to each request to the ArgoCD server. - `insecure` (Boolean) Whether to skip TLS server certificate. Can be set through the `ARGOCD_INSECURE` environment variable. - `kubernetes` (Block List, Max: 1) Kubernetes configuration overrides. Only relevant when `port_forward = true` or `port_forward_with_namespace = "foo"`. The kubeconfig file that is used can be overridden using the [`KUBECONFIG` environment variable](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#the-kubeconfig-environment-variable)). (see [below for nested schema](#nestedblock--kubernetes)) - `password` (String, Sensitive) Authentication password. Can be set through the `ARGOCD_AUTH_PASSWORD` environment variable. - `plain_text` (Boolean) Whether to initiate an unencrypted connection to ArgoCD server. - `port_forward` (Boolean) Connect to a random argocd-server port using port forwarding. - `port_forward_with_namespace` (String) Namespace name which should be used for port forwarding. - `server_addr` (String) ArgoCD server address with port. Can be set through the `ARGOCD_SERVER` environment variable. - `use_local_config` (Boolean) Use the authentication settings found in the local config file. Useful when you have previously logged in using SSO. Conflicts with `auth_token`, `username` and `password`. - `user_agent` (String) User-Agent request header override. - `username` (String) Authentication username. Can be set through the `ARGOCD_AUTH_USERNAME` environment variable. ### Nested Schema for `kubernetes` Optional: - `client_certificate` (String) PEM-encoded client certificate for TLS authentication. Can be sourced from `KUBE_CLIENT_CERT_DATA`. - `client_key` (String, Sensitive) PEM-encoded client certificate key for TLS authentication. Can be sourced from `KUBE_CLIENT_KEY_DATA`. - `cluster_ca_certificate` (String) PEM-encoded root certificates bundle for TLS authentication. Can be sourced from `KUBE_CLUSTER_CA_CERT_DATA`. - `config_context` (String) Context to choose from the config file. Can be sourced from `KUBE_CTX`. - `config_context_auth_info` (String) - `config_context_cluster` (String) - `exec` (Block List, Max: 1) Configuration block to use an [exec-based credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials. (see [below for nested schema](#nestedblock--kubernetes--exec)) - `host` (String) The hostname (in form of URI) of the Kubernetes API. Can be sourced from `KUBE_HOST`. - `insecure` (Boolean) Whether server should be accessed without verifying the TLS certificate. Can be sourced from `KUBE_INSECURE`. - `password` (String, Sensitive) The password to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_PASSWORD`. - `token` (String, Sensitive) Token to authenticate an service account. Can be sourced from `KUBE_TOKEN`. - `username` (String) The username to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_USER`. ### Nested Schema for `kubernetes.exec` Required: - `api_version` (String) API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`. - `command` (String) Command to execute. Optional: - `args` (List of String) Map of environment variables to set when executing the plugin. - `env` (Map of String) List of arguments to pass when executing the plugin. ================================================ FILE: docs/resources/account_token.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_account_token Resource - terraform-provider-argocd" subcategory: "" description: |- Manages ArgoCD account https://argo-cd.readthedocs.io/en/latest/user-guide/commands/argocd_account/ JWT tokens. ~> Security Notice The JWT token generated by this resource is treated as sensitive and, thus, not displayed in console output. However, it will be stored unencrypted in your Terraform state file. Read more about sensitive data handling in the Terraform documentation https://www.terraform.io/docs/language/state/sensitive-data.html. --- # argocd_account_token (Resource) Manages ArgoCD [account](https://argo-cd.readthedocs.io/en/latest/user-guide/commands/argocd_account/) JWT tokens. ~> **Security Notice** The JWT token generated by this resource is treated as sensitive and, thus, not displayed in console output. However, it will be stored *unencrypted* in your Terraform state file. Read more about sensitive data handling in the [Terraform documentation](https://www.terraform.io/docs/language/state/sensitive-data.html). ## Example Usage ```terraform # Token for account configured on the `provider` resource "argocd_account_token" "this" { renew_after = "168h" # renew after 7 days } # Token for ac count `foo` resource "argocd_account_token" "foo" { account = "foo" expires_in = "168h" # expire in 7 days renew_before = "84h" # renew when less than 3.5 days remain until expiry } ``` ## Schema ### Optional - `account` (String) Account name. Defaults to the current account. I.e. the account configured on the `provider` block. - `expires_in` (String) Duration before the token will expire. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. E.g. `30m`, `12h`. Default: No expiration. - `renew_after` (String) Duration to control token silent regeneration based on token age. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. If set, then the token will be regenerated if it is older than `renew_after`. I.e. if `currentDate - issued_at > renew_after`. - `renew_before` (String) Duration to control token silent regeneration based on remaining token lifetime. If `expires_in` is set, Terraform will regenerate the token if `expires_at - currentDate < renew_before`. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. ### Read-Only - `expires_at` (String) If `expires_in` is set, Unix timestamp upon which the token will expire. - `id` (String) The ID of this resource. - `issued_at` (String) Unix timestamp at which the token was issued. - `jwt` (String, Sensitive) The raw JWT. ================================================ FILE: docs/resources/application.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_application Resource - terraform-provider-argocd" subcategory: "" description: |- Manages applications https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#applications within ArgoCD. --- # argocd_application (Resource) Manages [applications](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#applications) within ArgoCD. ## Example Usage ```terraform # Kustomize application resource "argocd_application" "kustomize" { metadata { name = "kustomize-app" namespace = "argocd" labels = { test = "true" } } cascade = false # disable cascading deletion wait = true spec { project = "myproject" destination { server = "https://kubernetes.default.svc" namespace = "foo" } source { repo_url = "https://github.com/kubernetes-sigs/kustomize" path = "examples/helloWorld" target_revision = "master" kustomize { name_prefix = "foo-" name_suffix = "-bar" images = ["hashicorp/terraform:light"] common_labels = { "this.is.a.common" = "la-bel" "another.io/one" = "true" } } } sync_policy { automated { prune = true self_heal = true allow_empty = true } # Only available from ArgoCD 1.5.0 onwards sync_options = ["Validate=false"] retry { limit = "5" backoff { duration = "30s" max_duration = "2m" factor = "2" } } } ignore_difference { group = "apps" kind = "Deployment" json_pointers = ["/spec/replicas"] } ignore_difference { group = "apps" kind = "StatefulSet" name = "someStatefulSet" json_pointers = [ "/spec/replicas", "/spec/template/spec/metadata/labels/bar", ] # Only available from ArgoCD 2.1.0 onwards jq_path_expressions = [ ".spec.replicas", ".spec.template.spec.metadata.labels.bar", ] } } } # Helm application resource "argocd_application" "helm" { metadata { name = "helm-app" namespace = "argocd" labels = { test = "true" } } spec { destination { server = "https://kubernetes.default.svc" namespace = "default" } source { repo_url = "https://some.chart.repo.io" chart = "mychart" target_revision = "1.2.3" helm { release_name = "testing" parameter { name = "image.tag" value = "1.2.3" } parameter { name = "someotherparameter" value = "true" } value_files = ["values-test.yml"] values = yamlencode({ someparameter = { enabled = true someArray = ["foo", "bar"] } }) } } } } # Multiple Application Sources with Helm value files from external Git repository resource "argocd_application" "multiple_sources" { metadata { name = "helm-app-with-external-values" namespace = "argocd" } spec { project = "default" source { repo_url = "https://charts.helm.sh/stable" chart = "wordpress" target_revision = "9.0.3" helm { value_files = ["$values/helm-dependency/values.yaml"] } } source { repo_url = "https://github.com/argoproj/argocd-example-apps.git" target_revision = "HEAD" ref = "values" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } ``` ## Schema ### Required - `metadata` (Block List, Min: 1, Max: 1) Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata). (see [below for nested schema](#nestedblock--metadata)) - `spec` (Block List, Min: 1, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec)) ### Optional - `cascade` (Boolean) Whether to applying cascading deletion when application is removed. - `sync` (Boolean) Trigger sync immediately after create/update. Helps in case when a Sync window is defined. It is required that the sync window is defined with `manual_sync = true`. - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts)) - `validate` (Boolean) Whether to validate the application spec before creating or updating the application. - `wait` (Boolean) Upon application creation or update, wait for application health/sync status to be healthy/Synced, upon application deletion, wait for application to be removed, when set to true. Wait timeouts are controlled by Terraform Create, Update and Delete resource timeouts (all default to 5 minutes). **Note**: if ArgoCD decides not to sync an application (e.g. because the project to which the application belongs has a `sync_window` applied) then you will experience an expected timeout event if `wait = true`. ### Read-Only - `id` (String) The ID of this resource. - `status` (List of Object) Status information for the application. **Note**: this is not guaranteed to be up to date immediately after creating/updating an application unless `wait=true`. (see [below for nested schema](#nestedatt--status)) ### Nested Schema for `metadata` Optional: - `annotations` (Map of String) An unstructured key value map stored with the applications.argoproj.io that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the applications.argoproj.io. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels - `name` (String) Name of the applications.argoproj.io, must be unique. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names - `namespace` (String) Namespace of the applications.argoproj.io, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ Read-Only: - `generation` (Number) A sequence number representing a specific generation of the desired state. - `resource_version` (String) An opaque value that represents the internal version of this applications.argoproj.io that can be used by clients to determine when applications.argoproj.io has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - `uid` (String) The unique in time and space value for this applications.argoproj.io. More info: http://kubernetes.io/docs/user-guide/identifiers#uids ### Nested Schema for `spec` Required: - `destination` (Block Set, Min: 1, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--destination)) - `source` (Block List, Min: 1) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--source)) Optional: - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--sync_policy)) ### Nested Schema for `spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.source` Required: - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `timeouts` Optional: - `create` (String) - `delete` (String) - `update` (String) ### Nested Schema for `status` Read-Only: - `conditions` (List of Object) (see [below for nested schema](#nestedobjatt--status--conditions)) - `health` (List of Object) (see [below for nested schema](#nestedobjatt--status--health)) - `operation_state` (List of Object) (see [below for nested schema](#nestedobjatt--status--operation_state)) - `reconciled_at` (String) - `resources` (List of Object) (see [below for nested schema](#nestedobjatt--status--resources)) - `summary` (List of Object) (see [below for nested schema](#nestedobjatt--status--summary)) - `sync` (List of Object) (see [below for nested schema](#nestedobjatt--status--sync)) ### Nested Schema for `status.conditions` Read-Only: - `last_transition_time` (String) - `message` (String) - `type` (String) ### Nested Schema for `status.health` Read-Only: - `message` (String) - `status` (String) ### Nested Schema for `status.operation_state` Read-Only: - `finished_at` (String) - `message` (String) - `phase` (String) - `retry_count` (String) - `started_at` (String) ### Nested Schema for `status.resources` Read-Only: - `group` (String) - `health` (List of Object) (see [below for nested schema](#nestedobjatt--status--resources--health)) - `hook` (Boolean) - `kind` (String) - `name` (String) - `namespace` (String) - `requires_pruning` (Boolean) - `status` (String) - `sync_wave` (String) - `version` (String) ### Nested Schema for `status.resources.health` Read-Only: - `message` (String) - `status` (String) ### Nested Schema for `status.summary` Read-Only: - `external_urls` (List of String) - `images` (List of String) ### Nested Schema for `status.sync` Read-Only: - `revision` (String) - `revisions` (List of String) - `status` (String) ## Import Import is supported using the following syntax: The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: ```shell # ArgoCD applications can be imported using an id consisting of `{name}:{namespace}`. terraform import argocd_application.myapp myapp:argocd ``` ================================================ FILE: docs/resources/application_set.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_application_set Resource - terraform-provider-argocd" subcategory: "" description: |- Manages application sets https://argo-cd.readthedocs.io/en/stable/user-guide/application-set/ within ArgoCD. --- # argocd_application_set (Resource) Manages [application sets](https://argo-cd.readthedocs.io/en/stable/user-guide/application-set/) within ArgoCD. ## Example Usage ```terraform # Clusters Generator resource "argocd_application_set" "clusters_selector" { metadata { name = "clusters-selector" } spec { generator { clusters { selector { match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } template { metadata { name = "{{name}}-clusters-selector" } spec { source { repo_url = "https://github.com/argoproj/argocd-example-apps/" target_revision = "HEAD" path = "guestbook" } destination { server = "{{server}}" namespace = "default" } } } } } # Cluster Decision Resource Generator resource "argocd_application_set" "cluster_decision_resource" { metadata { name = "cluster-decision-resource" } spec { generator { cluster_decision_resource { config_map_ref = "my-configmap" name = "quak" } } template { metadata { name = "{{name}}-guestbook" } spec { source { repo_url = "https://github.com/argoproj/argocd-example-apps/" target_revision = "HEAD" path = "guestbook" } destination { server = "{{server}}" namespace = "default" } } } } } # Git Generator - Directories resource "argocd_application_set" "git_directories" { metadata { name = "git-directories" } spec { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/git-generator-directory/cluster-addons/*" } directory { path = "applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook" exclude = true } } } template { metadata { name = "{{path.basename}}-git-directories" } spec { source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "https://kubernetes.default.svc" namespace = "{{path.basename}}" } } } } } # Git Generator - Files resource "argocd_application_set" "git_files" { metadata { name = "git-files" } spec { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" file { path = "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" } } } template { metadata { name = "{{cluster.name}}-git-files" } spec { source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/git-generator-files-discovery/apps/guestbook" } destination { server = "{{cluster.address}}" namespace = "guestbook" } } } } } # List Generator resource "argocd_application_set" "list" { metadata { name = "list" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://kubernetes.default.svc" }, { cluster = "engineering-prod" url = "https://kubernetes.default.svc" foo = "bar" } ] } } template { metadata { name = "{{cluster}}-guestbook" } spec { project = "my-project" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } } # List Generator with elements_yaml resource "argocd_application_set" "list_elements_yaml" { metadata { name = "list-elements-yaml" } spec { generator { list { elements_yaml = <<-EOT - cluster: engineering-dev url: https://kubernetes.default.svc environment: development - cluster: engineering-prod url: https://kubernetes.default.svc environment: production foo: bar EOT } } template { metadata { name = "{{cluster}}-guestbook" } spec { project = "my-project" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } } # Matrix Generator resource "argocd_application_set" "matrix" { metadata { name = "matrix" } spec { generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } generator { clusters { selector { match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } } } template { metadata { name = "{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } } # Merge Generator resource "argocd_application_set" "merge" { metadata { name = "merge" } spec { generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } generator { clusters { selector { match_labels = { use-kafka = "false" } } values = { kafka = "false" } } } generator { list { elements = [ { server = "https://2.4.6.8" "values.redis" = "true" }, ] } } } } template { metadata { name = "{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "app" target_revision = "HEAD" helm { parameter { name = "kafka" value = "{{values.kafka}}" } parameter { name = "redis" value = "{{values.redis}}" } } } destination { server = "{{server}}" namespace = "default" } } } } } # Pull Request Generator - GitHub resource "argocd_application_set" "pr_github" { metadata { name = "pr-github" } spec { generator { pull_request { github { api = "https://git.example.com/" owner = "myorg" repo = "myrepository" app_secret_name = "github-app-repo-creds" token_ref { secret_name = "github-token" key = "token" } labels = [ "preview" ] } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } # Pull Request Generator - Azure DevOps resource "argocd_application_set" "pr_azure_devops" { metadata { name = "pr-azure-devops" } spec { generator { pull_request { azure_devops { api = "https://dev.azure.com" organization = "myorg" project = "myproject" repo = "myrepository" labels = ["preview"] token_ref { secret_name = "azure-devops-token" key = "token" } } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } # SCM Provider Generator - GitHub resource "argocd_application_set" "scm_github" { metadata { name = "scm-github" } spec { generator { scm_provider { github { app_secret_name = "gh-app-repo-creds" organization = "myorg" # all_branches = true # api = "https://git.example.com/" # token_ref { # secret_name = "github-token" # key = "token" # } } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } # Progressive Sync - Rolling Update resource "argocd_application_set" "progressive_sync" { metadata { name = "progressive-sync" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://1.2.3.4" env = "env-dev" }, { cluster = "engineering-qa" url = "https://2.4.6.8" env = "env-qa" }, { cluster = "engineering-prod" url = "https://9.8.7.6/" env = "env-prod" } ] } } strategy { type = "RollingSync" rolling_sync { step { match_expressions { key = "envLabel" operator = "In" values = [ "env-dev" ] } # max_update = "100%" # if undefined, all applications matched are updated together (default is 100%) } step { match_expressions { key = "envLabel" operator = "In" values = [ "env-qa" ] } max_update = "0" } step { match_expressions { key = "envLabel" operator = "In" values = [ "env-prod" ] } max_update = "10%" } } } go_template = true template { metadata { name = "{{.cluster}}-guestbook" labels = { envLabel = "{{.env}}" } } spec { project = "default" source { repo_url = "https://github.com/infra-team/cluster-deployments.git" path = "guestbook/{{.cluster}}" target_revision = "HEAD" } destination { server = "{{.url}}" namespace = "guestbook" } } } } } ``` ## Schema ### Required - `metadata` (Block List, Min: 1, Max: 1) Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata). (see [below for nested schema](#nestedblock--metadata)) - `spec` (Block List, Min: 1, Max: 1) ArgoCD application set resource spec. (see [below for nested schema](#nestedblock--spec)) ### Read-Only - `id` (String) The ID of this resource. ### Nested Schema for `metadata` Optional: - `annotations` (Map of String) An unstructured key value map stored with the applicationsets.argoproj.io that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the applicationsets.argoproj.io. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels - `name` (String) Name of the applicationsets.argoproj.io, must be unique. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names - `namespace` (String) Namespace of the applicationsets.argoproj.io, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ Read-Only: - `generation` (Number) A sequence number representing a specific generation of the desired state. - `resource_version` (String) An opaque value that represents the internal version of this applicationsets.argoproj.io that can be used by clients to determine when applicationsets.argoproj.io has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - `uid` (String) The unique in time and space value for this applicationsets.argoproj.io. More info: http://kubernetes.io/docs/user-guide/identifiers#uids ### Nested Schema for `spec` Required: - `generator` (Block List, Min: 1) Application set generators. Generators are responsible for generating parameters, which are then rendered into the template: fields of the ApplicationSet resource. (see [below for nested schema](#nestedblock--spec--generator)) - `template` (Block List, Min: 1, Max: 1) Application set template. The template fields of the ApplicationSet spec are used to generate Argo CD Application resources. (see [below for nested schema](#nestedblock--spec--template)) Optional: - `go_template` (Boolean) Enable use of [Go Text Template](https://pkg.go.dev/text/template). - `go_template_options` (Set of String) Optional list of [Go Templating Options](https://pkg.go.dev/text/template#Template.Option). Only relevant if `go_template` is true. - `ignore_application_differences` (Block List) Application Set [ignoreApplicationDifferences](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/#ignore-certain-changes-to-applications). (see [below for nested schema](#nestedblock--spec--ignore_application_differences)) - `strategy` (Block List, Max: 1) [Progressive Sync](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Progressive-Syncs/) strategy (see [below for nested schema](#nestedblock--spec--strategy)) - `sync_policy` (Block List, Max: 1) Application Set [sync policy](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Controlling-Resource-Modification/). (see [below for nested schema](#nestedblock--spec--sync_policy)) - `template_patch` (String) Application set template patch, as in the [Argo CD ApplicationSet spec](https://argocd-applicationset.readthedocs.io/en/stable/fields/#templatepatch). ### Nested Schema for `spec.generator` Optional: - `cluster_decision_resource` (Block List) The [cluster decision resource](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster-Decision-Resource/) generates a list of Argo CD clusters. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource)) - `clusters` (Block List) The [cluster generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/) produces parameters based on the list of items found within the cluster secret. (see [below for nested schema](#nestedblock--spec--generator--clusters)) - `git` (Block List) [Git generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git/) generates parameters using either the directory structure of a specified Git repository (directory generator), or, using the contents of JSON/YAML files found within a specified repository (file generator). (see [below for nested schema](#nestedblock--spec--generator--git)) - `list` (Block List) [List generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-List/) generate parameters based on an arbitrary list of key/value pairs (as long as the values are string values). (see [below for nested schema](#nestedblock--spec--generator--list)) - `matrix` (Block List) [Matrix generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Matrix/) combine the parameters generated by two child generators, iterating through every combination of each generator's generated parameters. Take note of the [restrictions](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Matrix/#restrictions) regarding their usage - particularly regarding nesting matrix generators. (see [below for nested schema](#nestedblock--spec--generator--matrix)) - `merge` (Block List) [Merge generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Merge/) combine parameters produced by the base (first) generator with matching parameter sets produced by subsequent generators. Take note of the [restrictions](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Merge/#restrictions) regarding their usage - particularly regarding nesting merge generators. (see [below for nested schema](#nestedblock--spec--generator--merge)) - `plugin` (Block List) [Plugin generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Plugin/) generates parameters using a custom plugin. (see [below for nested schema](#nestedblock--spec--generator--plugin)) - `pull_request` (Block List) [Pull Request generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/) uses the API of an SCMaaS provider to automatically discover open pull requests within a repository. (see [below for nested schema](#nestedblock--spec--generator--pull_request)) - `scm_provider` (Block List) [SCM Provider generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-SCM-Provider/) uses the API of an SCMaaS provider to automatically discover repositories within an organization. (see [below for nested schema](#nestedblock--spec--generator--scm_provider)) - `selector` (Block List, Max: 1) The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. (see [below for nested schema](#nestedblock--spec--generator--selector)) ### Nested Schema for `spec.generator.cluster_decision_resource` Required: - `config_map_ref` (String) ConfigMap with the duck type definitions needed to retrieve the data this includes apiVersion(group/version), kind, matchKey and validation settings. Optional: - `label_selector` (Block List, Max: 1) Label selector used to find the resource defined in the `config_map_ref`. Alternative to `name`. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--label_selector)) - `name` (String) Resource name of the kind, group and version, defined in the `config_map_ref`. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template)) - `values` (Map of String) Arbitrary string key-value pairs which are passed directly as parameters to the template. ### Nested Schema for `spec.generator.cluster_decision_resource.label_selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--label_selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.cluster_decision_resource.label_selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.cluster_decision_resource.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec)) ### Nested Schema for `spec.generator.cluster_decision_resource.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--sync_policy)) ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--cluster_decision_resource--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.cluster_decision_resource.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.clusters` Optional: - `enabled` (Boolean) Boolean value defaulting to `true` to indicate that this block has been added thereby allowing all other attributes to be optional. - `selector` (Block List, Max: 1) Label selector used to narrow the scope of targeted clusters. (see [below for nested schema](#nestedblock--spec--generator--clusters--selector)) - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--clusters--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the cluster generator. ### Nested Schema for `spec.generator.clusters.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--clusters--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.clusters.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.clusters.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec)) ### Nested Schema for `spec.generator.clusters.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.clusters.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--sync_policy)) ### Nested Schema for `spec.generator.clusters.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.clusters.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.clusters.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.clusters.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.clusters.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.clusters.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.clusters.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.clusters.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.clusters.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.clusters.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.clusters.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.clusters.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.clusters.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.clusters.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.clusters.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.clusters.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.clusters.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.clusters.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.clusters.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.clusters.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--clusters--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.clusters.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.git` Required: - `repo_url` (String) URL to the repository to use. Optional: - `directory` (Block List) List of directories in the source repository to use when template the Application.. (see [below for nested schema](#nestedblock--spec--generator--git--directory)) - `file` (Block List) List of files in the source repository to use when template the Application. (see [below for nested schema](#nestedblock--spec--generator--git--file)) - `path_param_prefix` (String) Prefix for all path-related parameter names. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `revision` (String) Revision of the source repository to use. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--git--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.git.directory` Required: - `path` (String) Path in the repository. Optional: - `exclude` (Boolean) Flag indicating whether or not the directory should be excluded when templating. ### Nested Schema for `spec.generator.git.file` Required: - `path` (String) Path to the file in the repository. ### Nested Schema for `spec.generator.git.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--git--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec)) ### Nested Schema for `spec.generator.git.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.git.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--sync_policy)) ### Nested Schema for `spec.generator.git.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.git.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.git.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.git.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.git.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.git.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.git.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.git.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.git.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.git.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.git.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.git.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.git.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.git.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.git.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.git.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.git.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.git.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.git.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.git.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--git--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.git.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.list` Optional: - `elements` (List of Map of String) List of key/value pairs to pass as parameters into the template - `elements_yaml` (String) YAML string containing list of key/value pairs to pass as parameters into the template - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--list--template)) ### Nested Schema for `spec.generator.list.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--list--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec)) ### Nested Schema for `spec.generator.list.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.list.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--sync_policy)) ### Nested Schema for `spec.generator.list.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.list.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.list.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.list.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.list.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.list.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.list.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.list.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.list.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.list.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.list.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.list.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.list.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.list.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.list.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.list.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.list.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.list.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.list.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.list.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--list--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.list.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix` Required: - `generator` (Block List, Min: 2, Max: 2) Child generator. Generators are responsible for generating parameters, which are then combined by the parent matrix generator into the template fields of the ApplicationSet resource. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator)) Optional: - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--template)) ### Nested Schema for `spec.generator.matrix.generator` Optional: - `cluster_decision_resource` (Block List) The [cluster decision resource](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster-Decision-Resource/) generates a list of Argo CD clusters. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource)) - `clusters` (Block List) The [cluster generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/) produces parameters based on the list of items found within the cluster secret. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters)) - `git` (Block List) [Git generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git/) generates parameters using either the directory structure of a specified Git repository (directory generator), or, using the contents of JSON/YAML files found within a specified repository (file generator). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git)) - `list` (Block List) [List generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-List/) generate parameters based on an arbitrary list of key/value pairs (as long as the values are string values). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list)) - `matrix` (Block List) [Matrix generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Matrix/) combine the parameters generated by two child generators, iterating through every combination of each generator's generated parameters. Take note of the [restrictions](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Matrix/#restrictions) regarding their usage - particularly regarding nesting matrix generators. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix)) - `merge` (Block List) [Merge generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Merge/) combine parameters produced by the base (first) generator with matching parameter sets produced by subsequent generators. Take note of the [restrictions](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Merge/#restrictions) regarding their usage - particularly regarding nesting merge generators. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge)) - `plugin` (Block List) [Plugin generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Plugin/) generates parameters using a custom plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin)) - `pull_request` (Block List) [Pull Request generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/) uses the API of an SCMaaS provider to automatically discover open pull requests within a repository. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request)) - `scm_provider` (Block List) [SCM Provider generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-SCM-Provider/) uses the API of an SCMaaS provider to automatically discover repositories within an organization. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider)) - `selector` (Block List, Max: 1) The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--selector)) ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource` Required: - `config_map_ref` (String) ConfigMap with the duck type definitions needed to retrieve the data this includes apiVersion(group/version), kind, matchKey and validation settings. Optional: - `label_selector` (Block List, Max: 1) Label selector used to find the resource defined in the `config_map_ref`. Alternative to `name`. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--label_selector)) - `name` (String) Resource name of the kind, group and version, defined in the `config_map_ref`. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template)) - `values` (Map of String) Arbitrary string key-value pairs which are passed directly as parameters to the template. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.label_selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--label_selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.label_selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.clusters` Optional: - `enabled` (Boolean) Boolean value defaulting to `true` to indicate that this block has been added thereby allowing all other attributes to be optional. - `selector` (Block List, Max: 1) Label selector used to narrow the scope of targeted clusters. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--selector)) - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the cluster generator. ### Nested Schema for `spec.generator.matrix.generator.clusters.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.clusters.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.generator.clusters.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.clusters.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--clusters--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.clusters.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.git` Required: - `repo_url` (String) URL to the repository to use. Optional: - `directory` (Block List) List of directories in the source repository to use when template the Application.. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--directory)) - `file` (Block List) List of files in the source repository to use when template the Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--file)) - `path_param_prefix` (String) Prefix for all path-related parameter names. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `revision` (String) Revision of the source repository to use. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.matrix.generator.git.directory` Required: - `path` (String) Path in the repository. Optional: - `exclude` (Boolean) Flag indicating whether or not the directory should be excluded when templating. ### Nested Schema for `spec.generator.matrix.generator.git.file` Required: - `path` (String) Path to the file in the repository. ### Nested Schema for `spec.generator.matrix.generator.git.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.git.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.git.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--git--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.git.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.list` Optional: - `elements` (List of Map of String) List of key/value pairs to pass as parameters into the template - `elements_yaml` (String) YAML string containing list of key/value pairs to pass as parameters into the template - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template)) ### Nested Schema for `spec.generator.matrix.generator.list.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.list.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.list.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--list--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.list.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.matrix` Required: - `generator` (Block List, Min: 2, Max: 2) Child generator. Generators are responsible for generating parameters, which are then combined by the parent matrix generator into the template fields of the ApplicationSet resource. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator)) Optional: - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator` Optional: - `cluster_decision_resource` (Block List) The [cluster decision resource](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster-Decision-Resource/) generates a list of Argo CD clusters. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource)) - `clusters` (Block List) The [cluster generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/) produces parameters based on the list of items found within the cluster secret. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters)) - `git` (Block List) [Git generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git/) generates parameters using either the directory structure of a specified Git repository (directory generator), or, using the contents of JSON/YAML files found within a specified repository (file generator). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git)) - `list` (Block List) [List generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-List/) generate parameters based on an arbitrary list of key/value pairs (as long as the values are string values). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list)) - `plugin` (Block List) [Plugin generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Plugin/) generates parameters using a custom plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin)) - `pull_request` (Block List) [Pull Request generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/) uses the API of an SCMaaS provider to automatically discover open pull requests within a repository. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request)) - `scm_provider` (Block List) [SCM Provider generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-SCM-Provider/) uses the API of an SCMaaS provider to automatically discover repositories within an organization. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider)) - `selector` (Block List, Max: 1) The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--selector)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource` Required: - `config_map_ref` (String) ConfigMap with the duck type definitions needed to retrieve the data this includes apiVersion(group/version), kind, matchKey and validation settings. Optional: - `label_selector` (Block List, Max: 1) Label selector used to find the resource defined in the `config_map_ref`. Alternative to `name`. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--label_selector)) - `name` (String) Resource name of the kind, group and version, defined in the `config_map_ref`. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template)) - `values` (Map of String) Arbitrary string key-value pairs which are passed directly as parameters to the template. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.label_selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--label_selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.label_selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters` Optional: - `enabled` (Boolean) Boolean value defaulting to `true` to indicate that this block has been added thereby allowing all other attributes to be optional. - `selector` (Block List, Max: 1) Label selector used to narrow the scope of targeted clusters. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--selector)) - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the cluster generator. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--clusters--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.clusters.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git` Required: - `repo_url` (String) URL to the repository to use. Optional: - `directory` (Block List) List of directories in the source repository to use when template the Application.. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--directory)) - `file` (Block List) List of files in the source repository to use when template the Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--file)) - `path_param_prefix` (String) Prefix for all path-related parameter names. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `revision` (String) Revision of the source repository to use. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.directory` Required: - `path` (String) Path in the repository. Optional: - `exclude` (Boolean) Flag indicating whether or not the directory should be excluded when templating. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.file` Required: - `path` (String) Path to the file in the repository. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--git--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.git.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list` Optional: - `elements` (List of Map of String) List of key/value pairs to pass as parameters into the template - `elements_yaml` (String) YAML string containing list of key/value pairs to pass as parameters into the template - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--list--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.list.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin` Required: - `config_map_ref` (String) ConfigMap with the plugin configuration needed to retrieve the data. Optional: - `input` (Block List, Max: 1) The input parameters used for calling the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--input)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.input` Required: - `parameters` (Map of String) Arbitrary key-value pairs which are passed directly as parameters to the plugin. A current limitation is that this cannot fully express the parameters that can be accepted by the plugin generator. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--plugin--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.plugin.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request` Optional: - `azure_devops` (Block List, Max: 1) Fetch pull requests from an Azure DevOps repository. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--azure_devops)) - `bitbucket_server` (Block List, Max: 1) Fetch pull requests from a repo hosted on a Bitbucket Server. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--bitbucket_server)) - `filter` (Block List) Filters allow selecting which pull requests to generate for. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--filter)) - `gitea` (Block List, Max: 1) Specify the repository from which to fetch the Gitea Pull requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--gitea)) - `github` (Block List, Max: 1) Specify the repository from which to fetch the GitHub Pull requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--github)) - `gitlab` (Block List, Max: 1) Specify the project from which to fetch the GitLab merge requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 30min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.azure_devops` Required: - `organization` (String) Azure DevOps org to scan. Required. - `project` (String) Azure DevOps project name to scan. Required. - `repo` (String) Azure DevOps repo name to scan. Required. Optional: - `api` (String) The Azure DevOps API URL to talk to. If blank, uses https://dev.azure.com/. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--azure_devops--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.azure_devops.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. - `repo` (String) Repo name to scan. Optional: - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.filter` Optional: - `branch_match` (String) A regex which must match the branch name. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.gitea` Required: - `api` (String) The Gitea API URL to talk to. - `owner` (String) Gitea org or user to scan. - `repo` (String) Gitea repo name to scan. Optional: - `insecure` (Boolean) Allow insecure tls, for self-signed certificates; default: false. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--gitea--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.github` Required: - `owner` (String) GitHub org or user to scan. - `repo` (String) GitHub repo name to scan. Optional: - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret with permission to access pull requests. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--github--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.gitlab` Required: - `project` (String) GitLab project to scan. Optional: - `api` (String) The GitLab API URL to talk to. If blank, uses https://gitlab.com/. - `ca_ref` (Block List, Max: 1) Reference to a ConfigMap key containing trusted CA certificates for verifying the SCM server's TLS certificate. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--gitlab--ca_ref)) - `insecure` (Boolean) A flag for checking the validity of the SCM's certificates. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `pull_request_state` (String) additional MRs filter to get only those with a certain state. Default: "" (all states). - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--gitlab--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.gitlab.ca_ref` Required: - `config_map_name` (String) Name of the ConfigMap. - `key` (String) Key containing information in trusted CA certs. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--pull_request--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.pull_request.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider` Optional: - `azure_devops` (Block List, Max: 1) Uses the Azure DevOps API to look up eligible repositories based on a team project within an Azure DevOps organization. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--azure_devops)) - `bitbucket_cloud` (Block List, Max: 1) Uses the Bitbucket API V2 to scan a workspace in bitbucket.org. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--bitbucket_cloud)) - `bitbucket_server` (Block List, Max: 1) Use the Bitbucket Server API (1.0) to scan repos in a project. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--bitbucket_server)) - `clone_protocol` (String) Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers necessarily support all protocols. - `filter` (Block List) Filters for which repos should be considered. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--filter)) - `gitea` (Block List, Max: 1) Gitea mode uses the Gitea API to scan organizations in your instance. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--gitea)) - `github` (Block List, Max: 1) Uses the GitHub API to scan an organization in either github.com or GitHub Enterprise. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--github)) - `gitlab` (Block List, Max: 1) Uses the GitLab API to scan and organization in either gitlab.com or self-hosted GitLab. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.azure_devops` Required: - `organization` (String) Azure Devops organization. E.g. "my-organization". - `team_project` (String) Azure Devops team project. E.g. "my-team". Optional: - `access_token_ref` (Block List, Max: 1) The Personal Access Token (PAT) to use when connecting. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--azure_devops--access_token_ref)) - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The URL to Azure DevOps. Defaults to https://dev.azure.com. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.azure_devops.access_token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.bitbucket_cloud` Required: - `owner` (String) Bitbucket workspace to scan. - `user` (String) Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `app_password_ref` (Block List, Max: 1) The app password to use for the user. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--bitbucket_cloud--app_password_ref)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.bitbucket_cloud.app_password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.filter` Optional: - `branch_match` (String) A regex which must match the branch name. - `label_match` (String) A regex which must match at least one label. - `paths_do_not_exist` (List of String) An array of paths, all of which must not exist. - `paths_exist` (List of String) An array of paths, all of which must exist. - `repository_match` (String) A regex for repo names. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.gitea` Required: - `owner` (String) Gitea organization or user to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The Gitea URL to talk to. For example https://gitea.mydomain.com/. - `insecure` (Boolean) Allow self-signed TLS / Certificates. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--gitea--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.github` Required: - `organization` (String) GitHub org to scan. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret. Uses a GitHub App to access the API instead of a PAT. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--github--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.gitlab` Required: - `group` (String) Gitlab group to scan. You can use either the project id (recommended) or the full namespaced path. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The Gitlab API URL to talk to. - `include_subgroups` (Boolean) Recurse through subgroups (true) or scan only the base group (false). Defaults to `false`. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--gitlab--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--scm_provider--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.scm_provider.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--generator--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.matrix.generator.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.generator.matrix.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.matrix.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--matrix--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.matrix.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.merge` Required: - `generator` (Block List, Min: 2) Child generator. Generators are responsible for generating parameters, which are then combined by the parent merge generator. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator)) - `merge_keys` (List of String) Keys to merge into resulting parameter set. Optional: - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator` Optional: - `cluster_decision_resource` (Block List) The [cluster decision resource](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster-Decision-Resource/) generates a list of Argo CD clusters. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource)) - `clusters` (Block List) The [cluster generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/) produces parameters based on the list of items found within the cluster secret. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters)) - `git` (Block List) [Git generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git/) generates parameters using either the directory structure of a specified Git repository (directory generator), or, using the contents of JSON/YAML files found within a specified repository (file generator). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git)) - `list` (Block List) [List generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-List/) generate parameters based on an arbitrary list of key/value pairs (as long as the values are string values). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list)) - `plugin` (Block List) [Plugin generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Plugin/) generates parameters using a custom plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin)) - `pull_request` (Block List) [Pull Request generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/) uses the API of an SCMaaS provider to automatically discover open pull requests within a repository. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request)) - `scm_provider` (Block List) [SCM Provider generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-SCM-Provider/) uses the API of an SCMaaS provider to automatically discover repositories within an organization. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider)) - `selector` (Block List, Max: 1) The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--selector)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource` Required: - `config_map_ref` (String) ConfigMap with the duck type definitions needed to retrieve the data this includes apiVersion(group/version), kind, matchKey and validation settings. Optional: - `label_selector` (Block List, Max: 1) Label selector used to find the resource defined in the `config_map_ref`. Alternative to `name`. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--label_selector)) - `name` (String) Resource name of the kind, group and version, defined in the `config_map_ref`. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template)) - `values` (Map of String) Arbitrary string key-value pairs which are passed directly as parameters to the template. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.label_selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--label_selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.label_selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters` Optional: - `enabled` (Boolean) Boolean value defaulting to `true` to indicate that this block has been added thereby allowing all other attributes to be optional. - `selector` (Block List, Max: 1) Label selector used to narrow the scope of targeted clusters. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--selector)) - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the cluster generator. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--clusters--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.clusters.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git` Required: - `repo_url` (String) URL to the repository to use. Optional: - `directory` (Block List) List of directories in the source repository to use when template the Application.. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--directory)) - `file` (Block List) List of files in the source repository to use when template the Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--file)) - `path_param_prefix` (String) Prefix for all path-related parameter names. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `revision` (String) Revision of the source repository to use. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.directory` Required: - `path` (String) Path in the repository. Optional: - `exclude` (Boolean) Flag indicating whether or not the directory should be excluded when templating. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.file` Required: - `path` (String) Path to the file in the repository. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--git--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.git.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list` Optional: - `elements` (List of Map of String) List of key/value pairs to pass as parameters into the template - `elements_yaml` (String) YAML string containing list of key/value pairs to pass as parameters into the template - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--list--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.list.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin` Required: - `config_map_ref` (String) ConfigMap with the plugin configuration needed to retrieve the data. Optional: - `input` (Block List, Max: 1) The input parameters used for calling the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--input)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.input` Required: - `parameters` (Map of String) Arbitrary key-value pairs which are passed directly as parameters to the plugin. A current limitation is that this cannot fully express the parameters that can be accepted by the plugin generator. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--plugin--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.plugin.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request` Optional: - `azure_devops` (Block List, Max: 1) Fetch pull requests from an Azure DevOps repository. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--azure_devops)) - `bitbucket_server` (Block List, Max: 1) Fetch pull requests from a repo hosted on a Bitbucket Server. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--bitbucket_server)) - `filter` (Block List) Filters allow selecting which pull requests to generate for. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--filter)) - `gitea` (Block List, Max: 1) Specify the repository from which to fetch the Gitea Pull requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--gitea)) - `github` (Block List, Max: 1) Specify the repository from which to fetch the GitHub Pull requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--github)) - `gitlab` (Block List, Max: 1) Specify the project from which to fetch the GitLab merge requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 30min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.azure_devops` Required: - `organization` (String) Azure DevOps org to scan. Required. - `project` (String) Azure DevOps project name to scan. Required. - `repo` (String) Azure DevOps repo name to scan. Required. Optional: - `api` (String) The Azure DevOps API URL to talk to. If blank, uses https://dev.azure.com/. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--azure_devops--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.azure_devops.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. - `repo` (String) Repo name to scan. Optional: - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.filter` Optional: - `branch_match` (String) A regex which must match the branch name. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.gitea` Required: - `api` (String) The Gitea API URL to talk to. - `owner` (String) Gitea org or user to scan. - `repo` (String) Gitea repo name to scan. Optional: - `insecure` (Boolean) Allow insecure tls, for self-signed certificates; default: false. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--gitea--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.github` Required: - `owner` (String) GitHub org or user to scan. - `repo` (String) GitHub repo name to scan. Optional: - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret with permission to access pull requests. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--github--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.gitlab` Required: - `project` (String) GitLab project to scan. Optional: - `api` (String) The GitLab API URL to talk to. If blank, uses https://gitlab.com/. - `ca_ref` (Block List, Max: 1) Reference to a ConfigMap key containing trusted CA certificates for verifying the SCM server's TLS certificate. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--gitlab--ca_ref)) - `insecure` (Boolean) A flag for checking the validity of the SCM's certificates. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `pull_request_state` (String) additional MRs filter to get only those with a certain state. Default: "" (all states). - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--gitlab--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.gitlab.ca_ref` Required: - `config_map_name` (String) Name of the ConfigMap. - `key` (String) Key containing information in trusted CA certs. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--pull_request--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.pull_request.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider` Optional: - `azure_devops` (Block List, Max: 1) Uses the Azure DevOps API to look up eligible repositories based on a team project within an Azure DevOps organization. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--azure_devops)) - `bitbucket_cloud` (Block List, Max: 1) Uses the Bitbucket API V2 to scan a workspace in bitbucket.org. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--bitbucket_cloud)) - `bitbucket_server` (Block List, Max: 1) Use the Bitbucket Server API (1.0) to scan repos in a project. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--bitbucket_server)) - `clone_protocol` (String) Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers necessarily support all protocols. - `filter` (Block List) Filters for which repos should be considered. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--filter)) - `gitea` (Block List, Max: 1) Gitea mode uses the Gitea API to scan organizations in your instance. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--gitea)) - `github` (Block List, Max: 1) Uses the GitHub API to scan an organization in either github.com or GitHub Enterprise. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--github)) - `gitlab` (Block List, Max: 1) Uses the GitLab API to scan and organization in either gitlab.com or self-hosted GitLab. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.azure_devops` Required: - `organization` (String) Azure Devops organization. E.g. "my-organization". - `team_project` (String) Azure Devops team project. E.g. "my-team". Optional: - `access_token_ref` (Block List, Max: 1) The Personal Access Token (PAT) to use when connecting. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--azure_devops--access_token_ref)) - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The URL to Azure DevOps. Defaults to https://dev.azure.com. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.azure_devops.access_token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.bitbucket_cloud` Required: - `owner` (String) Bitbucket workspace to scan. - `user` (String) Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `app_password_ref` (Block List, Max: 1) The app password to use for the user. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--bitbucket_cloud--app_password_ref)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.bitbucket_cloud.app_password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.filter` Optional: - `branch_match` (String) A regex which must match the branch name. - `label_match` (String) A regex which must match at least one label. - `paths_do_not_exist` (List of String) An array of paths, all of which must not exist. - `paths_exist` (List of String) An array of paths, all of which must exist. - `repository_match` (String) A regex for repo names. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.gitea` Required: - `owner` (String) Gitea organization or user to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The Gitea URL to talk to. For example https://gitea.mydomain.com/. - `insecure` (Boolean) Allow self-signed TLS / Certificates. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--gitea--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.github` Required: - `organization` (String) GitHub org to scan. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret. Uses a GitHub App to access the API instead of a PAT. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--github--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.gitlab` Required: - `group` (String) Gitlab group to scan. You can use either the project id (recommended) or the full namespaced path. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The Gitlab API URL to talk to. - `include_subgroups` (Boolean) Recurse through subgroups (true) or scan only the base group (false). Defaults to `false`. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--gitlab--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--scm_provider--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.scm_provider.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--generator--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.merge.generator.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.generator.merge.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.merge.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--merge--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.merge.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.plugin` Required: - `config_map_ref` (String) ConfigMap with the plugin configuration needed to retrieve the data. Optional: - `input` (Block List, Max: 1) The input parameters used for calling the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--input)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.matrix.generator.plugin.input` Required: - `parameters` (Map of String) Arbitrary key-value pairs which are passed directly as parameters to the plugin. A current limitation is that this cannot fully express the parameters that can be accepted by the plugin generator. ### Nested Schema for `spec.generator.matrix.generator.plugin.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.plugin.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--plugin--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.plugin.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.pull_request` Optional: - `azure_devops` (Block List, Max: 1) Fetch pull requests from an Azure DevOps repository. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--azure_devops)) - `bitbucket_server` (Block List, Max: 1) Fetch pull requests from a repo hosted on a Bitbucket Server. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--bitbucket_server)) - `filter` (Block List) Filters allow selecting which pull requests to generate for. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--filter)) - `gitea` (Block List, Max: 1) Specify the repository from which to fetch the Gitea Pull requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--gitea)) - `github` (Block List, Max: 1) Specify the repository from which to fetch the GitHub Pull requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--github)) - `gitlab` (Block List, Max: 1) Specify the project from which to fetch the GitLab merge requests. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 30min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.azure_devops` Required: - `organization` (String) Azure DevOps org to scan. Required. - `project` (String) Azure DevOps project name to scan. Required. - `repo` (String) Azure DevOps repo name to scan. Required. Optional: - `api` (String) The Azure DevOps API URL to talk to. If blank, uses https://dev.azure.com/. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--azure_devops--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.azure_devops.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.pull_request.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. - `repo` (String) Repo name to scan. Optional: - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.matrix.generator.pull_request.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.pull_request.filter` Optional: - `branch_match` (String) A regex which must match the branch name. ### Nested Schema for `spec.generator.matrix.generator.pull_request.gitea` Required: - `api` (String) The Gitea API URL to talk to. - `owner` (String) Gitea org or user to scan. - `repo` (String) Gitea repo name to scan. Optional: - `insecure` (Boolean) Allow insecure tls, for self-signed certificates; default: false. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--gitea--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.pull_request.github` Required: - `owner` (String) GitHub org or user to scan. - `repo` (String) GitHub repo name to scan. Optional: - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret with permission to access pull requests. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--github--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.pull_request.gitlab` Required: - `project` (String) GitLab project to scan. Optional: - `api` (String) The GitLab API URL to talk to. If blank, uses https://gitlab.com/. - `ca_ref` (Block List, Max: 1) Reference to a ConfigMap key containing trusted CA certificates for verifying the SCM server's TLS certificate. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--gitlab--ca_ref)) - `insecure` (Boolean) A flag for checking the validity of the SCM's certificates. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `pull_request_state` (String) additional MRs filter to get only those with a certain state. Default: "" (all states). - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--gitlab--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.gitlab.ca_ref` Required: - `config_map_name` (String) Name of the ConfigMap. - `key` (String) Key containing information in trusted CA certs. ### Nested Schema for `spec.generator.matrix.generator.pull_request.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--pull_request--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.pull_request.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.scm_provider` Optional: - `azure_devops` (Block List, Max: 1) Uses the Azure DevOps API to look up eligible repositories based on a team project within an Azure DevOps organization. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--azure_devops)) - `bitbucket_cloud` (Block List, Max: 1) Uses the Bitbucket API V2 to scan a workspace in bitbucket.org. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--bitbucket_cloud)) - `bitbucket_server` (Block List, Max: 1) Use the Bitbucket Server API (1.0) to scan repos in a project. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--bitbucket_server)) - `clone_protocol` (String) Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers necessarily support all protocols. - `filter` (Block List) Filters for which repos should be considered. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--filter)) - `gitea` (Block List, Max: 1) Gitea mode uses the Gitea API to scan organizations in your instance. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--gitea)) - `github` (Block List, Max: 1) Uses the GitHub API to scan an organization in either github.com or GitHub Enterprise. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--github)) - `gitlab` (Block List, Max: 1) Uses the GitLab API to scan and organization in either gitlab.com or self-hosted GitLab. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.azure_devops` Required: - `organization` (String) Azure Devops organization. E.g. "my-organization". - `team_project` (String) Azure Devops team project. E.g. "my-team". Optional: - `access_token_ref` (Block List, Max: 1) The Personal Access Token (PAT) to use when connecting. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--azure_devops--access_token_ref)) - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The URL to Azure DevOps. Defaults to https://dev.azure.com. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.azure_devops.access_token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.bitbucket_cloud` Required: - `owner` (String) Bitbucket workspace to scan. - `user` (String) Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `app_password_ref` (Block List, Max: 1) The app password to use for the user. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--bitbucket_cloud--app_password_ref)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.bitbucket_cloud.app_password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.filter` Optional: - `branch_match` (String) A regex which must match the branch name. - `label_match` (String) A regex which must match at least one label. - `paths_do_not_exist` (List of String) An array of paths, all of which must not exist. - `paths_exist` (List of String) An array of paths, all of which must exist. - `repository_match` (String) A regex for repo names. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.gitea` Required: - `owner` (String) Gitea organization or user to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The Gitea URL to talk to. For example https://gitea.mydomain.com/. - `insecure` (Boolean) Allow self-signed TLS / Certificates. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--gitea--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.github` Required: - `organization` (String) GitHub org to scan. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret. Uses a GitHub App to access the API instead of a PAT. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--github--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.gitlab` Required: - `group` (String) Gitlab group to scan. You can use either the project id (recommended) or the full namespaced path. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The Gitlab API URL to talk to. - `include_subgroups` (Boolean) Recurse through subgroups (true) or scan only the base group (false). Defaults to `false`. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--gitlab--token_ref)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--scm_provider--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.generator.scm_provider.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.matrix.generator.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--matrix--generator--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.matrix.generator.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.matrix.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec)) ### Nested Schema for `spec.generator.matrix.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.matrix.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--sync_policy)) ### Nested Schema for `spec.generator.matrix.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.matrix.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.matrix.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.matrix.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.matrix.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.matrix.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.matrix.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.matrix.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.matrix.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.matrix.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.matrix.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.matrix.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.matrix.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.matrix.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.matrix.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.matrix.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.matrix.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.matrix.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.matrix.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--matrix--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.matrix.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge` Required: - `generator` (Block List, Min: 2) Child generator. Generators are responsible for generating parameters, which are then combined by the parent merge generator. (see [below for nested schema](#nestedblock--spec--generator--merge--generator)) - `merge_keys` (List of String) Keys to merge into resulting parameter set. Optional: - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--template)) ### Nested Schema for `spec.generator.merge.generator` Optional: - `cluster_decision_resource` (Block List) The [cluster decision resource](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster-Decision-Resource/) generates a list of Argo CD clusters. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource)) - `clusters` (Block List) The [cluster generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/) produces parameters based on the list of items found within the cluster secret. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters)) - `git` (Block List) [Git generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git/) generates parameters using either the directory structure of a specified Git repository (directory generator), or, using the contents of JSON/YAML files found within a specified repository (file generator). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git)) - `list` (Block List) [List generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-List/) generate parameters based on an arbitrary list of key/value pairs (as long as the values are string values). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list)) - `matrix` (Block List) [Matrix generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Matrix/) combine the parameters generated by two child generators, iterating through every combination of each generator's generated parameters. Take note of the [restrictions](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Matrix/#restrictions) regarding their usage - particularly regarding nesting matrix generators. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix)) - `merge` (Block List) [Merge generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Merge/) combine parameters produced by the base (first) generator with matching parameter sets produced by subsequent generators. Take note of the [restrictions](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Merge/#restrictions) regarding their usage - particularly regarding nesting merge generators. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge)) - `plugin` (Block List) [Plugin generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Plugin/) generates parameters using a custom plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin)) - `pull_request` (Block List) [Pull Request generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/) uses the API of an SCMaaS provider to automatically discover open pull requests within a repository. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request)) - `scm_provider` (Block List) [SCM Provider generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-SCM-Provider/) uses the API of an SCMaaS provider to automatically discover repositories within an organization. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider)) - `selector` (Block List, Max: 1) The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--selector)) ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource` Required: - `config_map_ref` (String) ConfigMap with the duck type definitions needed to retrieve the data this includes apiVersion(group/version), kind, matchKey and validation settings. Optional: - `label_selector` (Block List, Max: 1) Label selector used to find the resource defined in the `config_map_ref`. Alternative to `name`. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--label_selector)) - `name` (String) Resource name of the kind, group and version, defined in the `config_map_ref`. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template)) - `values` (Map of String) Arbitrary string key-value pairs which are passed directly as parameters to the template. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.label_selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--label_selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.label_selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec)) ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.clusters` Optional: - `enabled` (Boolean) Boolean value defaulting to `true` to indicate that this block has been added thereby allowing all other attributes to be optional. - `selector` (Block List, Max: 1) Label selector used to narrow the scope of targeted clusters. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--selector)) - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the cluster generator. ### Nested Schema for `spec.generator.merge.generator.clusters.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.clusters.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.generator.clusters.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec)) ### Nested Schema for `spec.generator.merge.generator.clusters.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--clusters--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.clusters.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.git` Required: - `repo_url` (String) URL to the repository to use. Optional: - `directory` (Block List) List of directories in the source repository to use when template the Application.. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--directory)) - `file` (Block List) List of files in the source repository to use when template the Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--file)) - `path_param_prefix` (String) Prefix for all path-related parameter names. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `revision` (String) Revision of the source repository to use. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.merge.generator.git.directory` Required: - `path` (String) Path in the repository. Optional: - `exclude` (Boolean) Flag indicating whether or not the directory should be excluded when templating. ### Nested Schema for `spec.generator.merge.generator.git.file` Required: - `path` (String) Path to the file in the repository. ### Nested Schema for `spec.generator.merge.generator.git.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec)) ### Nested Schema for `spec.generator.merge.generator.git.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.git.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.git.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--git--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.git.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.list` Optional: - `elements` (List of Map of String) List of key/value pairs to pass as parameters into the template - `elements_yaml` (String) YAML string containing list of key/value pairs to pass as parameters into the template - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template)) ### Nested Schema for `spec.generator.merge.generator.list.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec)) ### Nested Schema for `spec.generator.merge.generator.list.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.list.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.list.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--list--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.list.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.matrix` Required: - `generator` (Block List, Min: 2, Max: 2) Child generator. Generators are responsible for generating parameters, which are then combined by the parent matrix generator into the template fields of the ApplicationSet resource. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator)) Optional: - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator` Optional: - `cluster_decision_resource` (Block List) The [cluster decision resource](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster-Decision-Resource/) generates a list of Argo CD clusters. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource)) - `clusters` (Block List) The [cluster generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/) produces parameters based on the list of items found within the cluster secret. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters)) - `git` (Block List) [Git generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git/) generates parameters using either the directory structure of a specified Git repository (directory generator), or, using the contents of JSON/YAML files found within a specified repository (file generator). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git)) - `list` (Block List) [List generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-List/) generate parameters based on an arbitrary list of key/value pairs (as long as the values are string values). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list)) - `plugin` (Block List) [Plugin generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Plugin/) generates parameters using a custom plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin)) - `pull_request` (Block List) [Pull Request generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/) uses the API of an SCMaaS provider to automatically discover open pull requests within a repository. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request)) - `scm_provider` (Block List) [SCM Provider generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-SCM-Provider/) uses the API of an SCMaaS provider to automatically discover repositories within an organization. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider)) - `selector` (Block List, Max: 1) The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--selector)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource` Required: - `config_map_ref` (String) ConfigMap with the duck type definitions needed to retrieve the data this includes apiVersion(group/version), kind, matchKey and validation settings. Optional: - `label_selector` (Block List, Max: 1) Label selector used to find the resource defined in the `config_map_ref`. Alternative to `name`. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--label_selector)) - `name` (String) Resource name of the kind, group and version, defined in the `config_map_ref`. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template)) - `values` (Map of String) Arbitrary string key-value pairs which are passed directly as parameters to the template. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.label_selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--label_selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.label_selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--cluster_decision_resource--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.cluster_decision_resource.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters` Optional: - `enabled` (Boolean) Boolean value defaulting to `true` to indicate that this block has been added thereby allowing all other attributes to be optional. - `selector` (Block List, Max: 1) Label selector used to narrow the scope of targeted clusters. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--selector)) - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the cluster generator. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--clusters--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.clusters.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git` Required: - `repo_url` (String) URL to the repository to use. Optional: - `directory` (Block List) List of directories in the source repository to use when template the Application.. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--directory)) - `file` (Block List) List of files in the source repository to use when template the Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--file)) - `path_param_prefix` (String) Prefix for all path-related parameter names. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `revision` (String) Revision of the source repository to use. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.directory` Required: - `path` (String) Path in the repository. Optional: - `exclude` (Boolean) Flag indicating whether or not the directory should be excluded when templating. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.file` Required: - `path` (String) Path to the file in the repository. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--git--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.git.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list` Optional: - `elements` (List of Map of String) List of key/value pairs to pass as parameters into the template - `elements_yaml` (String) YAML string containing list of key/value pairs to pass as parameters into the template - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--list--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.list.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin` Required: - `config_map_ref` (String) ConfigMap with the plugin configuration needed to retrieve the data. Optional: - `input` (Block List, Max: 1) The input parameters used for calling the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--input)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.input` Required: - `parameters` (Map of String) Arbitrary key-value pairs which are passed directly as parameters to the plugin. A current limitation is that this cannot fully express the parameters that can be accepted by the plugin generator. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--plugin--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.plugin.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request` Optional: - `azure_devops` (Block List, Max: 1) Fetch pull requests from an Azure DevOps repository. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--azure_devops)) - `bitbucket_server` (Block List, Max: 1) Fetch pull requests from a repo hosted on a Bitbucket Server. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--bitbucket_server)) - `filter` (Block List) Filters allow selecting which pull requests to generate for. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--filter)) - `gitea` (Block List, Max: 1) Specify the repository from which to fetch the Gitea Pull requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--gitea)) - `github` (Block List, Max: 1) Specify the repository from which to fetch the GitHub Pull requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--github)) - `gitlab` (Block List, Max: 1) Specify the project from which to fetch the GitLab merge requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 30min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.azure_devops` Required: - `organization` (String) Azure DevOps org to scan. Required. - `project` (String) Azure DevOps project name to scan. Required. - `repo` (String) Azure DevOps repo name to scan. Required. Optional: - `api` (String) The Azure DevOps API URL to talk to. If blank, uses https://dev.azure.com/. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--azure_devops--token_ref)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.azure_devops.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. - `repo` (String) Repo name to scan. Optional: - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.filter` Optional: - `branch_match` (String) A regex which must match the branch name. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.gitea` Required: - `api` (String) The Gitea API URL to talk to. - `owner` (String) Gitea org or user to scan. - `repo` (String) Gitea repo name to scan. Optional: - `insecure` (Boolean) Allow insecure tls, for self-signed certificates; default: false. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--gitea--token_ref)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.github` Required: - `owner` (String) GitHub org or user to scan. - `repo` (String) GitHub repo name to scan. Optional: - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret with permission to access pull requests. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--github--token_ref)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.gitlab` Required: - `project` (String) GitLab project to scan. Optional: - `api` (String) The GitLab API URL to talk to. If blank, uses https://gitlab.com/. - `ca_ref` (Block List, Max: 1) Reference to a ConfigMap key containing trusted CA certificates for verifying the SCM server's TLS certificate. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--gitlab--ca_ref)) - `insecure` (Boolean) A flag for checking the validity of the SCM's certificates. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `pull_request_state` (String) additional MRs filter to get only those with a certain state. Default: "" (all states). - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--gitlab--token_ref)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.gitlab.ca_ref` Required: - `config_map_name` (String) Name of the ConfigMap. - `key` (String) Key containing information in trusted CA certs. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--pull_request--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.pull_request.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider` Optional: - `azure_devops` (Block List, Max: 1) Uses the Azure DevOps API to look up eligible repositories based on a team project within an Azure DevOps organization. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--azure_devops)) - `bitbucket_cloud` (Block List, Max: 1) Uses the Bitbucket API V2 to scan a workspace in bitbucket.org. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--bitbucket_cloud)) - `bitbucket_server` (Block List, Max: 1) Use the Bitbucket Server API (1.0) to scan repos in a project. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--bitbucket_server)) - `clone_protocol` (String) Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers necessarily support all protocols. - `filter` (Block List) Filters for which repos should be considered. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--filter)) - `gitea` (Block List, Max: 1) Gitea mode uses the Gitea API to scan organizations in your instance. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--gitea)) - `github` (Block List, Max: 1) Uses the GitHub API to scan an organization in either github.com or GitHub Enterprise. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--github)) - `gitlab` (Block List, Max: 1) Uses the GitLab API to scan and organization in either gitlab.com or self-hosted GitLab. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.azure_devops` Required: - `organization` (String) Azure Devops organization. E.g. "my-organization". - `team_project` (String) Azure Devops team project. E.g. "my-team". Optional: - `access_token_ref` (Block List, Max: 1) The Personal Access Token (PAT) to use when connecting. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--azure_devops--access_token_ref)) - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The URL to Azure DevOps. Defaults to https://dev.azure.com. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.azure_devops.access_token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.bitbucket_cloud` Required: - `owner` (String) Bitbucket workspace to scan. - `user` (String) Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `app_password_ref` (Block List, Max: 1) The app password to use for the user. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--bitbucket_cloud--app_password_ref)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.bitbucket_cloud.app_password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.filter` Optional: - `branch_match` (String) A regex which must match the branch name. - `label_match` (String) A regex which must match at least one label. - `paths_do_not_exist` (List of String) An array of paths, all of which must not exist. - `paths_exist` (List of String) An array of paths, all of which must exist. - `repository_match` (String) A regex for repo names. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.gitea` Required: - `owner` (String) Gitea organization or user to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The Gitea URL to talk to. For example https://gitea.mydomain.com/. - `insecure` (Boolean) Allow self-signed TLS / Certificates. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--gitea--token_ref)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.github` Required: - `organization` (String) GitHub org to scan. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret. Uses a GitHub App to access the API instead of a PAT. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--github--token_ref)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.gitlab` Required: - `group` (String) Gitlab group to scan. You can use either the project id (recommended) or the full namespaced path. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The Gitlab API URL to talk to. - `include_subgroups` (Boolean) Recurse through subgroups (true) or scan only the base group (false). Defaults to `false`. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--gitlab--token_ref)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--scm_provider--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.scm_provider.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--generator--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.matrix.generator.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.generator.matrix.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec)) ### Nested Schema for `spec.generator.merge.generator.matrix.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--matrix--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.matrix.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.merge` Required: - `generator` (Block List, Min: 2) Child generator. Generators are responsible for generating parameters, which are then combined by the parent merge generator. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator)) - `merge_keys` (List of String) Keys to merge into resulting parameter set. Optional: - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template)) ### Nested Schema for `spec.generator.merge.generator.merge.generator` Optional: - `cluster_decision_resource` (Block List) The [cluster decision resource](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster-Decision-Resource/) generates a list of Argo CD clusters. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource)) - `clusters` (Block List) The [cluster generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Cluster/) produces parameters based on the list of items found within the cluster secret. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters)) - `git` (Block List) [Git generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git/) generates parameters using either the directory structure of a specified Git repository (directory generator), or, using the contents of JSON/YAML files found within a specified repository (file generator). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git)) - `list` (Block List) [List generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-List/) generate parameters based on an arbitrary list of key/value pairs (as long as the values are string values). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list)) - `plugin` (Block List) [Plugin generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Plugin/) generates parameters using a custom plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin)) - `pull_request` (Block List) [Pull Request generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/) uses the API of an SCMaaS provider to automatically discover open pull requests within a repository. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request)) - `scm_provider` (Block List) [SCM Provider generators](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-SCM-Provider/) uses the API of an SCMaaS provider to automatically discover repositories within an organization. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider)) - `selector` (Block List, Max: 1) The Selector allows to post-filter based on generated values using the kubernetes common labelSelector format. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--selector)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource` Required: - `config_map_ref` (String) ConfigMap with the duck type definitions needed to retrieve the data this includes apiVersion(group/version), kind, matchKey and validation settings. Optional: - `label_selector` (Block List, Max: 1) Label selector used to find the resource defined in the `config_map_ref`. Alternative to `name`. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--label_selector)) - `name` (String) Resource name of the kind, group and version, defined in the `config_map_ref`. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template)) - `values` (Map of String) Arbitrary string key-value pairs which are passed directly as parameters to the template. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.label_selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--label_selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.label_selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--cluster_decision_resource--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.cluster_decision_resource.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters` Optional: - `enabled` (Boolean) Boolean value defaulting to `true` to indicate that this block has been added thereby allowing all other attributes to be optional. - `selector` (Block List, Max: 1) Label selector used to narrow the scope of targeted clusters. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--selector)) - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the cluster generator. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--clusters--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.clusters.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git` Required: - `repo_url` (String) URL to the repository to use. Optional: - `directory` (Block List) List of directories in the source repository to use when template the Application.. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--directory)) - `file` (Block List) List of files in the source repository to use when template the Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--file)) - `path_param_prefix` (String) Prefix for all path-related parameter names. - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `revision` (String) Revision of the source repository to use. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.directory` Required: - `path` (String) Path in the repository. Optional: - `exclude` (Boolean) Flag indicating whether or not the directory should be excluded when templating. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.file` Required: - `path` (String) Path to the file in the repository. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--git--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.git.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list` Optional: - `elements` (List of Map of String) List of key/value pairs to pass as parameters into the template - `elements_yaml` (String) YAML string containing list of key/value pairs to pass as parameters into the template - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--list--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.list.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin` Required: - `config_map_ref` (String) ConfigMap with the plugin configuration needed to retrieve the data. Optional: - `input` (Block List, Max: 1) The input parameters used for calling the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--input)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.input` Required: - `parameters` (Map of String) Arbitrary key-value pairs which are passed directly as parameters to the plugin. A current limitation is that this cannot fully express the parameters that can be accepted by the plugin generator. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--plugin--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.plugin.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request` Optional: - `azure_devops` (Block List, Max: 1) Fetch pull requests from an Azure DevOps repository. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--azure_devops)) - `bitbucket_server` (Block List, Max: 1) Fetch pull requests from a repo hosted on a Bitbucket Server. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--bitbucket_server)) - `filter` (Block List) Filters allow selecting which pull requests to generate for. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--filter)) - `gitea` (Block List, Max: 1) Specify the repository from which to fetch the Gitea Pull requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--gitea)) - `github` (Block List, Max: 1) Specify the repository from which to fetch the GitHub Pull requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--github)) - `gitlab` (Block List, Max: 1) Specify the project from which to fetch the GitLab merge requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 30min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.azure_devops` Required: - `organization` (String) Azure DevOps org to scan. Required. - `project` (String) Azure DevOps project name to scan. Required. - `repo` (String) Azure DevOps repo name to scan. Required. Optional: - `api` (String) The Azure DevOps API URL to talk to. If blank, uses https://dev.azure.com/. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--azure_devops--token_ref)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.azure_devops.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. - `repo` (String) Repo name to scan. Optional: - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.filter` Optional: - `branch_match` (String) A regex which must match the branch name. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.gitea` Required: - `api` (String) The Gitea API URL to talk to. - `owner` (String) Gitea org or user to scan. - `repo` (String) Gitea repo name to scan. Optional: - `insecure` (Boolean) Allow insecure tls, for self-signed certificates; default: false. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--gitea--token_ref)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.github` Required: - `owner` (String) GitHub org or user to scan. - `repo` (String) GitHub repo name to scan. Optional: - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret with permission to access pull requests. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--github--token_ref)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.gitlab` Required: - `project` (String) GitLab project to scan. Optional: - `api` (String) The GitLab API URL to talk to. If blank, uses https://gitlab.com/. - `ca_ref` (Block List, Max: 1) Reference to a ConfigMap key containing trusted CA certificates for verifying the SCM server's TLS certificate. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--gitlab--ca_ref)) - `insecure` (Boolean) A flag for checking the validity of the SCM's certificates. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `pull_request_state` (String) additional MRs filter to get only those with a certain state. Default: "" (all states). - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--gitlab--token_ref)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.gitlab.ca_ref` Required: - `config_map_name` (String) Name of the ConfigMap. - `key` (String) Key containing information in trusted CA certs. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--pull_request--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.pull_request.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider` Optional: - `azure_devops` (Block List, Max: 1) Uses the Azure DevOps API to look up eligible repositories based on a team project within an Azure DevOps organization. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--azure_devops)) - `bitbucket_cloud` (Block List, Max: 1) Uses the Bitbucket API V2 to scan a workspace in bitbucket.org. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--bitbucket_cloud)) - `bitbucket_server` (Block List, Max: 1) Use the Bitbucket Server API (1.0) to scan repos in a project. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--bitbucket_server)) - `clone_protocol` (String) Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers necessarily support all protocols. - `filter` (Block List) Filters for which repos should be considered. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--filter)) - `gitea` (Block List, Max: 1) Gitea mode uses the Gitea API to scan organizations in your instance. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--gitea)) - `github` (Block List, Max: 1) Uses the GitHub API to scan an organization in either github.com or GitHub Enterprise. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--github)) - `gitlab` (Block List, Max: 1) Uses the GitLab API to scan and organization in either gitlab.com or self-hosted GitLab. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.azure_devops` Required: - `organization` (String) Azure Devops organization. E.g. "my-organization". - `team_project` (String) Azure Devops team project. E.g. "my-team". Optional: - `access_token_ref` (Block List, Max: 1) The Personal Access Token (PAT) to use when connecting. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--azure_devops--access_token_ref)) - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The URL to Azure DevOps. Defaults to https://dev.azure.com. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.azure_devops.access_token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.bitbucket_cloud` Required: - `owner` (String) Bitbucket workspace to scan. - `user` (String) Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `app_password_ref` (Block List, Max: 1) The app password to use for the user. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--bitbucket_cloud--app_password_ref)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.bitbucket_cloud.app_password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.filter` Optional: - `branch_match` (String) A regex which must match the branch name. - `label_match` (String) A regex which must match at least one label. - `paths_do_not_exist` (List of String) An array of paths, all of which must not exist. - `paths_exist` (List of String) An array of paths, all of which must exist. - `repository_match` (String) A regex for repo names. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.gitea` Required: - `owner` (String) Gitea organization or user to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The Gitea URL to talk to. For example https://gitea.mydomain.com/. - `insecure` (Boolean) Allow self-signed TLS / Certificates. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--gitea--token_ref)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.github` Required: - `organization` (String) GitHub org to scan. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret. Uses a GitHub App to access the API instead of a PAT. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--github--token_ref)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.gitlab` Required: - `group` (String) Gitlab group to scan. You can use either the project id (recommended) or the full namespaced path. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The Gitlab API URL to talk to. - `include_subgroups` (Boolean) Recurse through subgroups (true) or scan only the base group (false). Defaults to `false`. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--gitlab--token_ref)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--scm_provider--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.scm_provider.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.merge.generator.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--generator--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.merge.generator.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.generator.merge.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec)) ### Nested Schema for `spec.generator.merge.generator.merge.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.merge.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--merge--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.merge.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.plugin` Required: - `config_map_ref` (String) ConfigMap with the plugin configuration needed to retrieve the data. Optional: - `input` (Block List, Max: 1) The input parameters used for calling the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--input)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.merge.generator.plugin.input` Required: - `parameters` (Map of String) Arbitrary key-value pairs which are passed directly as parameters to the plugin. A current limitation is that this cannot fully express the parameters that can be accepted by the plugin generator. ### Nested Schema for `spec.generator.merge.generator.plugin.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec)) ### Nested Schema for `spec.generator.merge.generator.plugin.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--plugin--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.plugin.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.pull_request` Optional: - `azure_devops` (Block List, Max: 1) Fetch pull requests from an Azure DevOps repository. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--azure_devops)) - `bitbucket_server` (Block List, Max: 1) Fetch pull requests from a repo hosted on a Bitbucket Server. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--bitbucket_server)) - `filter` (Block List) Filters allow selecting which pull requests to generate for. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--filter)) - `gitea` (Block List, Max: 1) Specify the repository from which to fetch the Gitea Pull requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--gitea)) - `github` (Block List, Max: 1) Specify the repository from which to fetch the GitHub Pull requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--github)) - `gitlab` (Block List, Max: 1) Specify the project from which to fetch the GitLab merge requests. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 30min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template)) ### Nested Schema for `spec.generator.merge.generator.pull_request.azure_devops` Required: - `organization` (String) Azure DevOps org to scan. Required. - `project` (String) Azure DevOps project name to scan. Required. - `repo` (String) Azure DevOps repo name to scan. Required. Optional: - `api` (String) The Azure DevOps API URL to talk to. If blank, uses https://dev.azure.com/. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--azure_devops--token_ref)) ### Nested Schema for `spec.generator.merge.generator.pull_request.azure_devops.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.pull_request.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. - `repo` (String) Repo name to scan. Optional: - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.merge.generator.pull_request.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.merge.generator.pull_request.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.pull_request.filter` Optional: - `branch_match` (String) A regex which must match the branch name. ### Nested Schema for `spec.generator.merge.generator.pull_request.gitea` Required: - `api` (String) The Gitea API URL to talk to. - `owner` (String) Gitea org or user to scan. - `repo` (String) Gitea repo name to scan. Optional: - `insecure` (Boolean) Allow insecure tls, for self-signed certificates; default: false. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--gitea--token_ref)) ### Nested Schema for `spec.generator.merge.generator.pull_request.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.pull_request.github` Required: - `owner` (String) GitHub org or user to scan. - `repo` (String) GitHub repo name to scan. Optional: - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret with permission to access pull requests. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--github--token_ref)) ### Nested Schema for `spec.generator.merge.generator.pull_request.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.pull_request.gitlab` Required: - `project` (String) GitLab project to scan. Optional: - `api` (String) The GitLab API URL to talk to. If blank, uses https://gitlab.com/. - `ca_ref` (Block List, Max: 1) Reference to a ConfigMap key containing trusted CA certificates for verifying the SCM server's TLS certificate. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--gitlab--ca_ref)) - `insecure` (Boolean) A flag for checking the validity of the SCM's certificates. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `pull_request_state` (String) additional MRs filter to get only those with a certain state. Default: "" (all states). - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--gitlab--token_ref)) ### Nested Schema for `spec.generator.merge.generator.pull_request.gitlab.ca_ref` Required: - `config_map_name` (String) Name of the ConfigMap. - `key` (String) Key containing information in trusted CA certs. ### Nested Schema for `spec.generator.merge.generator.pull_request.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.pull_request.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec)) ### Nested Schema for `spec.generator.merge.generator.pull_request.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--pull_request--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.pull_request.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.scm_provider` Optional: - `azure_devops` (Block List, Max: 1) Uses the Azure DevOps API to look up eligible repositories based on a team project within an Azure DevOps organization. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--azure_devops)) - `bitbucket_cloud` (Block List, Max: 1) Uses the Bitbucket API V2 to scan a workspace in bitbucket.org. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--bitbucket_cloud)) - `bitbucket_server` (Block List, Max: 1) Use the Bitbucket Server API (1.0) to scan repos in a project. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--bitbucket_server)) - `clone_protocol` (String) Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers necessarily support all protocols. - `filter` (Block List) Filters for which repos should be considered. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--filter)) - `gitea` (Block List, Max: 1) Gitea mode uses the Gitea API to scan organizations in your instance. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--gitea)) - `github` (Block List, Max: 1) Uses the GitHub API to scan an organization in either github.com or GitHub Enterprise. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--github)) - `gitlab` (Block List, Max: 1) Uses the GitLab API to scan and organization in either gitlab.com or self-hosted GitLab. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.azure_devops` Required: - `organization` (String) Azure Devops organization. E.g. "my-organization". - `team_project` (String) Azure Devops team project. E.g. "my-team". Optional: - `access_token_ref` (Block List, Max: 1) The Personal Access Token (PAT) to use when connecting. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--azure_devops--access_token_ref)) - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The URL to Azure DevOps. Defaults to https://dev.azure.com. ### Nested Schema for `spec.generator.merge.generator.scm_provider.azure_devops.access_token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.scm_provider.bitbucket_cloud` Required: - `owner` (String) Bitbucket workspace to scan. - `user` (String) Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `app_password_ref` (Block List, Max: 1) The app password to use for the user. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--bitbucket_cloud--app_password_ref)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.bitbucket_cloud.app_password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.scm_provider.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.merge.generator.scm_provider.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.scm_provider.filter` Optional: - `branch_match` (String) A regex which must match the branch name. - `label_match` (String) A regex which must match at least one label. - `paths_do_not_exist` (List of String) An array of paths, all of which must not exist. - `paths_exist` (List of String) An array of paths, all of which must exist. - `repository_match` (String) A regex for repo names. ### Nested Schema for `spec.generator.merge.generator.scm_provider.gitea` Required: - `owner` (String) Gitea organization or user to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The Gitea URL to talk to. For example https://gitea.mydomain.com/. - `insecure` (Boolean) Allow self-signed TLS / Certificates. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--gitea--token_ref)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.scm_provider.github` Required: - `organization` (String) GitHub org to scan. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret. Uses a GitHub App to access the API instead of a PAT. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--github--token_ref)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.scm_provider.gitlab` Required: - `group` (String) Gitlab group to scan. You can use either the project id (recommended) or the full namespaced path. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The Gitlab API URL to talk to. - `include_subgroups` (Boolean) Recurse through subgroups (true) or scan only the base group (false). Defaults to `false`. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--gitlab--token_ref)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--scm_provider--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.generator.scm_provider.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.merge.generator.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--merge--generator--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.merge.generator.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.generator.merge.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--merge--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec)) ### Nested Schema for `spec.generator.merge.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.merge.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--sync_policy)) ### Nested Schema for `spec.generator.merge.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.merge.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.merge.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.merge.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.merge.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.merge.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.merge.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.merge.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.merge.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.merge.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.merge.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.merge.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.merge.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.merge.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.merge.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.merge.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.merge.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.merge.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.merge.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--merge--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.merge.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.plugin` Required: - `config_map_ref` (String) ConfigMap with the plugin configuration needed to retrieve the data. Optional: - `input` (Block List, Max: 1) The input parameters used for calling the plugin. (see [below for nested schema](#nestedblock--spec--generator--plugin--input)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--plugin--template)) - `values` (Map of String) Arbitrary string key-value pairs to pass to the template via the values field of the git generator. ### Nested Schema for `spec.generator.plugin.input` Required: - `parameters` (Map of String) Arbitrary key-value pairs which are passed directly as parameters to the plugin. A current limitation is that this cannot fully express the parameters that can be accepted by the plugin generator. ### Nested Schema for `spec.generator.plugin.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec)) ### Nested Schema for `spec.generator.plugin.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.plugin.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--sync_policy)) ### Nested Schema for `spec.generator.plugin.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.plugin.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.plugin.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.plugin.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.plugin.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.plugin.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.plugin.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.plugin.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.plugin.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.plugin.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.plugin.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.plugin.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.plugin.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.plugin.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.plugin.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.plugin.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.plugin.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.plugin.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.plugin.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.plugin.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--plugin--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.plugin.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.pull_request` Optional: - `azure_devops` (Block List, Max: 1) Fetch pull requests from an Azure DevOps repository. (see [below for nested schema](#nestedblock--spec--generator--pull_request--azure_devops)) - `bitbucket_server` (Block List, Max: 1) Fetch pull requests from a repo hosted on a Bitbucket Server. (see [below for nested schema](#nestedblock--spec--generator--pull_request--bitbucket_server)) - `filter` (Block List) Filters allow selecting which pull requests to generate for. (see [below for nested schema](#nestedblock--spec--generator--pull_request--filter)) - `gitea` (Block List, Max: 1) Specify the repository from which to fetch the Gitea Pull requests. (see [below for nested schema](#nestedblock--spec--generator--pull_request--gitea)) - `github` (Block List, Max: 1) Specify the repository from which to fetch the GitHub Pull requests. (see [below for nested schema](#nestedblock--spec--generator--pull_request--github)) - `gitlab` (Block List, Max: 1) Specify the project from which to fetch the GitLab merge requests. (see [below for nested schema](#nestedblock--spec--generator--pull_request--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 30min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template)) ### Nested Schema for `spec.generator.pull_request.azure_devops` Required: - `organization` (String) Azure DevOps org to scan. Required. - `project` (String) Azure DevOps project name to scan. Required. - `repo` (String) Azure DevOps repo name to scan. Required. Optional: - `api` (String) The Azure DevOps API URL to talk to. If blank, uses https://dev.azure.com/. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--pull_request--azure_devops--token_ref)) ### Nested Schema for `spec.generator.pull_request.azure_devops.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.pull_request.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. - `repo` (String) Repo name to scan. Optional: - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--pull_request--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.pull_request.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--pull_request--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.pull_request.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.pull_request.filter` Optional: - `branch_match` (String) A regex which must match the branch name. ### Nested Schema for `spec.generator.pull_request.gitea` Required: - `api` (String) The Gitea API URL to talk to. - `owner` (String) Gitea org or user to scan. - `repo` (String) Gitea repo name to scan. Optional: - `insecure` (Boolean) Allow insecure tls, for self-signed certificates; default: false. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--pull_request--gitea--token_ref)) ### Nested Schema for `spec.generator.pull_request.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.pull_request.github` Required: - `owner` (String) GitHub org or user to scan. - `repo` (String) GitHub repo name to scan. Optional: - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret with permission to access pull requests. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--pull_request--github--token_ref)) ### Nested Schema for `spec.generator.pull_request.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.pull_request.gitlab` Required: - `project` (String) GitLab project to scan. Optional: - `api` (String) The GitLab API URL to talk to. If blank, uses https://gitlab.com/. - `ca_ref` (Block List, Max: 1) Reference to a ConfigMap key containing trusted CA certificates for verifying the SCM server's TLS certificate. (see [below for nested schema](#nestedblock--spec--generator--pull_request--gitlab--ca_ref)) - `insecure` (Boolean) A flag for checking the validity of the SCM's certificates. - `labels` (List of String) Labels is used to filter the PRs that you want to target. - `pull_request_state` (String) additional MRs filter to get only those with a certain state. Default: "" (all states). - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--pull_request--gitlab--token_ref)) ### Nested Schema for `spec.generator.pull_request.gitlab.ca_ref` Required: - `config_map_name` (String) Name of the ConfigMap. - `key` (String) Key containing information in trusted CA certs. ### Nested Schema for `spec.generator.pull_request.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.pull_request.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec)) ### Nested Schema for `spec.generator.pull_request.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.pull_request.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--sync_policy)) ### Nested Schema for `spec.generator.pull_request.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.pull_request.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.pull_request.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.pull_request.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.pull_request.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.pull_request.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.pull_request.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.pull_request.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.pull_request.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.pull_request.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.pull_request.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.pull_request.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.pull_request.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.pull_request.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.pull_request.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.pull_request.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.pull_request.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.pull_request.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.pull_request.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.pull_request.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--pull_request--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.pull_request.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.scm_provider` Optional: - `azure_devops` (Block List, Max: 1) Uses the Azure DevOps API to look up eligible repositories based on a team project within an Azure DevOps organization. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--azure_devops)) - `bitbucket_cloud` (Block List, Max: 1) Uses the Bitbucket API V2 to scan a workspace in bitbucket.org. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--bitbucket_cloud)) - `bitbucket_server` (Block List, Max: 1) Use the Bitbucket Server API (1.0) to scan repos in a project. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--bitbucket_server)) - `clone_protocol` (String) Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers necessarily support all protocols. - `filter` (Block List) Filters for which repos should be considered. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--filter)) - `gitea` (Block List, Max: 1) Gitea mode uses the Gitea API to scan organizations in your instance. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--gitea)) - `github` (Block List, Max: 1) Uses the GitHub API to scan an organization in either github.com or GitHub Enterprise. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--github)) - `gitlab` (Block List, Max: 1) Uses the GitLab API to scan and organization in either gitlab.com or self-hosted GitLab. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--gitlab)) - `requeue_after_seconds` (String) How often to check for changes (in seconds). Default: 3min. - `template` (Block List, Max: 1) Generator template. Used to override the values of the spec-level template. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template)) ### Nested Schema for `spec.generator.scm_provider.azure_devops` Required: - `organization` (String) Azure Devops organization. E.g. "my-organization". - `team_project` (String) Azure Devops team project. E.g. "my-team". Optional: - `access_token_ref` (Block List, Max: 1) The Personal Access Token (PAT) to use when connecting. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--azure_devops--access_token_ref)) - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The URL to Azure DevOps. Defaults to https://dev.azure.com. ### Nested Schema for `spec.generator.scm_provider.azure_devops.access_token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.scm_provider.bitbucket_cloud` Required: - `owner` (String) Bitbucket workspace to scan. - `user` (String) Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `app_password_ref` (Block List, Max: 1) The app password to use for the user. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--bitbucket_cloud--app_password_ref)) ### Nested Schema for `spec.generator.scm_provider.bitbucket_cloud.app_password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.scm_provider.bitbucket_server` Required: - `api` (String) The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest. - `project` (String) Project to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `basic_auth` (Block List, Max: 1) Credentials for Basic auth. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--bitbucket_server--basic_auth)) ### Nested Schema for `spec.generator.scm_provider.bitbucket_server.basic_auth` Optional: - `password_ref` (Block List, Max: 1) Password (or personal access token) reference. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--bitbucket_server--basic_auth--password_ref)) - `username` (String) Username for Basic auth. ### Nested Schema for `spec.generator.scm_provider.bitbucket_server.basic_auth.password_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.scm_provider.filter` Optional: - `branch_match` (String) A regex which must match the branch name. - `label_match` (String) A regex which must match at least one label. - `paths_do_not_exist` (List of String) An array of paths, all of which must not exist. - `paths_exist` (List of String) An array of paths, all of which must exist. - `repository_match` (String) A regex for repo names. ### Nested Schema for `spec.generator.scm_provider.gitea` Required: - `owner` (String) Gitea organization or user to scan. Optional: - `all_branches` (Boolean) Scan all branches instead of just the default branch. - `api` (String) The Gitea URL to talk to. For example https://gitea.mydomain.com/. - `insecure` (Boolean) Allow self-signed TLS / Certificates. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--gitea--token_ref)) ### Nested Schema for `spec.generator.scm_provider.gitea.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.scm_provider.github` Required: - `organization` (String) GitHub org to scan. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The GitHub API URL to talk to. Default https://api.github.com/. - `app_secret_name` (String) Reference to a GitHub App repo-creds secret. Uses a GitHub App to access the API instead of a PAT. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--github--token_ref)) ### Nested Schema for `spec.generator.scm_provider.github.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.scm_provider.gitlab` Required: - `group` (String) Gitlab group to scan. You can use either the project id (recommended) or the full namespaced path. Optional: - `all_branches` (Boolean) If true, scan every branch of every repository. If false, scan only the default branch. - `api` (String) The Gitlab API URL to talk to. - `include_subgroups` (Boolean) Recurse through subgroups (true) or scan only the base group (false). Defaults to `false`. - `token_ref` (Block List, Max: 1) Authentication token reference. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--gitlab--token_ref)) ### Nested Schema for `spec.generator.scm_provider.gitlab.token_ref` Required: - `key` (String) Key containing information in Kubernetes `Secret`. - `secret_name` (String) Name of Kubernetes `Secret`. ### Nested Schema for `spec.generator.scm_provider.template` Optional: - `metadata` (Block List, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--metadata)) - `spec` (Block List, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec)) ### Nested Schema for `spec.generator.scm_provider.template.metadata` Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `name` (String) Name of the resulting Application - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.generator.scm_provider.template.spec` Optional: - `destination` (Block Set, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--destination)) - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `source` (Block List) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source)) - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--sync_policy)) ### Nested Schema for `spec.generator.scm_provider.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.generator.scm_provider.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.generator.scm_provider.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.generator.scm_provider.template.spec.source` Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.generator.scm_provider.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.generator.scm_provider.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.generator.scm_provider.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.generator.scm_provider.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.generator.scm_provider.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.generator.scm_provider.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.generator.scm_provider.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--generator--scm_provider--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.generator.scm_provider.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.generator.selector` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--generator--selector--match_expressions)) - `match_labels` (Map of String) A map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of `match_expressions`, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. ### Nested Schema for `spec.generator.selector.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.template` Required: - `metadata` (Block List, Min: 1, Max: 1) Kubernetes object metadata for templated Application. (see [below for nested schema](#nestedblock--spec--template--metadata)) - `spec` (Block List, Min: 1, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec--template--spec)) ### Nested Schema for `spec.template.metadata` Required: - `name` (String) Name of the resulting Application Optional: - `annotations` (Map of String) An unstructured key value map that may be used to store arbitrary metadata for the resulting Application. - `finalizers` (List of String) List of finalizers to apply to the resulting Application. - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the resulting Application. - `namespace` (String) Namespace of the resulting Application ### Nested Schema for `spec.template.spec` Required: - `destination` (Block Set, Min: 1, Max: 1) Reference to the Kubernetes server and namespace in which the application will be deployed. (see [below for nested schema](#nestedblock--spec--template--spec--destination)) - `source` (Block List, Min: 1) Location of the application's manifests or chart. (see [below for nested schema](#nestedblock--spec--template--spec--source)) Optional: - `ignore_difference` (Block List) Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration. (see [below for nested schema](#nestedblock--spec--template--spec--ignore_difference)) - `info` (Block Set) List of information (URLs, email addresses, and plain text) that relates to the application. (see [below for nested schema](#nestedblock--spec--template--spec--info)) - `project` (String) The project the application belongs to. Defaults to `default`. - `revision_history_limit` (Number) Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10. - `sync_policy` (Block List, Max: 1) Controls when and how a sync will be performed. (see [below for nested schema](#nestedblock--spec--template--spec--sync_policy)) ### Nested Schema for `spec.template.spec.destination` Optional: - `name` (String) Name of the target cluster. Can be used instead of `server`. - `namespace` (String) Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.template.spec.source` Required: - `repo_url` (String) URL to the repository (Git or Helm) that contains the application manifests. Optional: - `chart` (String) Helm chart name. Must be specified for applications sourced from a Helm repo. - `directory` (Block List, Max: 1) Path/directory specific options. (see [below for nested schema](#nestedblock--spec--template--spec--source--directory)) - `helm` (Block List, Max: 1) Helm specific options. (see [below for nested schema](#nestedblock--spec--template--spec--source--helm)) - `kustomize` (Block List, Max: 1) Kustomize specific options. (see [below for nested schema](#nestedblock--spec--template--spec--source--kustomize)) - `name` (String) Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14 - `path` (String) Directory path within the repository. Only valid for applications sourced from Git. - `plugin` (Block List, Max: 1) Config management plugin specific options. (see [below for nested schema](#nestedblock--spec--template--spec--source--plugin)) - `ref` (String) Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`. - `target_revision` (String) Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. ### Nested Schema for `spec.template.spec.source.directory` Optional: - `exclude` (String) Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}' - `include` (String) Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}' - `jsonnet` (Block List, Max: 1) Jsonnet specific options. (see [below for nested schema](#nestedblock--spec--template--spec--source--directory--jsonnet)) - `recurse` (Boolean) Whether to scan a directory recursively for manifests. ### Nested Schema for `spec.template.spec.source.directory.jsonnet` Optional: - `ext_var` (Block List) List of Jsonnet External Variables. (see [below for nested schema](#nestedblock--spec--template--spec--source--directory--jsonnet--ext_var)) - `libs` (List of String) Additional library search dirs. - `tla` (Block Set) List of Jsonnet Top-level Arguments (see [below for nested schema](#nestedblock--spec--template--spec--source--directory--jsonnet--tla)) ### Nested Schema for `spec.template.spec.source.directory.jsonnet.ext_var` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.template.spec.source.directory.jsonnet.tla` Optional: - `code` (Boolean) Determines whether the variable should be evaluated as jsonnet code or treated as string. - `name` (String) Name of Jsonnet variable. - `value` (String) Value of Jsonnet variable. ### Nested Schema for `spec.template.spec.source.helm` Optional: - `file_parameter` (Block Set) File parameters for the helm template. (see [below for nested schema](#nestedblock--spec--template--spec--source--helm--file_parameter)) - `ignore_missing_value_files` (Boolean) Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'. - `parameter` (Block Set) Helm parameters which are passed to the helm template command upon manifest generation. (see [below for nested schema](#nestedblock--spec--template--spec--source--helm--parameter)) - `pass_credentials` (Boolean) If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains. - `release_name` (String) Helm release name. If omitted it will use the application name. - `skip_crds` (Boolean) Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)). - `skip_schema_validation` (Boolean) Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)). - `value_files` (List of String) List of Helm value files to use when generating a template. - `values` (String) Helm values to be passed to 'helm template', typically defined as a block. - `version` (String) The Helm version to use for templating. Accepts either `v2` or `v3` ### Nested Schema for `spec.template.spec.source.helm.file_parameter` Required: - `name` (String) Name of the Helm parameter. - `path` (String) Path to the file containing the values for the Helm parameter. ### Nested Schema for `spec.template.spec.source.helm.parameter` Optional: - `force_string` (Boolean) Determines whether to tell Helm to interpret booleans and numbers as strings. - `name` (String) Name of the Helm parameter. - `value` (String) Value of the Helm parameter. ### Nested Schema for `spec.template.spec.source.kustomize` Optional: - `common_annotations` (Map of String) List of additional annotations to add to rendered manifests. - `common_labels` (Map of String) List of additional labels to add to rendered manifests. - `images` (Set of String) List of Kustomize image override specifications. - `name_prefix` (String) Prefix appended to resources for Kustomize apps. - `name_suffix` (String) Suffix appended to resources for Kustomize apps. - `patches` (Block List) A list of [Kustomize patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/) to apply. (see [below for nested schema](#nestedblock--spec--template--spec--source--kustomize--patches)) - `version` (String) Version of Kustomize to use for rendering manifests. ### Nested Schema for `spec.template.spec.source.kustomize.patches` Required: - `target` (Block List, Min: 1, Max: 1) Target(s) to patch (see [below for nested schema](#nestedblock--spec--template--spec--source--kustomize--patches--target)) Optional: - `options` (Map of Boolean) Additional [options](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/#name-and-kind-changes). - `patch` (String) Inline Kustomize patch to apply. - `path` (String) Path to a file containing the patch to apply. ### Nested Schema for `spec.template.spec.source.kustomize.patches.target` Optional: - `annotation_selector` (String) Annotation selector to use when matching the Kubernetes resource. - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `label_selector` (String) Label selector to use when matching the Kubernetes resource. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. - `version` (String) The Kubernetes resource Version to match for. ### Nested Schema for `spec.template.spec.source.plugin` Optional: - `env` (Block Set) Environment variables passed to the plugin. (see [below for nested schema](#nestedblock--spec--template--spec--source--plugin--env)) - `name` (String) Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules. ### Nested Schema for `spec.template.spec.source.plugin.env` Optional: - `name` (String) Name of the environment variable. - `value` (String) Value of the environment variable. ### Nested Schema for `spec.template.spec.ignore_difference` Optional: - `group` (String) The Kubernetes resource Group to match for. - `jq_path_expressions` (Set of String) List of JQ path expression strings targeting the field(s) to ignore. - `json_pointers` (Set of String) List of JSONPaths strings targeting the field(s) to ignore. - `kind` (String) The Kubernetes resource Kind to match for. - `managed_fields_managers` (Set of String) List of external controller manager names whose changes to fields should be ignored. - `name` (String) The Kubernetes resource Name to match for. - `namespace` (String) The Kubernetes resource Namespace to match for. ### Nested Schema for `spec.template.spec.info` Optional: - `name` (String) Name of the information. - `value` (String) Value of the information. ### Nested Schema for `spec.template.spec.sync_policy` Optional: - `automated` (Block Set, Max: 1) Whether to automatically keep an application synced to the target revision. (see [below for nested schema](#nestedblock--spec--template--spec--sync_policy--automated)) - `managed_namespace_metadata` (Block List, Max: 1) Controls metadata in the given namespace (if `CreateNamespace=true`). (see [below for nested schema](#nestedblock--spec--template--spec--sync_policy--managed_namespace_metadata)) - `retry` (Block List, Max: 1) Controls failed sync retry behavior. (see [below for nested schema](#nestedblock--spec--template--spec--sync_policy--retry)) - `sync_options` (List of String) List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/. ### Nested Schema for `spec.template.spec.sync_policy.automated` Optional: - `allow_empty` (Boolean) Allows apps have zero live resources. - `prune` (Boolean) Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync. - `self_heal` (Boolean) Whether to revert resources back to their desired state upon modification in the cluster. ### Nested Schema for `spec.template.spec.sync_policy.managed_namespace_metadata` Optional: - `annotations` (Map of String) Annotations to apply to the namespace. - `labels` (Map of String) Labels to apply to the namespace. ### Nested Schema for `spec.template.spec.sync_policy.retry` Optional: - `backoff` (Block Set, Max: 1) Controls how to backoff on subsequent retries of failed syncs. (see [below for nested schema](#nestedblock--spec--template--spec--sync_policy--retry--backoff)) - `limit` (String) Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed. ### Nested Schema for `spec.template.spec.sync_policy.retry.backoff` Optional: - `duration` (String) Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. - `factor` (String) Factor to multiply the base duration after each failed retry. - `max_duration` (String) Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string. ### Nested Schema for `spec.ignore_application_differences` Optional: - `jq_path_expressions` (Set of String) jq path to ignore differences - `json_pointers` (Set of String) Json pointers to ignore differences - `name` (String) name ### Nested Schema for `spec.strategy` Required: - `type` (String) Type of progressive sync. Optional: - `rolling_sync` (Block List) Update strategy allowing you to group Applications by labels present on the generated Application resources. When the ApplicationSet changes, the changes will be applied to each group of Application resources sequentially. (see [below for nested schema](#nestedblock--spec--strategy--rolling_sync)) ### Nested Schema for `spec.strategy.rolling_sync` Required: - `step` (Block List, Min: 1) Configuration used to define which applications to include in each stage of the rolling sync. All Applications in each group must become Healthy before the ApplicationSet controller will proceed to update the next group of Applications. (see [below for nested schema](#nestedblock--spec--strategy--rolling_sync--step)) ### Nested Schema for `spec.strategy.rolling_sync.step` Optional: - `match_expressions` (Block List) A list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedblock--spec--strategy--rolling_sync--step--match_expressions)) - `max_update` (String) Maximum number of simultaneous Application updates in a group. Supports both integer and percentage string values (rounds down, but floored at 1 Application for >0%). Default is 100%, unbounded. ### Nested Schema for `spec.strategy.rolling_sync.step.match_expressions` Optional: - `key` (String) The label key that the selector applies to. - `operator` (String) A key's relationship to a set of values. Valid operators ard `In`, `NotIn`, `Exists` and `DoesNotExist`. - `values` (Set of String) An array of string values. If the operator is `In` or `NotIn`, the values array must be non-empty. If the operator is `Exists` or `DoesNotExist`, the values array must be empty. This array is replaced during a strategic merge patch. ### Nested Schema for `spec.sync_policy` Optional: - `applications_sync` (String) Represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, and sync. - `preserve_resources_on_deletion` (Boolean) Label selector used to narrow the scope of targeted clusters. ================================================ FILE: docs/resources/cluster.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_cluster Resource - terraform-provider-argocd" subcategory: "" description: |- Manages clusters https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters within ArgoCD. --- # argocd_cluster (Resource) Manages [clusters](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters) within ArgoCD. ## Example Usage ```terraform ## Bearer token Authentication resource "argocd_cluster" "kubernetes" { server = "https://1.2.3.4:12345" config { bearer_token = "eyJhbGciOiJSUzI..." tls_client_config { ca_data = file("path/to/ca.pem") // ca_data = "-----BEGIN CERTIFICATE-----\nfoo\nbar\n-----END CERTIFICATE-----" // ca_data = base64decode("LS0tLS1CRUdJTiBDRVJUSUZ...") // insecure = true } } } ## GCP GKE cluster data "google_container_cluster" "cluster" { name = "cluster" location = "europe-west1" } resource "kubernetes_service_account" "argocd_manager" { metadata { name = "argocd-manager" namespace = "kube-system" } } resource "kubernetes_cluster_role" "argocd_manager" { metadata { name = "argocd-manager-role" } rule { api_groups = ["*"] resources = ["*"] verbs = ["*"] } rule { non_resource_urls = ["*"] verbs = ["*"] } } resource "kubernetes_cluster_role_binding" "argocd_manager" { metadata { name = "argocd-manager-role-binding" } role_ref { api_group = "rbac.authorization.k8s.io" kind = "ClusterRole" name = kubernetes_cluster_role.argocd_manager.metadata.0.name } subject { kind = "ServiceAccount" name = kubernetes_service_account.argocd_manager.metadata.0.name namespace = kubernetes_service_account.argocd_manager.metadata.0.namespace } } data "kubernetes_secret" "argocd_manager" { metadata { name = kubernetes_service_account.argocd_manager.default_secret_name namespace = kubernetes_service_account.argocd_manager.metadata.0.namespace } } resource "argocd_cluster" "gke" { server = format("https://%s", data.google_container_cluster.cluster.endpoint) name = "gke" config { bearer_token = data.kubernetes_secret.argocd_manager.data["token"] tls_client_config { ca_data = base64decode(data.google_container_cluster.cluster.master_auth.0.cluster_ca_certificate) } } } ## AWS EKS cluster data "aws_eks_cluster" "cluster" { name = "cluster" } resource "argocd_cluster" "eks" { server = format("https://%s", data.aws_eks_cluster.cluster.endpoint) name = "eks" namespaces = ["default", "optional"] config { aws_auth_config { cluster_name = "myekscluster" role_arn = "arn:aws:iam::<123456789012>:role/" } tls_client_config { ca_data = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) } } } ``` ## Schema ### Required - `config` (Block List, Min: 1, Max: 1) Cluster information for connecting to a cluster. (see [below for nested schema](#nestedblock--config)) ### Optional - `metadata` (Block List, Max: 2) Standard cluster secret's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata (see [below for nested schema](#nestedblock--metadata)) - `name` (String) Name of the cluster. If omitted, will use the server address. - `namespaces` (List of String) List of namespaces which are accessible in that cluster. Cluster level resources would be ignored if namespace list is not empty. - `project` (String) Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters. - `server` (String) Server is the API server URL of the Kubernetes cluster. - `shard` (String) Optional shard number. Calculated on the fly by the application controller if not specified. ### Read-Only - `id` (String) The ID of this resource. - `info` (List of Object) Information about cluster cache and state. (see [below for nested schema](#nestedatt--info)) ### Nested Schema for `config` Optional: - `aws_auth_config` (Block List) (see [below for nested schema](#nestedblock--config--aws_auth_config)) - `bearer_token` (String, Sensitive) Server requires Bearer authentication. The client will not attempt to use refresh tokens for an OAuth2 flow. - `exec_provider_config` (Block List, Max: 1) Configuration for an exec provider used to call an external command to perform cluster authentication See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig. (see [below for nested schema](#nestedblock--config--exec_provider_config)) - `password` (String, Sensitive) Password for servers that require Basic authentication. - `tls_client_config` (Block List, Max: 1) Settings to enable transport layer security when connecting to the cluster. (see [below for nested schema](#nestedblock--config--tls_client_config)) - `username` (String) Username for servers that require Basic authentication. ### Nested Schema for `config.aws_auth_config` Optional: - `cluster_name` (String) AWS cluster name. - `role_arn` (String) IAM role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain. ### Nested Schema for `config.exec_provider_config` Optional: - `api_version` (String) Preferred input version of the ExecInfo - `args` (List of String, Sensitive) Arguments to pass to the command when executing it - `command` (String) Command to execute - `env` (Map of String, Sensitive) Env defines additional environment variables to expose to the process. Passed as a map of strings - `install_hint` (String) This text is shown to the user when the executable doesn't seem to be present ### Nested Schema for `config.tls_client_config` Optional: - `ca_data` (String) PEM-encoded bytes (typically read from a root certificates bundle). - `cert_data` (String) PEM-encoded bytes (typically read from a client certificate file). - `insecure` (Boolean) Whether server should be accessed without verifying the TLS certificate. - `key_data` (String, Sensitive) PEM-encoded bytes (typically read from a client certificate key file). - `server_name` (String) Name to pass to the server for SNI and used in the client to check server certificates against. If empty, the hostname used to contact the server is used. ### Nested Schema for `metadata` Optional: - `annotations` (Map of String) An unstructured key value map stored with the cluster secret that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the cluster secret. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels ### Nested Schema for `info` Read-Only: - `applications_count` (String) - `connection_state` (List of Object) (see [below for nested schema](#nestedobjatt--info--connection_state)) - `server_version` (String) ### Nested Schema for `info.connection_state` Read-Only: - `message` (String) - `status` (String) ## Import Import is supported using the following syntax: The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: ```shell # Cluster credentials can be imported using the server URL. terraform import argocd_cluster.mycluster https://mycluster.io:443 ``` ================================================ FILE: docs/resources/gpg_key.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_gpg_key Resource - terraform-provider-argocd" subcategory: "" description: |- Manages GPG keys https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ within ArgoCD. --- # argocd_gpg_key (Resource) Manages [GPG keys](https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/) within ArgoCD. ## Example Usage ```terraform resource "argocd_gpg_key" "this" { public_key = < ## Schema ### Required - `public_key` (String) Raw key data of the GPG key to create ### Read-Only - `fingerprint` (String) Fingerprint is the fingerprint of the key - `id` (String) GPG key identifier - `owner` (String) Owner holds the owner identification, e.g. a name and e-mail address - `sub_type` (String) SubType holds the key's sub type (e.g. rsa4096) - `trust` (String) Trust holds the level of trust assigned to this key ## Import Import is supported using the following syntax: The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: ```shell # GPG Keys can be imported using the key ID. terraform import argocd_gpg_key.this 9AD92955401D388D ``` ================================================ FILE: docs/resources/project.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_project Resource - terraform-provider-argocd" subcategory: "" description: |- Manages projects https://argo-cd.readthedocs.io/en/stable/user-guide/projects/ within ArgoCD. --- # argocd_project (Resource) Manages [projects](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/) within ArgoCD. ## Example Usage ```terraform resource "argocd_project" "myproject" { metadata { name = "myproject" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple project" source_namespaces = ["argocd"] source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } destination { server = "https://kubernetes.default.svc" namespace = "foo" } destination { name = "anothercluster" namespace = "bar" } cluster_resource_blacklist { group = "*" kind = "*" } cluster_resource_whitelist { group = "rbac.authorization.k8s.io" kind = "ClusterRoleBinding" } cluster_resource_whitelist { group = "rbac.authorization.k8s.io" kind = "ClusterRole" } namespace_resource_blacklist { group = "networking.k8s.io" kind = "Ingress" } namespace_resource_whitelist { group = "*" kind = "*" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "ignored1" } ignore { group = "apps/v1" kind = "Deployment" name = "ignored2" } } role { name = "testrole" policies = [ "p, proj:myproject:testrole, applications, override, myproject/*, allow", "p, proj:myproject:testrole, applications, sync, myproject/*, allow", "p, proj:myproject:testrole, clusters, get, myproject/*, allow", "p, proj:myproject:testrole, repositories, create, myproject/*, allow", "p, proj:myproject:testrole, repositories, delete, myproject/*, allow", "p, proj:myproject:testrole, repositories, update, myproject/*, allow", "p, proj:myproject:testrole, logs, get, myproject/*, allow", "p, proj:myproject:testrole, exec, create, myproject/*, allow", ] } role { name = "anotherrole" policies = [ "p, proj:myproject:testrole, applications, get, myproject/*, allow", "p, proj:myproject:testrole, applications, sync, myproject/*, deny", ] } sync_window { kind = "allow" applications = ["api-*"] clusters = ["*"] namespaces = ["*"] duration = "3600s" schedule = "10 1 * * *" manual_sync = true } sync_window { use_and_operator = true kind = "deny" applications = ["foo", "bar"] clusters = ["in-cluster"] namespaces = ["default"] duration = "12h" schedule = "22 1 5 * *" manual_sync = false timezone = "Europe/London" } signature_keys = [ "4AEE18F83AFDEB23", "07E34825A909B250" ] } } ``` ## Schema ### Optional - `metadata` (Block List) Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata). (see [below for nested schema](#nestedblock--metadata)) - `spec` (Block List) ArgoCD AppProject spec. (see [below for nested schema](#nestedblock--spec)) ### Read-Only - `id` (String) Project identifier ### Nested Schema for `metadata` Required: - `name` (String) Name of the appproject, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Optional: - `annotations` (Map of String) An unstructured key value map stored with the appproject that may be used to store arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the appproject. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - `namespace` (String) Namespace of the appproject, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ Read-Only: - `generation` (Number) A sequence number representing a specific generation of the desired state. - `resource_version` (String) An opaque value that represents the internal version of this appproject that can be used by clients to determine when the appproject has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - `uid` (String) The unique in time and space value for this appproject. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids ### Nested Schema for `spec` Optional: - `cluster_resource_blacklist` (Block Set) Blacklisted cluster level resources. (see [below for nested schema](#nestedblock--spec--cluster_resource_blacklist)) - `cluster_resource_whitelist` (Block Set) Whitelisted cluster level resources. (see [below for nested schema](#nestedblock--spec--cluster_resource_whitelist)) - `description` (String) Project description. - `destination` (Block Set) Destinations available for deployment. (see [below for nested schema](#nestedblock--spec--destination)) - `destination_service_account` (Block Set) Service accounts to be impersonated for the application sync operation for each destination. (see [below for nested schema](#nestedblock--spec--destination_service_account)) - `namespace_resource_blacklist` (Block Set) Blacklisted namespace level resources. (see [below for nested schema](#nestedblock--spec--namespace_resource_blacklist)) - `namespace_resource_whitelist` (Block Set) Whitelisted namespace level resources. (see [below for nested schema](#nestedblock--spec--namespace_resource_whitelist)) - `orphaned_resources` (Block Set) Configuration for orphaned resources tracking. (see [below for nested schema](#nestedblock--spec--orphaned_resources)) - `role` (Block Set) Project roles. (see [below for nested schema](#nestedblock--spec--role)) - `signature_keys` (Set of String) Signature keys for verifying the integrity of applications. - `source_namespaces` (Set of String) List of source namespaces for applications. - `source_repos` (List of String) List of repositories from which applications may be created. - `sync_window` (Block Set) Controls when sync operations are allowed for the project. (see [below for nested schema](#nestedblock--spec--sync_window)) ### Nested Schema for `spec.cluster_resource_blacklist` Optional: - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. ### Nested Schema for `spec.cluster_resource_whitelist` Optional: - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. ### Nested Schema for `spec.destination` Required: - `namespace` (String) Target namespace for applications' resources. Optional: - `name` (String) Name of the destination cluster which can be used instead of server. - `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API. ### Nested Schema for `spec.destination_service_account` Required: - `default_service_account` (String) Used for impersonation during the sync operation Optional: - `namespace` (String) Specifies the target namespace for the application's resources. - `server` (String) Specifies the URL of the target cluster's Kubernetes control plane API. ### Nested Schema for `spec.namespace_resource_blacklist` Optional: - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. ### Nested Schema for `spec.namespace_resource_whitelist` Optional: - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. ### Nested Schema for `spec.orphaned_resources` Optional: - `ignore` (Block Set) List of resources to ignore during orphaned resources detection. (see [below for nested schema](#nestedblock--spec--orphaned_resources--ignore)) - `warn` (Boolean) Whether a warning condition should be created for apps which have orphaned resources. ### Nested Schema for `spec.orphaned_resources.ignore` Optional: - `group` (String) The Kubernetes resource Group to match for. - `kind` (String) The Kubernetes resource Kind to match for. - `name` (String) The Kubernetes resource name to match for. ### Nested Schema for `spec.role` Required: - `name` (String) The name of the role. - `policies` (List of String) List of casbin formatted strings that define access policies for the role in the project. For more information, see the [ArgoCD RBAC reference](https://argoproj.github.io/argo-cd/operator-manual/rbac/#rbac-permission-structure). Optional: - `description` (String) Description of the role. - `groups` (List of String) List of OIDC group claims bound to this role. - `jwt_tokens` (Attributes Set) List of JWT tokens issued for this role. (see [below for nested schema](#nestedatt--spec--role--jwt_tokens)) ### Nested Schema for `spec.role.jwt_tokens` Required: - `iat` (Number) Token issued at (timestamp). Optional: - `exp` (Number) Token expiration (timestamp). - `id` (String) Token identifier. ### Nested Schema for `spec.sync_window` Optional: - `applications` (List of String) List of applications that the window will apply to. - `clusters` (List of String) List of clusters that the window will apply to. - `duration` (String) Amount of time the sync window will be open. - `kind` (String) Defines if the window allows or blocks syncs, allowed values are `allow` or `deny`. - `manual_sync` (Boolean) Enables manual syncs when they would otherwise be blocked. - `namespaces` (List of String) List of namespaces that the window will apply to. - `schedule` (String) Time the window will begin, specified in cron format. - `timezone` (String) Timezone that the schedule will be evaluated in. - `use_and_operator` (Boolean) Defines if the AND operator should be used among the various conditions for the sync window. ## Import Import is supported using the following syntax: The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: ```shell # Projects can be imported using the project name. terraform import argocd_project.myproject myproject ``` ================================================ FILE: docs/resources/project_token.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_project_token Resource - terraform-provider-argocd" subcategory: "" description: |- Manages ArgoCD project role JWT tokens. See Project Roles https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-roles for more info. ~> Security Notice The JWT token generated by this resource is treated as sensitive and, thus, not displayed in console output. However, it will be stored unencrypted in your Terraform state file. Read more about sensitive data handling in the Terraform documentation https://www.terraform.io/docs/language/state/sensitive-data.html. --- # argocd_project_token (Resource) Manages ArgoCD project role JWT tokens. See [Project Roles](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-roles) for more info. ~> **Security Notice** The JWT token generated by this resource is treated as sensitive and, thus, not displayed in console output. However, it will be stored *unencrypted* in your Terraform state file. Read more about sensitive data handling in the [Terraform documentation](https://www.terraform.io/docs/language/state/sensitive-data.html). ## Example Usage ```terraform resource "argocd_project_token" "secret" { project = "someproject" role = "foobar" description = "short lived token" expires_in = "1h" renew_before = "30m" } ``` ## Schema ### Required - `project` (String) The project associated with the token. - `role` (String) The name of the role in the project associated with the token. ### Optional - `description` (String) Description of the token. - `expires_in` (String) Duration before the token will expire. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. E.g. `30m`, `12h`. Default: No expiration. - `renew_after` (String) Duration to control token silent regeneration based on token age. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. If set, then the token will be regenerated if it is older than `renew_after`. I.e. if `currentDate - issued_at > renew_after`. - `renew_before` (String) Duration to control token silent regeneration based on remaining token lifetime. If `expires_in` is set, Terraform will regenerate the token if `expires_at - currentDate < renew_before`. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. ### Read-Only - `expires_at` (String) If `expires_in` is set, Unix timestamp upon which the token will expire. - `id` (String) Token identifier - `issued_at` (String) Unix timestamp at which the token was issued. - `jwt` (String, Sensitive) The raw JWT. ================================================ FILE: docs/resources/repository.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_repository Resource - terraform-provider-argocd" subcategory: "" description: |- Manages repositories https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories within ArgoCD. --- # argocd_repository (Resource) Manages [repositories](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) within ArgoCD. ## Example Usage ```terraform # Public Helm repository resource "argocd_repository" "public_nginx_helm" { repo = "https://helm.nginx.com/stable" name = "nginx-stable" type = "helm" } # Public Git repository resource "argocd_repository" "public_git" { repo = "git@github.com:user/somerepo.git" } # Private Git repository resource "argocd_repository" "private" { repo = "git@private-git-repository.local:somerepo.git" username = "git" ssh_private_key = "-----BEGIN OPENSSH PRIVATE KEY-----\nfoo\nbar\n-----END OPENSSH PRIVATE KEY-----" insecure = true } # Repository with proxy configuration resource "argocd_repository" "with_proxy" { repo = "https://github.com/example/repo.git" username = "git" password = "my-token" proxy = "http://proxy.example.com:8080" no_proxy = "*.internal.example.com,localhost" } # OCI repository (e.g., for Helm charts stored in OCI registries) resource "argocd_repository" "oci_registry" { repo = "oci://ghcr.io/argoproj/argo-helm/argo-cd" name = "argocd-oci" type = "oci" username = "my-username" password = "my-token" } ``` ## Schema ### Required - `repo` (String) URL of the repository. ### Optional - `bearer_token` (String, Sensitive) BearerToken contains the bearer token used for Git BitBucket Data Center auth at the repo server - `depth` (Number) Depth specifies the depth for [shallow clones](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/#shallow-clone). A value of `0` means a full clone (the default). Shallow clone depths (`> 0`) are only supported from ArgoCD 3.3.0 onwards. - `enable_lfs` (Boolean) Whether `git-lfs` support should be enabled for this repository. - `enable_oci` (Boolean) Whether `helm-oci` support should be enabled for this repository. - `githubapp_enterprise_base_url` (String) GitHub API URL for GitHub app authentication. - `githubapp_id` (String) ID of the GitHub app used to access the repo. - `githubapp_installation_id` (String) The installation ID of the GitHub App used to access the repo. - `githubapp_private_key` (String, Sensitive) Private key data (PEM) for authentication via GitHub app. - `insecure` (Boolean) Whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys. - `name` (String) Name to be used for this repo. Only used with Helm repos. - `no_proxy` (String) Comma-separated list of hostnames that should be excluded from proxying. - `password` (String, Sensitive) Password or PAT used for authenticating at the remote repository. - `project` (String) The project name, in case the repository is project scoped. - `proxy` (String) HTTP/HTTPS proxy to access the repository. - `ssh_private_key` (String, Sensitive) PEM data for authenticating at the repo server. Only used with Git repos. - `tls_client_cert_data` (String) TLS client certificate in PEM format for authenticating at the repo server. - `tls_client_cert_key` (String, Sensitive) TLS client certificate private key in PEM format for authenticating at the repo server. - `type` (String) Type of the repo. Can be either `git`, `helm` or `oci`. `git` is assumed if empty or absent. - `use_azure_workload_identity` (Boolean) Whether `Azure-Workload-identity` should be enabled for this repository. - `username` (String) Username used for authenticating at the remote repository. ### Read-Only - `connection_state_status` (String) Contains information about the current state of connection to the repository server. - `id` (String) Repository identifier - `inherited_creds` (Boolean) Whether credentials were inherited from a credential set. ## Import Import is supported using the following syntax: The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: ```shell # Repositories can be imported using the repository URL. # Note: as the ArgoCD API does not return any sensitive information, a # subsequent `terraform apply` should be executed to make the `password`, # `ssh_private_key` and `tls_client_cert_key` attributes converge to their # expected values defined within the plan. terraform import argocd_repository.myrepo git@private-git-repository.local:somerepo.git ``` ================================================ FILE: docs/resources/repository_certificate.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_repository_certificate Resource - terraform-provider-argocd" subcategory: "" description: |- Manages custom TLS certificates https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#self-signed-untrusted-tls-certificates used by ArgoCD for connecting Git repositories. --- # argocd_repository_certificate (Resource) Manages [custom TLS certificates](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#self-signed-untrusted-tls-certificates) used by ArgoCD for connecting Git repositories. ## Example Usage ```terraform # HTTPS certificate resource "argocd_repository_certificate" "private-git-repository" { https { server_name = "private-git-repository.local" cert_data = < ## Schema ### Optional - `https` (Block List) HTTPS certificate configuration (see [below for nested schema](#nestedblock--https)) - `ssh` (Block List) SSH certificate configuration (see [below for nested schema](#nestedblock--ssh)) ### Read-Only - `id` (String) Repository certificate identifier ### Nested Schema for `https` Required: - `cert_data` (String) The actual certificate data, dependent on the certificate type - `server_name` (String) DNS name of the server this certificate is intended for Read-Only: - `cert_info` (String) Additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName) - `cert_subtype` (String) The sub type of the cert, i.e. `ssh-rsa` ### Nested Schema for `ssh` Required: - `cert_data` (String) The actual certificate data, dependent on the certificate type - `cert_subtype` (String) The sub type of the cert, i.e. `ssh-rsa` - `server_name` (String) DNS name of the server this certificate is intended for Read-Only: - `cert_info` (String) Additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName) ================================================ FILE: docs/resources/repository_credentials.md ================================================ --- # generated by https://github.com/hashicorp/terraform-plugin-docs page_title: "argocd_repository_credentials Resource - terraform-provider-argocd" subcategory: "" description: |- Manages repository credentials https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#credentials within ArgoCD. Note: due to restrictions in the ArgoCD API the provider is unable to track drift in this resource to fields other than username. I.e. the provider is unable to detect changes to repository credentials that are made outside of Terraform (e.g. manual updates to the underlying Kubernetes Secrets). --- # argocd_repository_credentials (Resource) Manages [repository credentials](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#credentials) within ArgoCD. **Note**: due to restrictions in the ArgoCD API the provider is unable to track drift in this resource to fields other than `username`. I.e. the provider is unable to detect changes to repository credentials that are made outside of Terraform (e.g. manual updates to the underlying Kubernetes Secrets). ## Example Usage ```terraform resource "argocd_repository_credentials" "private" { url = "git@private-git-repository.local" username = "git" ssh_private_key = "-----BEGIN OPENSSH PRIVATE KEY-----\nfoo\nbar\n-----END OPENSSH PRIVATE KEY-----" } ``` ## Schema ### Required - `url` (String) URL that these credentials match to ### Optional - `enable_oci` (Boolean) Whether `helm-oci` support should be enabled for this repo. Can only be set to `true` when `type` is `helm`. - `githubapp_enterprise_base_url` (String) GitHub API URL for GitHub app authentication - `githubapp_id` (String) GitHub App ID of the app used to access the repo for GitHub app authentication - `githubapp_installation_id` (String) ID of the installed GitHub App for GitHub app authentication - `githubapp_private_key` (String, Sensitive) Private key data (PEM) for authentication via GitHub app - `password` (String, Sensitive) Password for authenticating at the repo server - `ssh_private_key` (String, Sensitive) Private key data for authenticating at the repo server using SSH (only Git repos) - `tls_client_cert_data` (String) TLS client cert data for authenticating at the repo server - `tls_client_cert_key` (String, Sensitive) TLS client cert key for authenticating at the repo server - `type` (String) Type of the repository credentials. Can be either `git`, `oci` or `helm`. `git` is assumed if empty or absent. - `use_azure_workload_identity` (Boolean) Whether `Azure-Workload-identity` should be enabled for this repository. - `username` (String) Username for authenticating at the repo server ### Read-Only - `id` (String) Repository credentials identifier ## Import Import is supported using the following syntax: The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: ```shell # Repository credentials can be imported using the repository URL. # Note: as the ArgoCD API does not return any sensitive information, a # subsequent `terraform apply` should be executed to make the `password`, # `ssh_private_key` and `tls_client_cert_key` attributes converge to their # expected values defined within the plan. terraform import argocd_repository_credentials.myrepocreds git@private-git-repository.local:somerepo.git ``` ================================================ FILE: examples/data-sources/argocd_application/data-source.tf ================================================ data "argocd_application" "foo" { metadata = { name = "foo" namespace = "argocd" } } ================================================ FILE: examples/provider/provider.tf ================================================ # Exposed ArgoCD API - authenticated using authentication token. provider "argocd" { server_addr = "argocd.local:443" auth_token = "1234..." } # Exposed ArgoCD API - authenticated using `username`/`password` provider "argocd" { server_addr = "argocd.local:443" username = "foo" password = local.password } # Exposed ArgoCD API - (pre)authenticated using local ArgoCD config (e.g. when # you have previously logged in using SSO). provider "argocd" { use_local_config = true # context = "foo" # Use explicit context from ArgoCD config instead of `current-context`. } # Unexposed ArgoCD API - using the current Kubernetes context and # port-forwarding to temporarily expose ArgoCD API and authenticating using # `auth_token`. provider "argocd" { auth_token = "1234..." port_forward = true } # Unexposed ArgoCD API - using port-forwarding to temporarily expose ArgoCD API # whilst overriding the current context in kubeconfig. provider "argocd" { auth_token = "1234..." port_forward_with_namespace = "custom-argocd-namespace" kubernetes { config_context = "kind-argocd" } } # Unexposed ArgoCD API - using `core` to run ArgoCD server locally and # communicate directly with the Kubernetes API. provider "argocd" { core = true } ================================================ FILE: examples/resources/argocd_account_token/resource.tf ================================================ # Token for account configured on the `provider` resource "argocd_account_token" "this" { renew_after = "168h" # renew after 7 days } # Token for ac count `foo` resource "argocd_account_token" "foo" { account = "foo" expires_in = "168h" # expire in 7 days renew_before = "84h" # renew when less than 3.5 days remain until expiry } ================================================ FILE: examples/resources/argocd_application/import.sh ================================================ # ArgoCD applications can be imported using an id consisting of `{name}:{namespace}`. terraform import argocd_application.myapp myapp:argocd ================================================ FILE: examples/resources/argocd_application/resource.tf ================================================ # Kustomize application resource "argocd_application" "kustomize" { metadata { name = "kustomize-app" namespace = "argocd" labels = { test = "true" } } cascade = false # disable cascading deletion wait = true spec { project = "myproject" destination { server = "https://kubernetes.default.svc" namespace = "foo" } source { repo_url = "https://github.com/kubernetes-sigs/kustomize" path = "examples/helloWorld" target_revision = "master" kustomize { name_prefix = "foo-" name_suffix = "-bar" images = ["hashicorp/terraform:light"] common_labels = { "this.is.a.common" = "la-bel" "another.io/one" = "true" } } } sync_policy { automated { prune = true self_heal = true allow_empty = true } # Only available from ArgoCD 1.5.0 onwards sync_options = ["Validate=false"] retry { limit = "5" backoff { duration = "30s" max_duration = "2m" factor = "2" } } } ignore_difference { group = "apps" kind = "Deployment" json_pointers = ["/spec/replicas"] } ignore_difference { group = "apps" kind = "StatefulSet" name = "someStatefulSet" json_pointers = [ "/spec/replicas", "/spec/template/spec/metadata/labels/bar", ] # Only available from ArgoCD 2.1.0 onwards jq_path_expressions = [ ".spec.replicas", ".spec.template.spec.metadata.labels.bar", ] } } } # Helm application resource "argocd_application" "helm" { metadata { name = "helm-app" namespace = "argocd" labels = { test = "true" } } spec { destination { server = "https://kubernetes.default.svc" namespace = "default" } source { repo_url = "https://some.chart.repo.io" chart = "mychart" target_revision = "1.2.3" helm { release_name = "testing" parameter { name = "image.tag" value = "1.2.3" } parameter { name = "someotherparameter" value = "true" } value_files = ["values-test.yml"] values = yamlencode({ someparameter = { enabled = true someArray = ["foo", "bar"] } }) } } } } # Multiple Application Sources with Helm value files from external Git repository resource "argocd_application" "multiple_sources" { metadata { name = "helm-app-with-external-values" namespace = "argocd" } spec { project = "default" source { repo_url = "https://charts.helm.sh/stable" chart = "wordpress" target_revision = "9.0.3" helm { value_files = ["$values/helm-dependency/values.yaml"] } } source { repo_url = "https://github.com/argoproj/argocd-example-apps.git" target_revision = "HEAD" ref = "values" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } ================================================ FILE: examples/resources/argocd_application_set/resource.tf ================================================ # Clusters Generator resource "argocd_application_set" "clusters_selector" { metadata { name = "clusters-selector" } spec { generator { clusters { selector { match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } template { metadata { name = "{{name}}-clusters-selector" } spec { source { repo_url = "https://github.com/argoproj/argocd-example-apps/" target_revision = "HEAD" path = "guestbook" } destination { server = "{{server}}" namespace = "default" } } } } } # Cluster Decision Resource Generator resource "argocd_application_set" "cluster_decision_resource" { metadata { name = "cluster-decision-resource" } spec { generator { cluster_decision_resource { config_map_ref = "my-configmap" name = "quak" } } template { metadata { name = "{{name}}-guestbook" } spec { source { repo_url = "https://github.com/argoproj/argocd-example-apps/" target_revision = "HEAD" path = "guestbook" } destination { server = "{{server}}" namespace = "default" } } } } } # Git Generator - Directories resource "argocd_application_set" "git_directories" { metadata { name = "git-directories" } spec { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/git-generator-directory/cluster-addons/*" } directory { path = "applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook" exclude = true } } } template { metadata { name = "{{path.basename}}-git-directories" } spec { source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "https://kubernetes.default.svc" namespace = "{{path.basename}}" } } } } } # Git Generator - Files resource "argocd_application_set" "git_files" { metadata { name = "git-files" } spec { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" file { path = "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" } } } template { metadata { name = "{{cluster.name}}-git-files" } spec { source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/git-generator-files-discovery/apps/guestbook" } destination { server = "{{cluster.address}}" namespace = "guestbook" } } } } } # List Generator resource "argocd_application_set" "list" { metadata { name = "list" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://kubernetes.default.svc" }, { cluster = "engineering-prod" url = "https://kubernetes.default.svc" foo = "bar" } ] } } template { metadata { name = "{{cluster}}-guestbook" } spec { project = "my-project" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } } # List Generator with elements_yaml resource "argocd_application_set" "list_elements_yaml" { metadata { name = "list-elements-yaml" } spec { generator { list { elements_yaml = <<-EOT - cluster: engineering-dev url: https://kubernetes.default.svc environment: development - cluster: engineering-prod url: https://kubernetes.default.svc environment: production foo: bar EOT } } template { metadata { name = "{{cluster}}-guestbook" } spec { project = "my-project" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } } # Matrix Generator resource "argocd_application_set" "matrix" { metadata { name = "matrix" } spec { generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" directory { path = "applicationset/examples/matrix/cluster-addons/*" } } } generator { clusters { selector { match_labels = { "argocd.argoproj.io/secret-type" = "cluster" } } } } } } template { metadata { name = "{{path.basename}}-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "{{server}}" namespace = "{{path.basename}}" } } } } } # Merge Generator resource "argocd_application_set" "merge" { metadata { name = "merge" } spec { generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } generator { clusters { selector { match_labels = { use-kafka = "false" } } values = { kafka = "false" } } } generator { list { elements = [ { server = "https://2.4.6.8" "values.redis" = "true" }, ] } } } } template { metadata { name = "{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "app" target_revision = "HEAD" helm { parameter { name = "kafka" value = "{{values.kafka}}" } parameter { name = "redis" value = "{{values.redis}}" } } } destination { server = "{{server}}" namespace = "default" } } } } } # Pull Request Generator - GitHub resource "argocd_application_set" "pr_github" { metadata { name = "pr-github" } spec { generator { pull_request { github { api = "https://git.example.com/" owner = "myorg" repo = "myrepository" app_secret_name = "github-app-repo-creds" token_ref { secret_name = "github-token" key = "token" } labels = [ "preview" ] } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } # Pull Request Generator - Azure DevOps resource "argocd_application_set" "pr_azure_devops" { metadata { name = "pr-azure-devops" } spec { generator { pull_request { azure_devops { api = "https://dev.azure.com" organization = "myorg" project = "myproject" repo = "myrepository" labels = ["preview"] token_ref { secret_name = "azure-devops-token" key = "token" } } } } template { metadata { name = "myapp-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } # SCM Provider Generator - GitHub resource "argocd_application_set" "scm_github" { metadata { name = "scm-github" } spec { generator { scm_provider { github { app_secret_name = "gh-app-repo-creds" organization = "myorg" # all_branches = true # api = "https://git.example.com/" # token_ref { # secret_name = "github-token" # key = "token" # } } } } template { metadata { name = "{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } # Progressive Sync - Rolling Update resource "argocd_application_set" "progressive_sync" { metadata { name = "progressive-sync" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://1.2.3.4" env = "env-dev" }, { cluster = "engineering-qa" url = "https://2.4.6.8" env = "env-qa" }, { cluster = "engineering-prod" url = "https://9.8.7.6/" env = "env-prod" } ] } } strategy { type = "RollingSync" rolling_sync { step { match_expressions { key = "envLabel" operator = "In" values = [ "env-dev" ] } # max_update = "100%" # if undefined, all applications matched are updated together (default is 100%) } step { match_expressions { key = "envLabel" operator = "In" values = [ "env-qa" ] } max_update = "0" } step { match_expressions { key = "envLabel" operator = "In" values = [ "env-prod" ] } max_update = "10%" } } } go_template = true template { metadata { name = "{{.cluster}}-guestbook" labels = { envLabel = "{{.env}}" } } spec { project = "default" source { repo_url = "https://github.com/infra-team/cluster-deployments.git" path = "guestbook/{{.cluster}}" target_revision = "HEAD" } destination { server = "{{.url}}" namespace = "guestbook" } } } } } ================================================ FILE: examples/resources/argocd_cluster/import.sh ================================================ # Cluster credentials can be imported using the server URL. terraform import argocd_cluster.mycluster https://mycluster.io:443 ================================================ FILE: examples/resources/argocd_cluster/resource.tf ================================================ ## Bearer token Authentication resource "argocd_cluster" "kubernetes" { server = "https://1.2.3.4:12345" config { bearer_token = "eyJhbGciOiJSUzI..." tls_client_config { ca_data = file("path/to/ca.pem") // ca_data = "-----BEGIN CERTIFICATE-----\nfoo\nbar\n-----END CERTIFICATE-----" // ca_data = base64decode("LS0tLS1CRUdJTiBDRVJUSUZ...") // insecure = true } } } ## GCP GKE cluster data "google_container_cluster" "cluster" { name = "cluster" location = "europe-west1" } resource "kubernetes_service_account" "argocd_manager" { metadata { name = "argocd-manager" namespace = "kube-system" } } resource "kubernetes_cluster_role" "argocd_manager" { metadata { name = "argocd-manager-role" } rule { api_groups = ["*"] resources = ["*"] verbs = ["*"] } rule { non_resource_urls = ["*"] verbs = ["*"] } } resource "kubernetes_cluster_role_binding" "argocd_manager" { metadata { name = "argocd-manager-role-binding" } role_ref { api_group = "rbac.authorization.k8s.io" kind = "ClusterRole" name = kubernetes_cluster_role.argocd_manager.metadata.0.name } subject { kind = "ServiceAccount" name = kubernetes_service_account.argocd_manager.metadata.0.name namespace = kubernetes_service_account.argocd_manager.metadata.0.namespace } } data "kubernetes_secret" "argocd_manager" { metadata { name = kubernetes_service_account.argocd_manager.default_secret_name namespace = kubernetes_service_account.argocd_manager.metadata.0.namespace } } resource "argocd_cluster" "gke" { server = format("https://%s", data.google_container_cluster.cluster.endpoint) name = "gke" config { bearer_token = data.kubernetes_secret.argocd_manager.data["token"] tls_client_config { ca_data = base64decode(data.google_container_cluster.cluster.master_auth.0.cluster_ca_certificate) } } } ## AWS EKS cluster data "aws_eks_cluster" "cluster" { name = "cluster" } resource "argocd_cluster" "eks" { server = format("https://%s", data.aws_eks_cluster.cluster.endpoint) name = "eks" namespaces = ["default", "optional"] config { aws_auth_config { cluster_name = "myekscluster" role_arn = "arn:aws:iam::<123456789012>:role/" } tls_client_config { ca_data = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) } } } ================================================ FILE: examples/resources/argocd_gpg_key/import.sh ================================================ # GPG Keys can be imported using the key ID. terraform import argocd_gpg_key.this 9AD92955401D388D ================================================ FILE: examples/resources/argocd_gpg_key/resource.tf ================================================ resource "argocd_gpg_key" "this" { public_key = < github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0 // Avoid CVE-2022-28948 gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 // https://github.com/kubernetes/kubernetes/issues/79384#issuecomment-505627280 k8s.io/api => k8s.io/api v0.34.0 k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.34.0 k8s.io/apimachinery => k8s.io/apimachinery v0.34.2 k8s.io/apiserver => k8s.io/apiserver v0.34.0 k8s.io/cli-runtime => k8s.io/cli-runtime v0.34.0 k8s.io/client-go => k8s.io/client-go v0.34.0 k8s.io/cloud-provider => k8s.io/cloud-provider v0.34.0 k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.34.0 k8s.io/code-generator => k8s.io/code-generator v0.34.0 k8s.io/component-base => k8s.io/component-base v0.34.0 k8s.io/component-helpers => k8s.io/component-helpers v0.34.0 k8s.io/controller-manager => k8s.io/controller-manager v0.34.0 k8s.io/cri-api => k8s.io/cri-api v0.34.2 k8s.io/cri-client => k8s.io/cri-client v0.34.0 k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.34.0 k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.34.0 k8s.io/endpointslice => k8s.io/endpointslice v0.34.0 k8s.io/externaljwt => k8s.io/externaljwt v0.34.2 k8s.io/kms => k8s.io/kms v0.34.0 k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.34.0 k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.34.0 k8s.io/kube-proxy => k8s.io/kube-proxy v0.34.0 k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.34.0 k8s.io/kubectl => k8s.io/kubectl v0.34.0 k8s.io/kubelet => k8s.io/kubelet v0.34.0 k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.33.1 k8s.io/metrics => k8s.io/metrics v0.34.0 k8s.io/mount-utils => k8s.io/mount-utils v0.34.2 k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.34.0 k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.34.0 k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.34.0 k8s.io/sample-controller => k8s.io/sample-controller v0.34.0 ) ================================================ FILE: go.sum ================================================ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps= cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs= cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= code.gitea.io/sdk/gitea v0.22.1 h1:7K05KjRORyTcTYULQ/AwvlVS6pawLcWyXZcTr7gHFyA= code.gitea.io/sdk/gitea v0.22.1/go.mod h1:yyF5+GhljqvA30sRDreoyHILruNiy4ASufugzYg0VHM= cyphar.com/go-pathrs v0.2.1 h1:9nx1vOgwVvX1mNBWDu93+vaceedpbsDqo+XuBGL40b8= cyphar.com/go-pathrs v0.2.1/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/42wim/httpsig v1.2.3 h1:xb0YyWhkYj57SPtfSttIobJUPJZB9as1nsfo7KWVcEs= github.com/42wim/httpsig v1.2.3/go.mod h1:nZq9OlYKDrUBhptd77IHx4/sZZD+IxTBADvAPI9G/EM= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA= github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs= github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OvyFlash/telegram-bot-api v0.0.0-20241219171906-3f2ca0c14ada h1:5ZtieioZyyfiJsGvjpj3d5Eso/3YjJJhNQ1M8at5U5k= github.com/OvyFlash/telegram-bot-api v0.0.0-20241219171906-3f2ca0c14ada/go.mod h1:2nRUdsKyWhvezqW/rBGWEQdcTQeTtnbSNd2dgx76WYA= github.com/PagerDuty/go-pagerduty v1.8.0 h1:MTFqTffIcAervB83U7Bx6HERzLbyaSPL/+oxH3zyluI= github.com/PagerDuty/go-pagerduty v1.8.0/go.mod h1:nzIeAqyFSJAFkjWKvMzug0JtwDg+V+UoCWjFrfFH5mI= github.com/ProtonMail/go-crypto v1.4.1 h1:9RfcZHqEQUvP8RzecWEUafnZVtEvrBVL9BiF67IQOfM= github.com/ProtonMail/go-crypto v1.4.1/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo= github.com/ProtonMail/gopenpgp/v3 v3.4.0 h1:WW0VK+mZjbu5SqhWNm58TYKFxyvduiUHTfyIKs60dgY= github.com/ProtonMail/gopenpgp/v3 v3.4.0/go.mod h1:bGdV9f6edhmd581wzXsQCTKdH8bXBbyhkgDKPjwPc6U= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20240116134246-a8cbe886bab0 h1:ztLQGVQsey3BjCoh0TvHc/iKTQmkio2OmsIxhuu+EeY= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20240116134246-a8cbe886bab0/go.mod h1:rjP7sIipbZcagro/6TCk6X0ZeFT2eyudH5+fve/cbBA= github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alicebob/miniredis/v2 v2.35.0 h1:QwLphYqCEAo1eu1TqPRN2jgVMPBweeQcR21jeqDCONI= github.com/alicebob/miniredis/v2 v2.35.0/go.mod h1:TcL7YfarKPGDAthEtl5NBeHZfeUQj6OXMm/+iu5cLMM= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= github.com/argoproj/argo-cd/v3 v3.3.6 h1:eaWeTkM5EdDHSD3seySuxmbBY38UHjZfRJUPRBccGcY= github.com/argoproj/argo-cd/v3 v3.3.6/go.mod h1:jNt8U5uib3bZWtKc4c0L9OsvgkYVOA0HtcRppVcp1oM= github.com/argoproj/gitops-engine v0.7.1-0.20251217140045-5baed5604d2d h1:iUJYrbSvpV9n8vyl1sBt1GceM60HhHfnHxuzcm5apDg= github.com/argoproj/gitops-engine v0.7.1-0.20251217140045-5baed5604d2d/go.mod h1:PauXVUVcfiTgC+34lDdWzPS101g4NpsUtDAjFBnWf94= github.com/argoproj/notifications-engine v0.5.1-0.20260119155007-a23b5827d630 h1:naE5KNRTOALjF5nVIGUHrHU5xjlB8QJJiCu+aISIlSs= github.com/argoproj/notifications-engine v0.5.1-0.20260119155007-a23b5827d630/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE= github.com/argoproj/pkg v0.13.6 h1:36WPD9MNYECHcO1/R1pj6teYspiK7uMQLCgLGft2abM= github.com/argoproj/pkg v0.13.6/go.mod h1:I698DoJBKuvNFaixh4vFl2C88cNIT1WS7KCbz5ewyF8= github.com/argoproj/pkg/v2 v2.0.1 h1:O/gCETzB/3+/hyFL/7d/VM/6pSOIRWIiBOTb2xqAHvc= github.com/argoproj/pkg/v2 v2.0.1/go.mod h1:sdifF6sUTx9ifs38ZaiNMRJuMpSCBB9GulHfbPgQeRE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.44.39/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM= github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg= github.com/aws/aws-sdk-go-v2/config v1.29.9 h1:Kg+fAYNaJeGXp1vmjtidss8O2uXIsXwaRqsQJKXVr+0= github.com/aws/aws-sdk-go-v2/config v1.29.9/go.mod h1:oU3jj2O53kgOU4TXq/yipt6ryiooYjlkqqVaZk7gY/U= github.com/aws/aws-sdk-go-v2/credentials v1.17.62 h1:fvtQY3zFzYJ9CfixuAQ96IxDrBajbBWGqjNTCa79ocU= github.com/aws/aws-sdk-go-v2/credentials v1.17.62/go.mod h1:ElETBxIQqcxej++Cs8GyPBbgMys5DgQPTwo7cUPDKt8= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.1 h1:ZtgZeMPJH8+/vNs9vJFFLI0QEzYbcN0p7x1/FFwyROc= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.1/go.mod h1:Bar4MrRxeqdn6XIh8JGfiXuFRmyrrsZNTJotxEJmWW0= github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 h1:8JdC7Gr9NROg1Rusk25IcZeTO59zLxsKgE0gkh5O6h0= github.com/aws/aws-sdk-go-v2/service/sso v1.25.1/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1 h1:KwuLovgQPcdjNMfFt9OhUd9a2OwcOKhxfvF4glTzLuA= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 h1:PZV5W8yk4OtH1JAuhV2PXwwO9v5G5Aoj+eMCn4T+1Kc= github.com/aws/aws-sdk-go-v2/service/sts v1.33.17/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE= github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bombsimon/logrusr/v4 v4.1.0 h1:uZNPbwusB0eUXlO8hIUwStE6Lr5bLN6IgYgG+75kuh4= github.com/bombsimon/logrusr/v4 v4.1.0/go.mod h1:pjfHC5e59CvjTBIU3V3sGhFWFAnsnhOR03TRc6im0l8= github.com/bradleyfalzon/ghinstallation/v2 v2.17.0 h1:SmbUK/GxpAspRjSQbB6ARvH+ArzlNzTtHydNyXUQ6zg= github.com/bradleyfalzon/ghinstallation/v2 v2.17.0/go.mod h1:vuD/xvJT9Y+ZVZRv4HQ42cMyPFIYqpc7AbB4Gvt/DlY= github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs= github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c= github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA= github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.135.0 h1:6BLkMQiGotYyS5yYeWgW19vxqugUlvHFkFiLnLR/bxk= github.com/casbin/casbin/v2 v2.135.0/go.mod h1:FmcfntdXLTcYXv/hxgNntcRPqAbwOG9xsism0yXT+18= github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A= github.com/casbin/govaluate v1.10.0 h1:ffGw51/hYH3w3rZcxO/KcaUIDOLP84w7nsidMVgaDG0= github.com/casbin/govaluate v1.10.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80= github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/chainguard-dev/git-urls v1.0.2 h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ= github.com/chainguard-dev/git-urls v1.0.2/go.mod h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o= github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs= github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs= github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.6.2 h1:hL7VBpHHKzrV5WTfHCaBsgx/HGbBYlgrwvNXEVDYYsQ= github.com/cloudflare/circl v1.6.2/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM= github.com/codeskyblue/go-sh v0.0.0-20190412065543-76bd3d59ff27/go.mod h1:VQx0hjo2oUeQkQUET7wRwradO6f+fN5jzXgB/zROxxE= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/coreos/go-oidc/v3 v3.14.1 h1:9ePWwfdwC4QKRlCXsJGou56adA/owXczOzwKdOumLqk= github.com/coreos/go-oidc/v3 v3.14.1/go.mod h1:HaZ3szPaZ0e4r6ebqvsLWlk2Tn+aejfmrfah6hnSYEU= github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GKorA= github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/cristalhq/jwt/v5 v5.4.0 h1:Wxi1TocFHaijyV608j7v7B9mPc4ZNjvWT3LKBO0d4QI= github.com/cristalhq/jwt/v5 v5.4.0/go.mod h1:+b/BzaCWEpFDmXxspJ5h4SdJ1N/45KMjKOetWzmHvDA= github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE= github.com/desertbit/timer v1.0.1 h1:yRpYNn5Vaaj6QXecdLMPMJsW81JLiI1eokUft5nBmeo= github.com/desertbit/timer v1.0.1/go.mod h1:htRrYeY5V/t4iu1xCJ5XsQvp4xve8QulXXctAzxqcwE= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ= github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/ebitengine/purego v0.10.0 h1:QIw4xfpWT6GWTzaW5XEKy3HXoqrJGx1ijYHzTF0/ISU= github.com/ebitengine/purego v0.10.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o= github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE= github.com/elliotchance/pie/v2 v2.9.1 h1:v7TdC6ZdNZJ1HACofpLXvGKHUk307AjY/bttwDPWKEQ= github.com/elliotchance/pie/v2 v2.9.1/go.mod h1:18t0dgGFH006g4eVdDtWfgFZPQEgl10IoEO8YWEq3Og= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8= github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= github.com/expr-lang/expr v1.17.7 h1:Q0xY/e/2aCIp8g9s/LGvMDCC5PxYlvHgDZRQ4y16JX8= github.com/expr-lang/expr v1.17.7/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4= github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64= github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg= github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0= github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68 h1:iJXWkoIPk3e8RVHhQE/gXfP2TP3OLQ9vVPNSJ+oL6mM= github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68/go.mod h1:bB7XwdZF40tLVnu9n5A9TjI2ddNZtLYImtwYwmcmnRo= github.com/gfleury/go-bitbucket-v1/test/bb-mock-server v0.0.0-20230825095122-9bc1711434ab h1:BeG9dDWckFi/p5Gvqq3wTEDXsUV4G6bdvjEHMOT2B8E= github.com/gfleury/go-bitbucket-v1/test/bb-mock-server v0.0.0-20230825095122-9bc1711434ab/go.mod h1:VssB0kb1cETNaFFC/0mHVCj+7i5TS2xraYq+tl9JLwE= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14= github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM= github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s= github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-openapi/analysis v0.24.1 h1:Xp+7Yn/KOnVWYG8d+hPksOYnCYImE3TieBa7rBOesYM= github.com/go-openapi/analysis v0.24.1/go.mod h1:dU+qxX7QGU1rl7IYhBC8bIfmWQdX4Buoea4TGtxXY84= github.com/go-openapi/errors v0.22.4 h1:oi2K9mHTOb5DPW2Zjdzs/NIvwi2N3fARKaTJLdNabaM= github.com/go-openapi/errors v0.22.4/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk= github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM= github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/jsonreference v0.21.3 h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc= github.com/go-openapi/jsonreference v0.21.3/go.mod h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4= github.com/go-openapi/loads v0.23.2 h1:rJXAcP7g1+lWyBHC7iTY+WAF0rprtM+pm8Jxv1uQJp4= github.com/go-openapi/loads v0.23.2/go.mod h1:IEVw1GfRt/P2Pplkelxzj9BYFajiWOtY2nHZNj4UnWY= github.com/go-openapi/runtime v0.29.2 h1:UmwSGWNmWQqKm1c2MGgXVpC2FTGwPDQeUsBMufc5Yj0= github.com/go-openapi/runtime v0.29.2/go.mod h1:biq5kJXRJKBJxTDJXAa00DOTa/anflQPhT0/wmjuy+0= github.com/go-openapi/spec v0.22.1 h1:beZMa5AVQzRspNjvhe5aG1/XyBSMeX1eEOs7dMoXh/k= github.com/go-openapi/spec v0.22.1/go.mod h1:c7aeIQT175dVowfp7FeCvXXnjN/MrpaONStibD2WtDA= github.com/go-openapi/strfmt v0.25.0 h1:7R0RX7mbKLa9EYCTHRcCuIPcaqlyQiWNPTXwClK0saQ= github.com/go-openapi/strfmt v0.25.0/go.mod h1:nNXct7OzbwrMY9+5tLX4I21pzcmE6ccMGXl3jFdPfn8= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= github.com/go-openapi/swag/conv v0.25.1 h1:+9o8YUg6QuqqBM5X6rYL/p1dpWeZRhoIt9x7CCP+he0= github.com/go-openapi/swag/conv v0.25.1/go.mod h1:Z1mFEGPfyIKPu0806khI3zF+/EUXde+fdeksUl2NiDs= github.com/go-openapi/swag/fileutils v0.25.1 h1:rSRXapjQequt7kqalKXdcpIegIShhTPXx7yw0kek2uU= github.com/go-openapi/swag/fileutils v0.25.1/go.mod h1:+NXtt5xNZZqmpIpjqcujqojGFek9/w55b3ecmOdtg8M= github.com/go-openapi/swag/jsonname v0.25.1 h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU= github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo= github.com/go-openapi/swag/jsonutils v0.25.1 h1:AihLHaD0brrkJoMqEZOBNzTLnk81Kg9cWr+SPtxtgl8= github.com/go-openapi/swag/jsonutils v0.25.1/go.mod h1:JpEkAjxQXpiaHmRO04N1zE4qbUEg3b7Udll7AMGTNOo= github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1 h1:DSQGcdB6G0N9c/KhtpYc71PzzGEIc/fZ1no35x4/XBY= github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1/go.mod h1:kjmweouyPwRUEYMSrbAidoLMGeJ5p6zdHi9BgZiqmsg= github.com/go-openapi/swag/loading v0.25.1 h1:6OruqzjWoJyanZOim58iG2vj934TysYVptyaoXS24kw= github.com/go-openapi/swag/loading v0.25.1/go.mod h1:xoIe2EG32NOYYbqxvXgPzne989bWvSNoWoyQVWEZicc= github.com/go-openapi/swag/mangling v0.25.1 h1:XzILnLzhZPZNtmxKaz/2xIGPQsBsvmCjrJOWGNz/ync= github.com/go-openapi/swag/mangling v0.25.1/go.mod h1:CdiMQ6pnfAgyQGSOIYnZkXvqhnnwOn997uXZMAd/7mQ= github.com/go-openapi/swag/stringutils v0.25.1 h1:Xasqgjvk30eUe8VKdmyzKtjkVjeiXx1Iz0zDfMNpPbw= github.com/go-openapi/swag/stringutils v0.25.1/go.mod h1:JLdSAq5169HaiDUbTvArA2yQxmgn4D6h4A+4HqVvAYg= github.com/go-openapi/swag/typeutils v0.25.1 h1:rD/9HsEQieewNt6/k+JBwkxuAHktFtH3I3ysiFZqukA= github.com/go-openapi/swag/typeutils v0.25.1/go.mod h1:9McMC/oCdS4BKwk2shEB7x17P6HmMmA6dQRtAkSnNb8= github.com/go-openapi/swag/yamlutils v0.25.1 h1:mry5ez8joJwzvMbaTGLhw8pXUnhDK91oSJLDPF1bmGk= github.com/go-openapi/swag/yamlutils v0.25.1/go.mod h1:cm9ywbzncy3y6uPm/97ysW8+wZ09qsks+9RS8fLWKqg= github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= github.com/go-openapi/validate v0.25.1 h1:sSACUI6Jcnbo5IWqbYHgjibrhhmt3vR6lCzKZnmAgBw= github.com/go-openapi/validate v0.25.1/go.mod h1:RMVyVFYte0gbSTaZ0N4KmTn6u/kClvAFp+mAVfS/DQc= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY= github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= github.com/go-playground/webhooks/v6 v6.4.0 h1:KLa6y7bD19N48rxJDHM0DpE3T4grV7GxMy1b/aHMWPY= github.com/go-playground/webhooks/v6 v6.4.0/go.mod h1:5lBxopx+cAJiBI4+kyRbuHrEi+hYRDdRHuRR4Ya5Ums= github.com/go-redis/cache/v9 v9.0.0 h1:0thdtFo0xJi0/WXbRVu8B066z8OvVymXTJGaXrVWnN0= github.com/go-redis/cache/v9 v9.0.0/go.mod h1:cMwi1N8ASBOufbIvk7cdXe2PbPjK/WMRL95FFHWsSgI= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU= github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og= github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= github.com/gobwas/ws v1.2.1 h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk= github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= github.com/gogits/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 h1:04sojTxgYxu1L4Hn7Tgf7UVtIosVa6CuHtvNY+7T1K4= github.com/gogits/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85/go.mod h1:cY2AIrMgHm6oOHmR7jY+9TtjzSjQ3iG7tURJG3Y6XH0= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI= github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo= github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-github/v69 v69.2.0 h1:wR+Wi/fN2zdUx9YxSmYE0ktiX9IAR/BeePzeaUUbEHE= github.com/google/go-github/v69 v69.2.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM= github.com/google/go-github/v75 v75.0.0 h1:k7q8Bvg+W5KxRl9Tjq16a9XEgVY1pwuiG5sIL7435Ic= github.com/google/go-github/v75 v75.0.0/go.mod h1:H3LUJEA1TCrzuUqtdAQniBNwuKiQIqdGKgBo1/M/uqI= github.com/google/go-jsonnet v0.21.0 h1:43Bk3K4zMRP/aAZm9Po2uSEjY6ALCkYUVIcz9HLGMvA= github.com/google/go-jsonnet v0.21.0/go.mod h1:tCGAu8cpUpEZcdGMmdOu37nh8bGgqubhI5v2iSk3KJQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.1-0.20241114170450-2d3c2a9cc518 h1:UBg1xk+oAsIVbFuGg6hdfAm7EvCv3EL80vFxJNsslqw= github.com/google/uuid v1.6.1-0.20241114170450-2d3c2a9cc518/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q= github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4 h1:4EZlYQIiyecYJlUbVkFXCXHz1QPhVXcHnQKAzBTPfQo= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4/go.mod h1:lEO7XoHJ/xNRBCxrn4h/CEB67h0kW1B0t4ooP2yrjUA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= github.com/gosimple/slug v1.15.0 h1:wRZHsRrRcs6b0XnxMUBM6WK1U1Vg5B0R7VkIf1Xzobo= github.com/gosimple/slug v1.15.0/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ= github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o= github.com/gosimple/unidecode v1.0.1/go.mod h1:CP0Cr1Y1kogOtx0bJblKzsVWrqYaqfNOnHzpgWw4Awc= github.com/gregdel/pushover v1.3.1 h1:4bMLITOZ15+Zpi6qqoGqOPuVHCwSUvMCgVnN5Xhilfo= github.com/gregdel/pushover v1.3.1/go.mod h1:EcaO66Nn1StkpEm1iKtBTV3d2A16SoMsVER1PthX7to= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0 h1:QGLs/O40yoNK9vmy4rhUGBVyMf1lISBGtXRpsu/Qu/o= github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0/go.mod h1:hM2alZsMUni80N33RBe6J0e423LB+odMj7d3EMP9l20= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 h1:B+8ClL/kCQkRiU82d9xajRPKYMrB7E0MbtzWVi1K4ns= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3/go.mod h1:NbCUVmiS4foBGBHOYlCT25+YmGpJ32dZPi75pGEUpj4= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.5.0 h1:EkQ/v+dDNUqnuVpmS5fPqyY71NXVgT5gf32+57xY8g0= github.com/hashicorp/go-cty v1.5.0/go.mod h1:lFUCG5kd8exDobgSfyj4ONE/dc822kiYMguVKdHGMLM= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA= github.com/hashicorp/go-plugin v1.7.0/go.mod h1:BExt6KEaIYx804z8k4gRzRLEvxKVb+kn0NMcihqOqb8= github.com/hashicorp/go-retryablehttp v0.5.1/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48= github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4= github.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hc-install v0.9.3 h1:1H4dgmgzxEVwT6E/d/vIL5ORGVKz9twRwDw+qA5Hyho= github.com/hashicorp/hc-install v0.9.3/go.mod h1:FQlQ5I3I/X409N/J1U4pPeQQz1R3BoV0IysB7aiaQE0= github.com/hashicorp/hcl/v2 v2.24.0 h1:2QJdZ454DSsYGoaE6QheQZjtKZSUs9Nh2izTWiwQxvE= github.com/hashicorp/hcl/v2 v2.24.0/go.mod h1:oGoO1FIQYfn/AgyOhlg9qLC6/nOJPX3qGbkZpYAcqfM= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/terraform-exec v0.25.0 h1:Bkt6m3VkJqYh+laFMrWIpy9KHYFITpOyzRMNI35rNaY= github.com/hashicorp/terraform-exec v0.25.0/go.mod h1:dl9IwsCfklDU6I4wq9/StFDp7dNbH/h5AnfS1RmiUl8= github.com/hashicorp/terraform-json v0.27.2 h1:BwGuzM6iUPqf9JYM/Z4AF1OJ5VVJEEzoKST/tRDBJKU= github.com/hashicorp/terraform-json v0.27.2/go.mod h1:GzPLJ1PLdUG5xL6xn1OXWIjteQRT2CNT9o/6A9mi9hE= github.com/hashicorp/terraform-plugin-framework v1.19.0 h1:q0bwyhxAOR3vfdgbk9iplv3MlTv/dhBHTXjQOtQDoBA= github.com/hashicorp/terraform-plugin-framework v1.19.0/go.mod h1:YRXOBu0jvs7xp4AThBbX4mAzYaMJ1JgtFH//oGKxwLc= github.com/hashicorp/terraform-plugin-framework-validators v0.19.0 h1:Zz3iGgzxe/1XBkooZCewS0nJAaCFPFPHdNJd8FgE4Ow= github.com/hashicorp/terraform-plugin-framework-validators v0.19.0/go.mod h1:GBKTNGbGVJohU03dZ7U8wHqc2zYnMUawgCN+gC0itLc= github.com/hashicorp/terraform-plugin-go v0.31.0 h1:0Fz2r9DQ+kNNl6bx8HRxFd1TfMKUvnrOtvJPmp3Z0q8= github.com/hashicorp/terraform-plugin-go v0.31.0/go.mod h1:A88bDhd/cW7FnwqxQRz3slT+QY6yzbHKc6AOTtmdeS8= github.com/hashicorp/terraform-plugin-log v0.10.0 h1:eu2kW6/QBVdN4P3Ju2WiB2W3ObjkAsyfBsL3Wh1fj3g= github.com/hashicorp/terraform-plugin-log v0.10.0/go.mod h1:/9RR5Cv2aAbrqcTSdNmY1NRHP4E3ekrXRGjqORpXyB0= github.com/hashicorp/terraform-plugin-mux v0.23.0 h1:YEjYA6kle7vJrVWS+WgyrFoYzUnOCJQ0kwGAJ61X9aE= github.com/hashicorp/terraform-plugin-mux v0.23.0/go.mod h1:IwuivHNfDVeuDbVvg6fnAYEEEVx881STwJHsl/00UkQ= github.com/hashicorp/terraform-plugin-sdk/v2 v2.40.0 h1:MKS/2URqeJRwJdbOfcbdsZCq/IRrNkqJNN0GtVIsuGs= github.com/hashicorp/terraform-plugin-sdk/v2 v2.40.0/go.mod h1:PuG4P97Ju3QXW6c6vRkRadWJbvnEu2Xh+oOuqcYOqX4= github.com/hashicorp/terraform-plugin-testing v1.15.0 h1:/fimKyl0YgD7aAtJkuuAZjwBASXhCIwWqMbDLnKLMe4= github.com/hashicorp/terraform-plugin-testing v1.15.0/go.mod h1:bGXMw7bE95EiZhSBV3rM2W8TiffaPTDuLS+HFI/lIYs= github.com/hashicorp/terraform-registry-address v0.4.0 h1:S1yCGomj30Sao4l5BMPjTGZmCNzuv7/GDTDX99E9gTk= github.com/hashicorp/terraform-registry-address v0.4.0/go.mod h1:LRS1Ay0+mAiRkUyltGT+UHWkIqTFvigGn/LbMshfflE= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= github.com/hashicorp/yamux v0.1.2 h1:XtB8kyFOyHXYVFnwT5C3+Bdo8gArse7j2AQ0DA0Uey8= github.com/hashicorp/yamux v0.1.2/go.mod h1:C+zze2n6e/7wshOZep2A70/aQU6QBRWJO/G6FT1wIns= github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/improbable-eng/grpc-web v0.15.1-0.20230209220825-1d9bbb09a099 h1:k07oXM8RqIaaSEF09Frr/iRMlwx2qvx6vRo2XuPIeW8= github.com/improbable-eng/grpc-web v0.15.1-0.20230209220825-1d9bbb09a099/go.mod h1:Vkb7Iy2LTlRGIAubpODgfeKPzu8nsh1gO+vvZAiZrcs= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/itchyny/gojq v0.12.18 h1:gFGHyt/MLbG9n6dqnvlliiya2TaMMh6FFaR2b1H6Drc= github.com/itchyny/gojq v0.12.18/go.mod h1:4hPoZ/3lN9fDL1D+aK7DY1f39XZpY9+1Xpjz8atrEkg= github.com/itchyny/timefmt-go v0.1.7 h1:xyftit9Tbw+Dc/huSSPJaEmX1TVL8lw5vxjJLK4GMMA= github.com/itchyny/timefmt-go v0.1.7/go.mod h1:5E46Q+zj7vbTgWY8o5YkMeYb4I6GeWLFnetPy5oBrAI= github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2A= github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0= github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jeremywohl/flatten v1.0.2-0.20211013061545-07e4a09fb8e4 h1:4mRgApcowAtxNLwOQ93jhHMLFgkX2D5yM53mtZSk6Nw= github.com/jeremywohl/flatten v1.0.2-0.20211013061545-07e4a09fb8e4/go.mod h1:4AmD/VxjWcI5SRB0n6szE2A6s2fsNHDLO0nAlMHgfLQ= github.com/jhump/protoreflect v1.17.0 h1:qOEr613fac2lOuTgWN4tPAtLL7fUSbuJL5X5XumQh94= github.com/jhump/protoreflect v1.17.0/go.mod h1:h9+vUUL38jiBzck8ck+6G/aeMX8Z4QUY/NiJPwPNi+8= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I= github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU= github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE= github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/ktrysmt/go-bitbucket v0.9.88 h1:XBjYui83tW2puG7f2GvYSAMMKIPfhpeoLCVfEJx3KVM= github.com/ktrysmt/go-bitbucket v0.9.88/go.mod h1:fx6zdyKEyiNfR9VW0npWD6ugoSUsp8JLXGyqna8bHkc= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/lusis/go-slackbot v0.0.0-20180109053408-401027ccfef5/go.mod h1:c2mYKRyMb1BPkO5St0c/ps62L4S0W2NAkaTXj9qEI+0= github.com/lusis/slack-test v0.0.0-20190426140909-c40012f20018/go.mod h1:sFlOUpQL1YcjhFVXhg1CG8ZASEs/Mf1oVb6H75JL/zg= github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE= github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailgun/mailgun-go v2.0.0+incompatible/go.mod h1:NWTyU+O4aczg/nsGhQnvHL6v2n5Gy6Sv5tNDVvC6FbU= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.1-0.20241014080628-3045bdf43455 h1:7rDE4oHmFDgf+4fqnT5vztz7Bmcos1tr17VisCXgs/o= github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.1-0.20241014080628-3045bdf43455/go.mod h1:mDunUZ1IUJdJIRHvFb+LPBUtxe3AYB5MI6BMXNg8194= github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw= github.com/minio/minio-go/v7 v7.0.29/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0Vb75Xk5yYg= github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/go-archive v0.2.0 h1:zg5QDUM2mi0JIM9fdQZWC7U8+2ZfixfTYoHL7rWUcP8= github.com/moby/go-archive v0.2.0/go.mod h1:mNeivT14o8xU+5q1YnNrkQVpK+dnNe/K6fHqnTg4qPU= github.com/moby/moby/api v1.54.1 h1:TqVzuJkOLsgLDDwNLmYqACUuTehOHRGKiPhvH8V3Nn4= github.com/moby/moby/api v1.54.1/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= github.com/moby/moby/client v0.4.0 h1:S+2XegzHQrrvTCvF6s5HFzcrywWQmuVnhOXe2kiWjIw= github.com/moby/moby/client v0.4.0/go.mod h1:QWPbvWchQbxBNdaLSpoKpCdf5E+WxFAgNHogCWDoa7g= github.com/moby/patternmatcher v0.6.1 h1:qlhtafmr6kgMIJjKJMDmMWq7WLkKIo23hsrpR3x084U= github.com/moby/patternmatcher v0.6.1/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs= github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/grpc-proxy v0.0.0-20181017164139-0f1106ef9c76/go.mod h1:x5OoJHDHqxHS801UIuhqGl6QdSAEJvtausosHSdazIo= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nlopes/slack v0.5.0/go.mod h1:jVI4BBK3lSktibKahxBF74txcK2vyvkza1z/+rRnVAM= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852/go.mod h1:eqOVx5Vwu4gd2mmMZvVZsgIqNSaW3xxRThUJ0k/TPk4= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw= github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= github.com/onsi/ginkgo/v2 v2.9.1/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo= github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= github.com/onsi/gomega v1.25.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw= github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw= github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ= github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opsgenie/opsgenie-go-sdk-v2 v1.2.23 h1:EFOD/cRfMeq+PCibHddoRTXu8CTN1m8Oj1Tk6eoz8Dw= github.com/opsgenie/opsgenie-go-sdk-v2 v1.2.23/go.mod h1:1BK0BG3Mz//zeujilvvu3GJ0jnyZwFdT9XjznoPv6kk= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible h1:IWzUvJ72xMjmrjR9q3H1PF+jwdN0uNQiR2t1BLNalyo= github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU= github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs= github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= github.com/r3labs/diff/v3 v3.0.2 h1:yVuxAY1V6MeM4+HNur92xkS39kB/N+cFi2hMkY06BbA= github.com/r3labs/diff/v3 v3.0.2/go.mod h1:Cy542hv0BAEmhDYWtGxXRQ4kqRsVIcEjG9gChUlTmkw= github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wOA69Cd2Meli5mmA= github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI= github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw= github.com/robfig/cron/v3 v3.0.2-0.20210106135023-bc59245fe10e h1:0xChnl3lhHiXbgSJKgChye0D+DvoItkOdkGcwelDXH0= github.com/robfig/cron/v3 v3.0.2-0.20210106135023-bc59245fe10e/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA= github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shirou/gopsutil/v4 v4.26.3 h1:2ESdQt90yU3oXF/CdOlRCJxrP+Am1aBYubTMTfxJ1qc= github.com/shirou/gopsutil/v4 v4.26.3/go.mod h1:LZ6ewCSkBqUpvSOf+LsTGnRinC6iaNUNMGBtDkJBaLQ= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w= github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8= github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY= github.com/slack-go/slack v0.16.0 h1:khp/WCFv+Hb/B/AJaAwvcxKun0hM6grN0bUZ8xG60P8= github.com/slack-go/slack v0.16.0/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190731233626-505e41936337/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sony/sonyflake v1.0.0 h1:MpU6Ro7tfXwgn2l5eluf9xQvQJDROTBImNCfRXn/YeM= github.com/sony/sonyflake v1.0.0/go.mod h1:Jv3cfhf/UFtolOTTRd3q4Nl6ENqM+KfyZ5PseKfZGF4= github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4= github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/testcontainers/testcontainers-go v0.42.0 h1:He3IhTzTZOygSXLJPMX7n44XtK+qhjat1nI9cneBbUY= github.com/testcontainers/testcontainers-go v0.42.0/go.mod h1:vZjdY1YmUA1qEForxOIOazfsrdyORJAbhi0bp8plN30= github.com/testcontainers/testcontainers-go/modules/k3s v0.42.0 h1:bTVmcnYaSHesN6HXXxV/k0+BMkyfo3VBy4w4yRqOIgE= github.com/testcontainers/testcontainers-go/modules/k3s v0.42.0/go.mod h1:2O8+V4WzMb/bjg/Sez+aYci9LpGUbT5cSz7ildfTIb8= github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA= github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI= github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw= github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ= github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo= github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= github.com/vmihailenco/go-tinylfu v0.2.2 h1:H1eiG6HM36iniK6+21n9LLpzx1G9R3DJa2UjUjbynsI= github.com/vmihailenco/go-tinylfu v0.2.2/go.mod h1:CutYi2Q9puTxfcolkliPq4npPuofg9N9t8JVrjzwa3Q= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack/v5 v5.3.4/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc= github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8= github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= github.com/zclconf/go-cty v1.17.0 h1:seZvECve6XX4tmnvRzWtJNHdscMtYEx5R7bnnVyd/d0= github.com/zclconf/go-cty v1.17.0/go.mod h1:wqFzcImaLTI6A5HfsRwB0nj5n0MRZFwmey8YoFPPs3U= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= gitlab.com/gitlab-org/api/client-go v1.8.1 h1:YQyAh2Gd+NzcbRWWgDIi/pX0wLlm7QEZWtc0FikQRs4= gitlab.com/gitlab-org/api/client-go v1.8.1/go.mod h1:tVIvZPcBPFPGYtLZOUIUafaZMmomCS0W81eACbn4Egw= go.mongodb.org/mongo-driver v1.17.6 h1:87JUG1wZfWsr6rIz3ZmpH90rL5tea7O3IHuSwHUpsss= go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 h1:YH4g8lQroajqUwWbq/tr2QX1JFmEXaDLgG+ew9bLMWo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0/go.mod h1:fvPi2qXDqFs8M4B4fmJhE92TyQs9Ydjlg3RvfUp+NbQ= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= go.opentelemetry.io/otel v1.41.0 h1:YlEwVsGAlCvczDILpUXpIpPSL/VPugt7zHThEMLce1c= go.opentelemetry.io/otel v1.41.0/go.mod h1:Yt4UwgEKeT05QbLwbyHXEwhnjxNO6D8L5PQP51/46dE= go.opentelemetry.io/otel/metric v1.41.0 h1:rFnDcs4gRzBcsO9tS8LCpgR0dxg4aaxWlJxCno7JlTQ= go.opentelemetry.io/otel/metric v1.41.0/go.mod h1:xPvCwd9pU0VN8tPZYzDZV/BMj9CM9vs00GuBjeKhJps= go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE= go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= go.opentelemetry.io/otel/trace v1.41.0 h1:Vbk2co6bhj8L59ZJ6/xFTskY+tGAbOnCtQGVVa9TIN0= go.opentelemetry.io/otel/trace v1.41.0/go.mod h1:U1NU4ULCoxeDKc09yCWdWe+3QoyweJcISEVa1RBzOis= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190422183909-d864b10871cd/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/exp v0.0.0-20250813145105-42675adae3e6 h1:SbTAbRFnd5kjQXbczszQ0hdk3ctwYf3qBNH9jIsGclE= golang.org/x/exp v0.0.0-20250813145105-42675adae3e6/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 h1:juzzlx91nWAOsHuOVfXZPMXHtJEKouZvY9bBbwlOeYs= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45/go.mod h1:41y72mzHT7+jFNgyBpJRrZWuZJcLmLrTpq6iGgOFJMQ= gomodules.xyz/notify v0.1.1 h1:1tTuoyswmPvzqPCTEDQK8SZ3ukCxLsonAAwst2+y1a0= gomodules.xyz/notify v0.1.1/go.mod h1:QgQyU4xEA/plJcDeT66J2Go2V7U4c0pD9wjo7HfFil4= gomodules.xyz/version v0.1.0/go.mod h1:Y8xuV02mL/45psyPKG3NCVOwvAOy6T5Kx0l3rCjKSjU= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= google.golang.org/api v0.223.0 h1:JUTaWEriXmEy5AhvdMgksGGPEFsYfUKaPEYXd4c3Wvc= google.golang.org/api v0.223.0/go.mod h1:C+RS7Z+dDwds2b+zoAk5hN/eSfsiCn0UDrYof/M4d2M= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE= gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.34.0 h1:L+JtP2wDbEYPUeNGbeSa/5GwFtIA662EmT2YSLOkAVE= k8s.io/api v0.34.0/go.mod h1:YzgkIzOOlhl9uwWCZNqpw6RJy9L2FK4dlJeayUoydug= k8s.io/apiextensions-apiserver v0.34.0 h1:B3hiB32jV7BcyKcMU5fDaDxk882YrJ1KU+ZSkA9Qxoc= k8s.io/apiextensions-apiserver v0.34.0/go.mod h1:hLI4GxE1BDBy9adJKxUxCEHBGZtGfIg98Q+JmTD7+g0= k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= k8s.io/apiserver v0.34.0 h1:Z51fw1iGMqN7uJ1kEaynf2Aec1Y774PqU+FVWCFV3Jg= k8s.io/apiserver v0.34.0/go.mod h1:52ti5YhxAvewmmpVRqlASvaqxt0gKJxvCeW7ZrwgazQ= k8s.io/cli-runtime v0.34.0 h1:N2/rUlJg6TMEBgtQ3SDRJwa8XyKUizwjlOknT1mB2Cw= k8s.io/cli-runtime v0.34.0/go.mod h1:t/skRecS73Piv+J+FmWIQA2N2/rDjdYSQzEE67LUUs8= k8s.io/client-go v0.34.0 h1:YoWv5r7bsBfb0Hs2jh8SOvFbKzzxyNo0nSb0zC19KZo= k8s.io/client-go v0.34.0/go.mod h1:ozgMnEKXkRjeMvBZdV1AijMHLTh3pbACPvK7zFR+QQY= k8s.io/component-base v0.34.0 h1:bS8Ua3zlJzapklsB1dZgjEJuJEeHjj8yTu1gxE2zQX8= k8s.io/component-base v0.34.0/go.mod h1:RSCqUdvIjjrEm81epPcjQ/DS+49fADvGSCkIP3IC6vg= k8s.io/component-helpers v0.34.0 h1:5T7P9XGMoUy1JDNKzHf0p/upYbeUf8ZaSf9jbx0QlIo= k8s.io/component-helpers v0.34.0/go.mod h1:kaOyl5tdtnymriYcVZg4uwDBe2d1wlIpXyDkt6sVnt4= k8s.io/controller-manager v0.34.0 h1:oCHoqS8dcFp7zDSu7HUvTpakq3isSxil3GprGGlJMsE= k8s.io/controller-manager v0.34.0/go.mod h1:XFto21U+Mm9BT8r/Jd5E4tHCGtwjKAUFOuDcqaj2VK0= k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.5.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-aggregator v0.34.0 h1:XE4u+HOYkj0g44sblhTtPv+QyIIK7sJxrIlia0731kE= k8s.io/kube-aggregator v0.34.0/go.mod h1:GIUqdChXVC448Vp2Wgxf0m6fir7Xt3A2TAZcs2JNG1Y= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= k8s.io/kubectl v0.34.0 h1:NcXz4TPTaUwhiX4LU+6r6udrlm0NsVnSkP3R9t0dmxs= k8s.io/kubectl v0.34.0/go.mod h1:bmd0W5i+HuG7/p5sqicr0Li0rR2iIhXL0oUyLF3OjR4= k8s.io/kubernetes v1.34.2 h1:WQdDvYJazkmkwSncgNwGvVtaCt4TYXIU3wSMRgvp3MI= k8s.io/kubernetes v1.34.2/go.mod h1:m6pZk6a179pRo2wsTiCPORJ86iOEQmfIzUvtyEF8BwA= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 h1:RZkKxMR3jbQxdCEcglq3j7wY3PRJIopAwBlx1RE71X0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427/go.mod h1:ivKkcY8Zxw5ba0jldhZCYYQfGdb2K6u9tbYK1AwMIBc= nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk= pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I= sigs.k8s.io/kustomize/api v0.20.1/go.mod h1:t6hUFxO+Ph0VxIk1sKp1WS0dOjbPCtLJ4p8aADLwqjM= sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A78= sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v6 v6.2.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/structured-merge-diff/v6 v6.3.1-0.20251003215857-446d8398e19c h1:RCkxmWwPjOw2O1RiDgBgI6tfISvB07jAh+GEztp7TWk= sigs.k8s.io/structured-merge-diff/v6 v6.3.1-0.20251003215857-446d8398e19c/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= ================================================ FILE: internal/diagnostics/diagnostics.go ================================================ package diagnostics import ( "fmt" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/hashicorp/terraform-plugin-framework/diag" ) func ArgoCDAPIError(action, resource, id string, err error) diag.Diagnostics { var diags diag.Diagnostics diags.AddError(fmt.Sprintf("failed to %s %s %s", action, resource, id), err.Error()) return diags } func Error(summary string, err error) diag.Diagnostics { var diags diag.Diagnostics var detail string if err != nil { detail = err.Error() } diags.AddError(summary, detail) return diags } func FeatureNotSupported(f features.Feature) diag.Diagnostics { var diags diag.Diagnostics fc := features.ConstraintsMap[f] diags.AddError(fmt.Sprintf("%s is only supported from ArgoCD %s onwards", fc.Name, fc.MinVersion.String()), "") return diags } ================================================ FILE: internal/features/features.go ================================================ package features import ( "github.com/Masterminds/semver/v3" ) type Feature int64 const ( ExecLogsPolicy Feature = iota ProjectSourceNamespaces MultipleApplicationSources ApplicationSet ApplicationSetProgressiveSync ManagedNamespaceMetadata ApplicationSetApplicationsSyncPolicy ApplicationSetIgnoreApplicationDifferences ApplicationSetTemplatePatch ApplicationKustomizePatches ProjectDestinationServiceAccounts ProjectFineGrainedPolicy ApplicationSourceName RepositoryDepth ) type FeatureConstraint struct { // Name is a human-readable name for the feature. Name string // MinVersion is the minimum ArgoCD version that supports this feature. MinVersion *semver.Version } var ConstraintsMap = map[Feature]FeatureConstraint{ ExecLogsPolicy: {"exec/logs RBAC policy", semver.MustParse("2.4.4")}, ProjectSourceNamespaces: {"project source namespaces", semver.MustParse("2.5.0")}, MultipleApplicationSources: {"multiple application sources", semver.MustParse("2.6.3")}, // Whilst the feature was introduced in 2.6.0 there was a bug that affects refresh of applications (and hence `wait` within this provider) that was only fixed in https://github.com/argoproj/argo-cd/pull/12576 ApplicationSet: {"application sets", semver.MustParse("2.5.0")}, ApplicationSetProgressiveSync: {"progressive sync (`strategy`)", semver.MustParse("2.6.0")}, ManagedNamespaceMetadata: {"managed namespace metadata", semver.MustParse("2.6.0")}, ApplicationSetApplicationsSyncPolicy: {"application set level application sync policy", semver.MustParse("2.8.0")}, ApplicationSetIgnoreApplicationDifferences: {"application set ignore application differences", semver.MustParse("2.9.0")}, ApplicationSetTemplatePatch: {"application set template patch", semver.MustParse("2.10.0")}, ApplicationKustomizePatches: {"application kustomize patches", semver.MustParse("2.9.0")}, ProjectFineGrainedPolicy: {"fine-grained policy in project", semver.MustParse("2.12.0")}, ApplicationSourceName: {"named application sources", semver.MustParse("2.14.0")}, ProjectDestinationServiceAccounts: {"project destination service accounts", semver.MustParse("2.13.0")}, RepositoryDepth: {"repository shallow clone depth", semver.MustParse("3.3.0")}, } ================================================ FILE: internal/provider/data_source_application.go ================================================ package provider import ( "context" "fmt" "strings" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj/argo-cd/v3/pkg/apiclient/application" "github.com/hashicorp/terraform-plugin-framework/datasource" "github.com/hashicorp/terraform-plugin-framework/datasource/schema" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" ) // Ensure provider defined types fully satisfy framework interfaces. var _ datasource.DataSource = &applicationDataSource{} func NewArgoCDApplicationDataSource() datasource.DataSource { return &applicationDataSource{} } // applicationDataSource defines the data source implementation. type applicationDataSource struct { si *ServerInterface } func (d *applicationDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_application" } func (d *applicationDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Reads an existing ArgoCD application.", Attributes: map[string]schema.Attribute{ "id": schema.StringAttribute{ MarkdownDescription: "ArgoCD application identifier", Computed: true, }, "metadata": objectMetaSchemaAttribute("applications.argoproj.io", true), "spec": applicationSpecSchemaAttribute(true, true), "status": applicationStatusSchemaAttribute(), }, } } func (d *applicationDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) { // Prevent panic if the provider has not been configured. if req.ProviderData == nil { return } si, ok := req.ProviderData.(*ServerInterface) if !ok { resp.Diagnostics.AddError( "Unexpected Provider Data", fmt.Sprintf("Expected *ServerInterface, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } d.si = si } func (d *applicationDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { var data applicationModel // Read Terraform configuration data into the model resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(d.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } id := fmt.Sprintf("%s:%s", data.Metadata.Name.ValueString(), data.Metadata.Namespace.ValueString()) data.ID = types.StringValue(id) // Read application resp.Diagnostics.Append(readApplication(ctx, d.si, &data)...) tflog.Trace(ctx, "read ArgoCD application") // Save data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func readApplication(ctx context.Context, si *ServerInterface, data *applicationModel) (diags diag.Diagnostics) { ids := strings.Split(data.ID.ValueString(), ":") appName := ids[0] namespace := ids[1] apps, err := si.ApplicationClient.List(ctx, &application.ApplicationQuery{ Name: &appName, AppNamespace: &namespace, }) if err != nil { if strings.Contains(err.Error(), "NotFound") { data.ID = types.StringUnknown() return diags } diags.Append(diagnostics.ArgoCDAPIError("read", "application", appName, err)...) return diags } l := len(apps.Items) switch { case l < 1: data.ID = types.StringUnknown() return diags case l == 1: break case l > 1: diags.AddError(fmt.Sprintf("found multiple applications matching name '%s' and namespace '%s'", appName, namespace), "") return diags } app := apps.Items[0] data.Metadata = newObjectMeta(app.ObjectMeta) data.Spec = newApplicationSpec(app.Spec) data.Status = newApplicationStatus(app.Status) return diags } ================================================ FILE: internal/provider/data_source_application_test.go ================================================ package provider import ( "fmt" "testing" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) func TestAccArgoCDApplicationDataSource(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.MultipleApplicationSources) }, Steps: []resource.TestStep{ { ExternalProviders: map[string]resource.ExternalProvider{ "argocd": { VersionConstraint: "~> 5.0", Source: "argoproj-labs/argocd", }, }, Config: ` resource "argocd_project" "foo" { metadata { name = "foo" namespace = "argocd" } spec { description = "project with source namespace" source_repos = ["*"] source_namespaces = ["mynamespace-1"] destination { server = "https://kubernetes.default.svc" namespace = "mynamespace-1" } } } resource "argocd_application" "foo" { metadata { name = "foo" namespace = "mynamespace-1" labels = { acceptance = "true" } } spec { destination { server = "https://kubernetes.default.svc" namespace = "mynamespace-1" } ignore_difference { group = "apps" kind = "Deployment" jq_path_expressions = [".spec.replicas"] json_pointers = ["/spec/replicas"] } info { name = "foo" value = "foo" } project = argocd_project.foo.metadata[0].name revision_history_limit = 1 source { repo_url = "https://opensearch-project.github.io/helm-charts" chart = "opensearch" target_revision = "3.0.0" helm { parameter { name = "replicas" value = "1" } parameter { name = "singleNode" value = "true" } parameter { name = "persistence.enabled" value = "false" } values = <<-EOT extraEnvs: - name: "DISABLE_SECURITY_PLUGIN" value: "true" EOT } } source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "test/e2e/testdata/guestbook" target_revision = "HEAD" } sync_policy { automated { allow_empty = true prune = true self_heal = true } retry { backoff { duration = "30s" factor = "2" max_duration = "2m" } limit = "5" } sync_options = ["ApplyOutOfSyncOnly=true"] } } wait = true } `, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("argocd_application.foo", "metadata.0.uid"), resource.TestCheckResourceAttr("argocd_application.foo", "metadata.0.name", "foo"), resource.TestCheckResourceAttr("argocd_application.foo", "metadata.0.namespace", "mynamespace-1"), resource.TestCheckResourceAttrSet("argocd_application.foo", "metadata.0.labels.%"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.destination.0.server", "https://kubernetes.default.svc"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.destination.0.namespace", "mynamespace-1"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.ignore_difference.0.group", "apps"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.ignore_difference.0.kind", "Deployment"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.ignore_difference.0.jq_path_expressions.0", ".spec.replicas"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.ignore_difference.0.json_pointers.0", "/spec/replicas"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.info.0.name", "foo"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.info.0.value", "foo"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.project", "foo"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.revision_history_limit", "1"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.source.0.repo_url", "https://opensearch-project.github.io/helm-charts"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.source.0.chart", "opensearch"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.source.0.target_revision", "3.0.0"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.source.1.repo_url", "https://github.com/argoproj/argo-cd.git"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.source.1.path", "test/e2e/testdata/guestbook"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.source.1.target_revision", "HEAD"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.sync_policy.0.automated.0.allow_empty", "true"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.sync_policy.0.automated.0.prune", "true"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.sync_policy.0.automated.0.self_heal", "true"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.sync_policy.0.retry.0.backoff.0.duration", "30s"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.sync_policy.0.retry.0.backoff.0.factor", "2"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.sync_policy.0.retry.0.backoff.0.max_duration", "2m"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.sync_policy.0.retry.0.limit", "5"), resource.TestCheckResourceAttr("argocd_application.foo", "spec.0.sync_policy.0.sync_options.0", "ApplyOutOfSyncOnly=true"), ), }, { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: ` data "argocd_application" "foo" { metadata = { name = "foo" namespace = "mynamespace-1" } } `, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("data.argocd_application.foo", "metadata.uid"), resource.TestCheckResourceAttr("data.argocd_application.foo", "metadata.name", "foo"), resource.TestCheckResourceAttr("data.argocd_application.foo", "metadata.namespace", "mynamespace-1"), resource.TestCheckResourceAttrSet("data.argocd_application.foo", "metadata.labels.%"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.destination.server", "https://kubernetes.default.svc"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.destination.namespace", "mynamespace-1"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.ignore_differences.0.group", "apps"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.ignore_differences.0.kind", "Deployment"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.ignore_differences.0.jq_path_expressions.0", ".spec.replicas"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.ignore_differences.0.json_pointers.0", "/spec/replicas"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.info.name", "foo"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.info.value", "foo"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.project", "foo"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.revision_history_limit", "1"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sources.0.repo_url", "https://opensearch-project.github.io/helm-charts"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sources.0.chart", "opensearch"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sources.0.target_revision", "3.0.0"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sources.1.repo_url", "https://github.com/argoproj/argo-cd.git"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sources.1.path", "test/e2e/testdata/guestbook"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sources.1.target_revision", "HEAD"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sync_policy.automated.allow_empty", "true"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sync_policy.automated.prune", "true"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sync_policy.automated.self_heal", "true"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sync_policy.retry.backoff.duration", "30s"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sync_policy.retry.backoff.factor", "2"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sync_policy.retry.backoff.max_duration", "2m"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sync_policy.retry.limit", "5"), resource.TestCheckResourceAttr("data.argocd_application.foo", "spec.sync_policy.sync_options.0", "ApplyOutOfSyncOnly=true"), resource.TestCheckResourceAttrSet("data.argocd_application.foo", "status.conditions.%"), resource.TestCheckResourceAttr("data.argocd_application.foo", "status.health.status", "Healthy"), resource.TestCheckResourceAttrSet("data.argocd_application.foo", "status.operation_state"), resource.TestCheckResourceAttrSet("data.argocd_application.foo", "status.reconciled_at"), resource.TestCheckResourceAttrSet("data.argocd_application.foo", "status.resources.%"), resource.TestCheckResourceAttrSet("data.argocd_application.foo", "status.summary"), resource.TestCheckResourceAttrSet("data.argocd_application.foo", "status.sync"), ), ExpectNonEmptyPlan: true, PlanOnly: true, }, }, }) } func TestAccArgoCDApplicationDataSource_Directory(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { ExternalProviders: map[string]resource.ExternalProvider{ "argocd": { VersionConstraint: "~> 5.0", Source: "argoproj-labs/argocd", }, }, Config: ` resource "argocd_application" "directory" { metadata { name = "directory" namespace = "argocd" } spec { destination { server = "https://kubernetes.default.svc" namespace = "directory" } source { repo_url = "https://github.com/solo-io/gloo" path = "install/helm/gloo" target_revision = "v1.4.2" directory { jsonnet { ext_var { name = "somename" value = "somevalue" code = false } libs = ["vendor", "foo"] tla { name = "yetanothername" value = "yetanothervalue" code = true } } recurse = false } } } } `, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("argocd_application.directory", "metadata.0.uid"), resource.TestCheckResourceAttr("argocd_application.directory", "spec.0.source.0.directory.0.jsonnet.0.ext_var.0.name", "somename"), resource.TestCheckResourceAttr("argocd_application.directory", "spec.0.source.0.directory.0.jsonnet.0.ext_var.0.value", "somevalue"), resource.TestCheckResourceAttr("argocd_application.directory", "spec.0.source.0.directory.0.jsonnet.0.ext_var.0.code", "false"), resource.TestCheckResourceAttr("argocd_application.directory", "spec.0.source.0.directory.0.jsonnet.0.libs.0", "vendor"), resource.TestCheckResourceAttr("argocd_application.directory", "spec.0.source.0.directory.0.jsonnet.0.tla.0.name", "yetanothername"), resource.TestCheckResourceAttr("argocd_application.directory", "spec.0.source.0.directory.0.jsonnet.0.tla.0.value", "yetanothervalue"), resource.TestCheckResourceAttr("argocd_application.directory", "spec.0.source.0.directory.0.jsonnet.0.tla.0.code", "true"), resource.TestCheckResourceAttr("argocd_application.directory", "spec.0.source.0.directory.0.recurse", "false"), ), }, { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: ` data "argocd_application" "directory" { metadata = { name = "directory" } } `, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("data.argocd_application.directory", "metadata.uid"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.jsonnet.0.name", "image.tag"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.jsonnet.ext_vars.0.name", "somename"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.jsonnet.ext_vars.0.value", "somevalue"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.jsonnet.ext_vars.0.code", "false"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.jsonnet.libs.0", "vendor"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.jsonnet.tlas.0.name", "yetanothername"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.jsonnet.tlas.0.value", "yetanothervalue"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.jsonnet.tlas.0.code", "true"), resource.TestCheckResourceAttr("data.argocd_application.directory", "spec.sources.0.directory.recurse", "false"), ), ExpectNonEmptyPlan: true, PlanOnly: true, }, }, }) } func TestAccArgoCDApplicationDataSource_Helm(t *testing.T) { helmValues := ` ingress: enabled: true path: / hosts: - mydomain.example.com annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" labels: {} tls: - secretName: mydomain-tls hosts: - mydomain.example.com ` resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Steps: []resource.TestStep{ { ExternalProviders: map[string]resource.ExternalProvider{ "argocd": { VersionConstraint: "~> 5.0", Source: "argoproj-labs/argocd", }, }, Config: fmt.Sprintf(` resource "argocd_application" "helm" { metadata { name = "helm" namespace = "argocd" } spec { destination { server = "https://kubernetes.default.svc" namespace = "helm" } source { repo_url = "https://kubernetes-sigs.github.io/descheduler" chart = "descheduler" target_revision = "0.33.0" helm { ignore_missing_value_files = true # file_parameter { # name = "foo" # path = "values.yaml" # } parameter { force_string = true name = "image.tag" value = "6.2.5" } pass_credentials = true release_name = "testing" skip_crds = true value_files = ["values.yaml"] values = < 5.0", Source: "argoproj-labs/argocd", }, }, Config: ` resource "argocd_application" "kustomize" { metadata { name = "kustomize" namespace = "argocd" } spec { destination { server = "https://kubernetes.default.svc" namespace = "kustomize" } source { repo_url = "https://github.com/kubernetes-sigs/kustomize" path = "examples/helloWorld" target_revision = "release-kustomize-v3.7" kustomize { common_annotations = { "this.is.a.common" = "anno-tation" } common_labels = { "another.io/one" = "true" } images = ["hashicorp/terraform:light"] name_prefix = "foo-" name_suffix = "-bar" # version = "v4.5.7" } } } } `, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("argocd_application.kustomize", "metadata.0.uid"), resource.TestCheckResourceAttr("argocd_application.kustomize", "metadata.0.name", "kustomize"), resource.TestCheckResourceAttr("argocd_application.kustomize", "metadata.0.namespace", "argocd"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.destination.0.server", "https://kubernetes.default.svc"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.destination.0.namespace", "kustomize"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.repo_url", "https://github.com/kubernetes-sigs/kustomize"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.path", "examples/helloWorld"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.target_revision", "release-kustomize-v3.7"), resource.TestCheckResourceAttrSet("argocd_application.kustomize", "spec.0.source.0.kustomize.0.common_annotations.%"), resource.TestCheckResourceAttrSet("argocd_application.kustomize", "spec.0.source.0.kustomize.0.common_labels.%"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.kustomize.0.images.0", "hashicorp/terraform:light"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.kustomize.0.name_prefix", "foo-"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.kustomize.0.name_suffix", "-bar"), // resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.kustomize.0.version", "v4.5.7"), ), }, { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: ` data "argocd_application" "kustomize" { metadata = { name = "kustomize" } } `, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("data.argocd_application.kustomize", "metadata.uid"), resource.TestCheckResourceAttr("data.argocd_application.kustomize", "metadata.name", "kustomize"), resource.TestCheckResourceAttr("data.argocd_application.kustomize", "metadata.namespace", "argocd"), resource.TestCheckResourceAttr("data.argocd_application.kustomize", "spec.destination.server", "https://kubernetes.default.svc"), resource.TestCheckResourceAttr("data.argocd_application.kustomize", "spec.destination.namespace", "kustomize"), resource.TestCheckResourceAttr("data.argocd_application.kustomize", "spec.sources.0.repo_url", "https://github.com/kubernetes-sigs/kustomize"), resource.TestCheckResourceAttr("data.argocd_application.kustomize", "spec.sources.0.path", "examples/helloWorld"), resource.TestCheckResourceAttr("data.argocd_application.kustomize", "spec.sources.0.target_revision", "release-kustomize-v3.7"), resource.TestCheckResourceAttrSet("argocd_application.kustomize", "spec.0.source.0.kustomize.common_annotations.%"), resource.TestCheckResourceAttrSet("argocd_application.kustomize", "spec.0.source.0.kustomize.common_labels.%"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.kustomize.images.0", "hashicorp/terraform:light"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.kustomize.name_prefix", "foo-"), resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.kustomize.name_suffix", "-bar"), // resource.TestCheckResourceAttr("argocd_application.kustomize", "spec.0.source.0.kustomize.version", "v4.5.7"), ), ExpectNonEmptyPlan: true, PlanOnly: true, }, }, }) } ================================================ FILE: internal/provider/model_application.go ================================================ package provider import ( "github.com/argoproj-labs/terraform-provider-argocd/internal/utils" "github.com/argoproj-labs/terraform-provider-argocd/internal/validators" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/elliotchance/pie/v2" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-framework/types/basetypes" ) type applicationModel struct { ID types.String `tfsdk:"id"` Metadata objectMeta `tfsdk:"metadata"` Spec *applicationSpec `tfsdk:"spec"` Status *applicationStatus `tfsdk:"status"` } type applicationSpec struct { Destination applicationDestination `tfsdk:"destination"` IgnoreDifferences []applicationResourceIgnoreDifferences `tfsdk:"ignore_differences"` Infos []applicationInfo `tfsdk:"infos"` Project types.String `tfsdk:"project"` RevisionHistoryLimit types.Int64 `tfsdk:"revision_history_limit"` Sources []applicationSource `tfsdk:"sources"` SyncPolicy *applicationSyncPolicy `tfsdk:"sync_policy"` } func applicationSpecSchemaAttribute(allOptional, computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "The application specification.", Computed: computed, Required: !computed, Attributes: map[string]schema.Attribute{ "destination": applicationDestinationSchemaAttribute(computed), "ignore_differences": applicationResourceIgnoreDifferencesSchemaAttribute(computed), "infos": applicationInfoSchemaAttribute(computed), "project": schema.StringAttribute{ Computed: computed, Optional: !computed, MarkdownDescription: "The project the application belongs to. Defaults to `default`.", Default: stringdefault.StaticString("default"), }, "revision_history_limit": schema.Int64Attribute{ MarkdownDescription: "Limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10.", Computed: computed, Optional: !computed, }, "sources": applicationSourcesSchemaAttribute(allOptional, computed), "sync_policy": applicationSyncPolicySchemaAttribute(computed), }, } } func newApplicationSpec(as v1alpha1.ApplicationSpec) *applicationSpec { m := &applicationSpec{ Destination: newApplicationDestination(as.Destination), IgnoreDifferences: newApplicationResourceIgnoreDifferences(as.IgnoreDifferences), Infos: newApplicationInfos(as.Info), Project: types.StringValue(as.Project), RevisionHistoryLimit: utils.OptionalInt64(as.RevisionHistoryLimit), SyncPolicy: newApplicationSyncPolicy(as.SyncPolicy), } if as.Source != nil { m.Sources = append(m.Sources, newApplicationSource(*as.Source)) } for _, v := range as.Sources { m.Sources = append(m.Sources, newApplicationSource(v)) } return m } type applicationDestination struct { Server types.String `tfsdk:"server"` Namespace types.String `tfsdk:"namespace"` Name types.String `tfsdk:"name"` } func applicationDestinationSchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Reference to the Kubernetes server and namespace in which the application will be deployed.", Computed: computed, Required: !computed, Attributes: map[string]schema.Attribute{ "server": schema.StringAttribute{ MarkdownDescription: "URL of the target cluster and must be set to the Kubernetes control plane API.", Computed: computed, Optional: !computed, }, "namespace": schema.StringAttribute{ MarkdownDescription: "Target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace.", Computed: computed, Optional: !computed, }, "name": schema.StringAttribute{ MarkdownDescription: "Name of the target cluster. Can be used instead of `server`.", Computed: computed, Optional: !computed, }, }, } } func newApplicationDestination(ad v1alpha1.ApplicationDestination) applicationDestination { return applicationDestination{ Name: types.StringValue(ad.Name), Namespace: types.StringValue(ad.Namespace), Server: types.StringValue(ad.Server), } } type applicationResourceIgnoreDifferences struct { Group types.String `tfsdk:"group"` Kind types.String `tfsdk:"kind"` Name types.String `tfsdk:"name"` Namespace types.String `tfsdk:"namespace"` JsonPointers []types.String `tfsdk:"json_pointers"` JQPathExpressions []types.String `tfsdk:"jq_path_expressions"` } func applicationResourceIgnoreDifferencesSchemaAttribute(computed bool) schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "Resources and their fields which should be ignored during comparison. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/diffing/#application-level-configuration.", Computed: computed, Optional: !computed, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Group to match for.", Computed: computed, Optional: !computed, }, "kind": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Kind to match for.", Computed: computed, Optional: !computed, }, "name": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Name to match for.", Computed: computed, Optional: !computed, }, "namespace": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Namespace to match for.", Computed: computed, Optional: !computed, }, "json_pointers": schema.SetAttribute{ MarkdownDescription: "List of JSONPaths strings targeting the field(s) to ignore.", Computed: computed, Optional: !computed, ElementType: types.StringType, }, "jq_path_expressions": schema.SetAttribute{ MarkdownDescription: "List of JQ path expression strings targeting the field(s) to ignore.", Computed: computed, Optional: !computed, ElementType: types.StringType, }, }, }, } } func newApplicationResourceIgnoreDifferences(diffs []v1alpha1.ResourceIgnoreDifferences) []applicationResourceIgnoreDifferences { if diffs == nil { return nil } ds := make([]applicationResourceIgnoreDifferences, len(diffs)) for i, v := range diffs { ds[i] = applicationResourceIgnoreDifferences{ Group: types.StringValue(v.Group), Kind: types.StringValue(v.Kind), Name: types.StringValue(v.Name), Namespace: types.StringValue(v.Namespace), JsonPointers: pie.Map(v.JSONPointers, types.StringValue), JQPathExpressions: pie.Map(v.JQPathExpressions, types.StringValue), } } return ds } type applicationInfo struct { Name types.String `tfsdk:"name"` Value types.String `tfsdk:"value"` } func applicationInfoSchemaAttribute(computed bool) schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "List of information (URLs, email addresses, and plain text) that relates to the application.", Computed: computed, Optional: !computed, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ MarkdownDescription: "Name of the information.", Computed: computed, Optional: !computed, }, "value": schema.StringAttribute{ MarkdownDescription: "Value of the information.", Computed: computed, Optional: !computed, }, }, }, } } func newApplicationInfos(infos []v1alpha1.Info) []applicationInfo { if infos == nil { return nil } is := make([]applicationInfo, len(infos)) for i, v := range infos { is[i] = applicationInfo{ Name: types.StringValue(v.Name), Value: types.StringValue(v.Value), } } return is } type applicationSource struct { Chart types.String `tfsdk:"chart"` Directory *applicationSourceDirectory `tfsdk:"directory"` Helm *applicationSourceHelm `tfsdk:"helm"` Kustomize *applicationSourceKustomize `tfsdk:"kustomize"` Name types.String `tfsdk:"name"` Path types.String `tfsdk:"path"` Plugin *applicationSourcePlugin `tfsdk:"plugin"` Ref types.String `tfsdk:"ref"` RepoURL types.String `tfsdk:"repo_url"` TargetRevision types.String `tfsdk:"target_revision"` } func applicationSourcesSchemaAttribute(allOptional, computed bool) schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "Location of the application's manifests or chart.", Computed: computed, Required: !computed, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "chart": schema.StringAttribute{ MarkdownDescription: "Helm chart name. Must be specified for applications sourced from a Helm repo.", Computed: computed, Optional: !computed, }, "directory": applicationSourceDirectorySchemaAttribute(computed), "helm": applicationSourceHelmSchemaAttribute(computed), "kustomize": applicationSourceKustomizeSchemaAttribute(computed), "name": schema.StringAttribute{ MarkdownDescription: "Name is used to refer to a source and is displayed in the UI. It is supported in multi-source Applications since version 2.14", Computed: computed, Optional: !computed, }, "path": schema.StringAttribute{ MarkdownDescription: "Directory path within the repository. Only valid for applications sourced from Git.", Computed: computed, Optional: !computed, Default: stringdefault.StaticString("."), }, "plugin": applicationSourcePluginSchemaAttribute(computed), "ref": schema.StringAttribute{ MarkdownDescription: "Reference to another `source` within defined sources. See associated documentation on [Helm value files from external Git repository](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/#helm-value-files-from-external-git-repository) regarding combining `ref` with `path` and/or `chart`.", Computed: computed, Optional: !computed, }, "repo_url": schema.StringAttribute{ MarkdownDescription: "URL to the repository (Git or Helm) that contains the application manifests.", Optional: allOptional && !computed, Required: !allOptional && !computed, Computed: computed, }, "target_revision": schema.StringAttribute{ MarkdownDescription: "Revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version.", Computed: computed, Optional: !computed, }, }, }, } } func newApplicationSource(as v1alpha1.ApplicationSource) applicationSource { return applicationSource{ Chart: types.StringValue(as.Chart), Directory: newApplicationSourceDirectory(as.Directory), Helm: newApplicationSourceHelm(as.Helm), Kustomize: newApplicationSourceKustomize(as.Kustomize), Name: types.StringValue(as.Name), Path: types.StringValue(as.Path), Plugin: newApplicationSourcePlugin(as.Plugin), Ref: types.StringValue(as.Ref), RepoURL: types.StringValue(as.RepoURL), TargetRevision: types.StringValue(as.TargetRevision), } } type applicationSourceDirectory struct { Exclude types.String `tfsdk:"exclude"` Jsonnet applicationSourceJsonnet `tfsdk:"jsonnet"` Include types.String `tfsdk:"include"` Recurse types.Bool `tfsdk:"recurse"` } func applicationSourceDirectorySchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Path/directory specific options.", Computed: computed, Optional: !computed, // TODO: This isn't used at present but we will need to migrate it if we // migrate the ArgoCD application resource. // // DiffSuppressFunc: func(k, // oldValue, newValue string, d *schema.ResourceData) bool { // // Avoid drift when recurse is explicitly set to false // // Also ignore the directory node if both recurse & jsonnet are not set or ignored // if k == "spec.0.source.0.directory.0.recurse" && oldValue == "" && newValue == "false" { // return true // } // if k == "spec.0.source.0.directory.#" { // _, hasRecurse := d.GetOk("spec.0.source.0.directory.0.recurse") // _, hasJsonnet := d.GetOk("spec.0.source.0.directory.0.jsonnet") // if !hasJsonnet && !hasRecurse { // return true // } // } // return false // }, Attributes: map[string]schema.Attribute{ "exclude": schema.StringAttribute{ MarkdownDescription: "Glob pattern to match paths against that should be explicitly excluded from being used during manifest generation. This takes precedence over the `include` field. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}'", Computed: computed, Optional: !computed, }, "include": schema.StringAttribute{ MarkdownDescription: "Glob pattern to match paths against that should be explicitly included during manifest generation. If this field is set, only matching manifests will be included. To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}'", Computed: computed, Optional: !computed, }, "jsonnet": applicationSourceJsonnetSchemaAttribute(computed), "recurse": schema.BoolAttribute{ MarkdownDescription: "Whether to scan a directory recursively for manifests.", Computed: computed, Optional: !computed, }, }, } } func newApplicationSourceDirectory(ad *v1alpha1.ApplicationSourceDirectory) *applicationSourceDirectory { if ad == nil { return nil } return &applicationSourceDirectory{ Exclude: types.StringValue(ad.Exclude), Jsonnet: newApplicationSourceJsonnet(ad.Jsonnet), Include: types.StringValue(ad.Include), Recurse: types.BoolValue(ad.Recurse), } } type applicationSourceJsonnet struct { ExtVars []applicationJsonnetVar `tfsdk:"ext_vars"` Libs []types.String `tfsdk:"libs"` TLAs []applicationJsonnetVar `tfsdk:"tlas"` } func applicationSourceJsonnetSchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Jsonnet specific options.", Computed: computed, Optional: !computed, Attributes: map[string]schema.Attribute{ "ext_vars": schema.ListNestedAttribute{ MarkdownDescription: "List of Jsonnet External Variables.", Computed: computed, Optional: !computed, NestedObject: applicationJsonnetVarSchemaNestedAttributeObject(computed), }, "libs": schema.ListAttribute{ MarkdownDescription: "Additional library search dirs.", Computed: computed, Optional: !computed, ElementType: types.StringType, }, "tlas": schema.ListNestedAttribute{ MarkdownDescription: "List of Jsonnet Top-level Arguments", Computed: computed, Optional: !computed, NestedObject: applicationJsonnetVarSchemaNestedAttributeObject(computed), }, }, } } func newApplicationSourceJsonnet(asj v1alpha1.ApplicationSourceJsonnet) applicationSourceJsonnet { return applicationSourceJsonnet{ ExtVars: newApplicationJsonnetVars(asj.ExtVars), Libs: pie.Map(asj.Libs, types.StringValue), TLAs: newApplicationJsonnetVars(asj.TLAs), } } type applicationJsonnetVar struct { Code types.Bool `tfsdk:"code"` Name types.String `tfsdk:"name"` Value types.String `tfsdk:"value"` } func applicationJsonnetVarSchemaNestedAttributeObject(computed bool) schema.NestedAttributeObject { return schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ MarkdownDescription: "Name of Jsonnet variable.", Computed: computed, Optional: !computed, }, "value": schema.StringAttribute{ MarkdownDescription: "Value of Jsonnet variable.", Computed: computed, Optional: !computed, }, "code": schema.BoolAttribute{ MarkdownDescription: "Determines whether the variable should be evaluated as jsonnet code or treated as string.", Computed: computed, Optional: !computed, }, }, } } func newApplicationJsonnetVars(jvs []v1alpha1.JsonnetVar) []applicationJsonnetVar { if jvs == nil { return nil } vs := make([]applicationJsonnetVar, len(jvs)) for i, v := range jvs { vs[i] = applicationJsonnetVar{ Code: types.BoolValue(v.Code), Name: types.StringValue(v.Name), Value: types.StringValue(v.Value), } } return vs } type applicationSourceHelm struct { FileParameters []applicationHelmFileParameter `tfsdk:"file_parameters"` IgnoreMissingValueFiles types.Bool `tfsdk:"ignore_missing_value_files"` Parameters []applicationHelmParameter `tfsdk:"parameters"` PassCredentials types.Bool `tfsdk:"pass_credentials"` ReleaseName types.String `tfsdk:"release_name"` SkipCRDs types.Bool `tfsdk:"skip_crds"` SkipSchemaValidation types.Bool `tfsdk:"skip_schema_validation"` ValueFiles []types.String `tfsdk:"value_files"` Values types.String `tfsdk:"values"` } func applicationSourceHelmSchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Helm specific options.", Computed: computed, Optional: !computed, Attributes: map[string]schema.Attribute{ "file_parameters": applicationHelmFileParameterSchemaAttribute(computed), "ignore_missing_value_files": schema.BoolAttribute{ MarkdownDescription: "Prevents 'helm template' from failing when `value_files` do not exist locally by not appending them to 'helm template --values'.", Computed: computed, Optional: !computed, }, "parameters": applicationHelmParameterSchemaAttribute(computed), "release_name": schema.StringAttribute{ MarkdownDescription: "Helm release name. If omitted it will use the application name.", Computed: computed, Optional: !computed, }, "skip_crds": schema.BoolAttribute{ MarkdownDescription: "Whether to skip custom resource definition installation step (Helm's [--skip-crds](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/)).", Computed: computed, Optional: !computed, }, "skip_schema_validation": schema.BoolAttribute{ MarkdownDescription: "Whether to skip the schema validation step (Helm's [--skip-schema-validation](https://helm.sh/docs/helm/helm_template/)).", Computed: computed, Optional: !computed, }, "pass_credentials": schema.BoolAttribute{ MarkdownDescription: "If true then adds '--pass-credentials' to Helm commands to pass credentials to all domains.", Computed: computed, Optional: !computed, }, "values": schema.StringAttribute{ MarkdownDescription: "Helm values to be passed to 'helm template', typically defined as a Attribute.", Computed: computed, Optional: !computed, }, "value_files": schema.ListAttribute{ MarkdownDescription: "List of Helm value files to use when generating a template.", Computed: computed, Optional: !computed, ElementType: types.StringType, }, }, } } func newApplicationSourceHelm(ash *v1alpha1.ApplicationSourceHelm) *applicationSourceHelm { if ash == nil { return nil } return &applicationSourceHelm{ FileParameters: newApplicationSourceHelmFileParameters(ash.FileParameters), IgnoreMissingValueFiles: types.BoolValue(ash.IgnoreMissingValueFiles), Parameters: newApplicationSourceHelmParameters(ash.Parameters), PassCredentials: types.BoolValue(ash.PassCredentials), ReleaseName: types.StringValue(ash.ReleaseName), SkipCRDs: types.BoolValue(ash.SkipCrds), SkipSchemaValidation: types.BoolValue(ash.SkipSchemaValidation), ValueFiles: pie.Map(ash.ValueFiles, types.StringValue), Values: types.StringValue(ash.Values), } } type applicationHelmFileParameter struct { Name types.String `tfsdk:"name"` Path types.String `tfsdk:"path"` } func applicationHelmFileParameterSchemaAttribute(computed bool) schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "File parameters for the helm template.", Computed: computed, Optional: !computed, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ MarkdownDescription: "Name of the Helm parameters.", Required: !computed, Computed: computed, }, "path": schema.StringAttribute{ MarkdownDescription: "Path to the file containing the values for the Helm parameters.", Required: !computed, Computed: computed, }, }, }, } } func newApplicationSourceHelmFileParameters(hfps []v1alpha1.HelmFileParameter) []applicationHelmFileParameter { if hfps == nil { return nil } fps := make([]applicationHelmFileParameter, len(hfps)) for i, v := range hfps { fps[i] = applicationHelmFileParameter{ Name: types.StringValue(v.Name), Path: types.StringValue(v.Path), } } return fps } type applicationHelmParameter struct { ForceString types.Bool `tfsdk:"force_string"` Name types.String `tfsdk:"name"` Value types.String `tfsdk:"value"` } func applicationHelmParameterSchemaAttribute(computed bool) schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "Helm parameters which are passed to the helm template command upon manifest generation.", Computed: computed, Optional: !computed, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ MarkdownDescription: "Name of the Helm parameters.", Computed: computed, Optional: !computed, }, "value": schema.StringAttribute{ MarkdownDescription: "Value of the Helm parameters.", Computed: computed, Optional: !computed, }, "force_string": schema.BoolAttribute{ MarkdownDescription: "Determines whether to tell Helm to interpret booleans and numbers as strings.", Computed: computed, Optional: !computed, }, }, }, } } func newApplicationSourceHelmParameters(hps []v1alpha1.HelmParameter) []applicationHelmParameter { if hps == nil { return nil } ps := make([]applicationHelmParameter, len(hps)) for i, v := range hps { ps[i] = applicationHelmParameter{ ForceString: types.BoolValue(v.ForceString), Name: types.StringValue(v.Name), Value: types.StringValue(v.Value), } } return ps } type applicationSourceKustomize struct { CommonAnnotations map[string]types.String `tfsdk:"common_annotations"` CommonLabels map[string]types.String `tfsdk:"common_labels"` Images []types.String `tfsdk:"images"` NamePrefix types.String `tfsdk:"name_prefix"` NameSuffix types.String `tfsdk:"name_suffix"` Version types.String `tfsdk:"version"` } func applicationSourceKustomizeSchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Kustomize specific options.", Computed: computed, Optional: !computed, Attributes: map[string]schema.Attribute{ "name_prefix": schema.StringAttribute{ MarkdownDescription: "Prefix appended to resources for Kustomize apps.", Computed: computed, Optional: !computed, }, "name_suffix": schema.StringAttribute{ MarkdownDescription: "Suffix appended to resources for Kustomize apps.", Computed: computed, Optional: !computed, }, "version": schema.StringAttribute{ MarkdownDescription: "Version of Kustomize to use for rendering manifests.", Computed: computed, Optional: !computed, }, "images": schema.SetAttribute{ MarkdownDescription: "List of Kustomize image override specifications.", Computed: computed, Optional: !computed, ElementType: types.StringType, }, "common_labels": schema.MapAttribute{ MarkdownDescription: "List of additional labels to add to rendered manifests.", Computed: computed, Optional: !computed, ElementType: types.StringType, Validators: []validator.Map{ validators.MetadataLabels(), }, }, "common_annotations": schema.MapAttribute{ MarkdownDescription: "List of additional annotations to add to rendered manifests.", Computed: computed, Optional: !computed, ElementType: types.StringType, Validators: []validator.Map{ validators.MetadataAnnotations(), }, }, }, } } func newApplicationSourceKustomize(ask *v1alpha1.ApplicationSourceKustomize) *applicationSourceKustomize { if ask == nil { return nil } k := &applicationSourceKustomize{ CommonAnnotations: utils.MapMap(ask.CommonAnnotations, types.StringValue), CommonLabels: utils.MapMap(ask.CommonLabels, types.StringValue), NamePrefix: types.StringValue(ask.NamePrefix), NameSuffix: types.StringValue(ask.NameSuffix), Version: types.StringValue(ask.Version), } if ask.Images != nil { k.Images = make([]basetypes.StringValue, len(ask.Images)) for i, v := range ask.Images { k.Images[i] = types.StringValue(string(v)) } } return k } type applicationSourcePlugin struct { Env []applicationEnvEntry `tfsdk:"env"` Name types.String `tfsdk:"name"` Parameters []applicationSourcePluginParameter `tfsdk:"parameters"` } func applicationSourcePluginSchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Config management plugin specific options.", Computed: computed, Optional: !computed, Attributes: map[string]schema.Attribute{ "env": applicationEnvEntriesSchemaAttribute(computed), "name": schema.StringAttribute{ MarkdownDescription: "Name of the plugin. Only set the plugin name if the plugin is defined in `argocd-cm`. If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the Application according to the plugin's discovery rules.", Computed: computed, Optional: !computed, }, "parameters": applicationSourcePluginParametersSchemaAttribute(computed), }, } } func newApplicationSourcePlugin(asp *v1alpha1.ApplicationSourcePlugin) *applicationSourcePlugin { if asp == nil { return nil } return &applicationSourcePlugin{ Env: newApplicationEnvEntries(asp.Env), Name: types.StringValue(asp.Name), Parameters: newApplicationSourcePluginParameters(asp.Parameters), } } type applicationEnvEntry struct { Name types.String `tfsdk:"name"` Value types.String `tfsdk:"value"` } func applicationEnvEntriesSchemaAttribute(computed bool) schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "Environment variables passed to the plugin.", Computed: computed, Optional: !computed, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ MarkdownDescription: "Name of the environment variable.", Computed: computed, Optional: !computed, }, "value": schema.StringAttribute{ MarkdownDescription: "Value of the environment variable.", Computed: computed, Optional: !computed, }, }, }, } } func newApplicationEnvEntries(ees []*v1alpha1.EnvEntry) []applicationEnvEntry { if ees == nil { return nil } var es []applicationEnvEntry for _, v := range ees { if v == nil { continue } es = append(es, applicationEnvEntry{ Name: types.StringValue(v.Name), Value: types.StringValue(v.Value), }) } return es } type applicationSourcePluginParameter struct { Array []types.String `tfsdk:"array"` Map map[string]types.String `tfsdk:"map"` Name types.String `tfsdk:"name"` String types.String `tfsdk:"string"` } func applicationSourcePluginParametersSchemaAttribute(computed bool) schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "Parameters to supply to config management plugin.", Computed: computed, Optional: !computed, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "array": schema.ListAttribute{ MarkdownDescription: "Value of an array type parameters.", Computed: computed, Optional: !computed, ElementType: types.StringType, }, "name": schema.StringAttribute{ MarkdownDescription: "Name identifying a parameters.", Computed: computed, Optional: !computed, }, "map": schema.MapAttribute{ MarkdownDescription: "Value of a map type parameters.", Computed: computed, Optional: !computed, ElementType: types.StringType, }, "string": schema.StringAttribute{ MarkdownDescription: "Value of a string type parameters.", Computed: computed, Optional: !computed, }, }, }, } } func newApplicationSourcePluginParameters(aspps v1alpha1.ApplicationSourcePluginParameters) []applicationSourcePluginParameter { if aspps == nil { return nil } pps := make([]applicationSourcePluginParameter, len(aspps)) for i, v := range aspps { pps[i] = applicationSourcePluginParameter{ Array: pie.Map(v.Array, types.StringValue), Map: utils.MapMap(v.Map, types.StringValue), Name: types.StringValue(v.Name), String: utils.OptionalString(v.String_), } } return pps } type applicationSyncPolicy struct { Automated *applicationSyncPolicyAutomated `tfsdk:"automated"` Retry *applicationRetryStrategy `tfsdk:"retry"` SyncOptions []types.String `tfsdk:"sync_options"` } func applicationSyncPolicySchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Controls when and how a sync will be performed.", Computed: computed, Optional: !computed, Attributes: map[string]schema.Attribute{ "automated": applicationSyncPolicyAutomatedSchemaAttribute(computed), "retry": applicationRetryStrategySchemaAttribute(computed), "sync_options": schema.SetAttribute{ MarkdownDescription: "List of sync options. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/.", Computed: computed, Optional: !computed, ElementType: types.StringType, }, }, } } func newApplicationSyncPolicy(sp *v1alpha1.SyncPolicy) *applicationSyncPolicy { if sp == nil { return nil } return &applicationSyncPolicy{ Automated: newApplicationSyncPolicyAutomated(sp.Automated), Retry: newApplicationRetryStrategy(sp.Retry), SyncOptions: pie.Map(sp.SyncOptions, types.StringValue), } } type applicationSyncPolicyAutomated struct { AllowEmpty types.Bool `tfsdk:"allow_empty"` Prune types.Bool `tfsdk:"prune"` SelfHeal types.Bool `tfsdk:"self_heal"` } func applicationSyncPolicyAutomatedSchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Whether to automatically keep an application synced to the target revision.", Computed: computed, Optional: !computed, Attributes: map[string]schema.Attribute{ "allow_empty": schema.BoolAttribute{ MarkdownDescription: "Allows apps have zero live resources.", Computed: computed, Optional: !computed, }, "prune": schema.BoolAttribute{ MarkdownDescription: "Whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync.", Computed: computed, Optional: !computed, }, "self_heal": schema.BoolAttribute{ MarkdownDescription: "Whether to revert resources back to their desired state upon modification in the cluster.", Computed: computed, Optional: !computed, }, }, } } func newApplicationSyncPolicyAutomated(spa *v1alpha1.SyncPolicyAutomated) *applicationSyncPolicyAutomated { if spa == nil { return nil } return &applicationSyncPolicyAutomated{ AllowEmpty: types.BoolValue(spa.AllowEmpty), Prune: types.BoolValue(spa.Prune), SelfHeal: types.BoolValue(spa.SelfHeal), } } type applicationRetryStrategy struct { Limit types.Int64 `tfsdk:"limit"` Backoff *applicationBackoff `tfsdk:"backoff"` } func applicationRetryStrategySchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Controls failed sync retry behavior.", Computed: computed, Optional: !computed, Attributes: map[string]schema.Attribute{ "backoff": applicationBackoffSchemaAttribute(computed), "limit": schema.Int64Attribute{ MarkdownDescription: "Maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.", Computed: computed, Optional: !computed, }, }, } } func newApplicationRetryStrategy(rs *v1alpha1.RetryStrategy) *applicationRetryStrategy { if rs == nil { return nil } return &applicationRetryStrategy{ Backoff: newApplicationBackoff(rs.Backoff), Limit: types.Int64Value(rs.Limit), } } type applicationBackoff struct { Duration types.String `tfsdk:"duration"` Factor types.Int64 `tfsdk:"factor"` MaxDuration types.String `tfsdk:"max_duration"` } func applicationBackoffSchemaAttribute(computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Controls how to backoff on subsequent retries of failed syncs.", Computed: computed, Optional: !computed, Attributes: map[string]schema.Attribute{ "duration": schema.StringAttribute{ MarkdownDescription: "Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string.", Computed: computed, Optional: !computed, }, "factor": schema.Int64Attribute{ MarkdownDescription: "Factor to multiply the base duration after each failed retry.", Computed: computed, Optional: !computed, }, "max_duration": schema.StringAttribute{ MarkdownDescription: "Maximum amount of time allowed for the backoff strategy. Default unit is seconds, but could also be a duration (e.g. `2m`, `1h`), as a string.", Computed: computed, Optional: !computed, }, }, } } func newApplicationBackoff(b *v1alpha1.Backoff) *applicationBackoff { if b == nil { return nil } return &applicationBackoff{ Duration: types.StringValue(b.Duration), Factor: utils.OptionalInt64(b.Factor), MaxDuration: types.StringValue(b.MaxDuration), } } type applicationStatus struct { Conditions []applicationCondition `tfsdk:"conditions"` Health applicationHealthStatus `tfsdk:"health"` OperationState *applicationOperationState `tfsdk:"operation_state"` ReconciledAt types.String `tfsdk:"reconciled_at"` Resources []applicationResourceStatus `tfsdk:"resources"` Summary applicationSummary `tfsdk:"summary"` Sync applicationSyncStatus `tfsdk:"sync"` } func applicationStatusSchemaAttribute() schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Status information for the application.", Computed: true, Attributes: map[string]schema.Attribute{ "conditions": applicationConditionSchemaAttribute(), "health": applicationHealthStatusSchemaAttribute(), "operation_state": applicationOperationStateSchemaAttribute(), "reconciled_at": schema.StringAttribute{ MarkdownDescription: "When the application state was reconciled using the latest git version.", Computed: true, }, "resources": applicationResourceStatusSchemaAttribute(), "summary": applicationSummarySchemaAttribute(), "sync": applicationSyncStatusSchemaAttribute(), }, } } func newApplicationStatus(as v1alpha1.ApplicationStatus) *applicationStatus { return &applicationStatus{ Conditions: newApplicationConditions(as.Conditions), Health: *newApplicationHealthStatus(&as.Health), OperationState: newApplicationOperationState(as.OperationState), ReconciledAt: types.StringValue(as.ReconciledAt.String()), Resources: newApplicationResourceStatuses(as.Resources), Summary: newApplicationSummary(as.Summary), Sync: newApplicationSyncStatus(as.Sync), } } type applicationCondition struct { Message types.String `tfsdk:"message"` LastTransitionTime types.String `tfsdk:"last_transition_time"` Type types.String `tfsdk:"type"` } func applicationConditionSchemaAttribute() schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "List of currently observed application conditions.", Computed: true, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "message": schema.StringAttribute{ MarkdownDescription: "Human-readable message indicating details about condition.", Computed: true, }, "last_transition_time": schema.StringAttribute{ MarkdownDescription: "The time the condition was last observed.", Computed: true, }, "type": schema.StringAttribute{ MarkdownDescription: "Application condition type.", Computed: true, }, }, }, } } func newApplicationConditions(acs []v1alpha1.ApplicationCondition) []applicationCondition { if acs == nil { return nil } cs := make([]applicationCondition, len(acs)) for i, v := range acs { cs[i] = applicationCondition{ LastTransitionTime: utils.OptionalTimeString(v.LastTransitionTime), Message: types.StringValue(v.Message), Type: types.StringValue(v.Type), } } return cs } type applicationHealthStatus struct { Message types.String `tfsdk:"message"` Status types.String `tfsdk:"status"` } func applicationHealthStatusSchemaAttribute() schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Application's current health status.", Computed: true, Attributes: applicationHealthStatusSchemaAttributes(), } } func applicationHealthStatusSchemaAttributes() map[string]schema.Attribute { return map[string]schema.Attribute{ "message": schema.StringAttribute{ MarkdownDescription: "Human-readable informational message describing the health status.", Computed: true, }, "status": schema.StringAttribute{ MarkdownDescription: "Status code of the application or resource.", Computed: true, }, } } func newHealthStatus(hs *v1alpha1.HealthStatus) *applicationHealthStatus { if hs == nil { return nil } return &applicationHealthStatus{ Message: types.StringValue(hs.Message), Status: types.StringValue(string(hs.Status)), } } func newApplicationHealthStatus(hs *v1alpha1.AppHealthStatus) *applicationHealthStatus { if hs == nil { return nil } return &applicationHealthStatus{ Status: types.StringValue(string(hs.Status)), } } type applicationOperationState struct { FinishedAt types.String `tfsdk:"finished_at"` Message types.String `tfsdk:"message"` Phase types.String `tfsdk:"phase"` RetryCount types.Int64 `tfsdk:"retry_count"` StartedAt types.String `tfsdk:"started_at"` } func applicationOperationStateSchemaAttribute() schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Information about any ongoing operations, such as a sync.", Computed: true, Attributes: map[string]schema.Attribute{ "finished_at": schema.StringAttribute{ MarkdownDescription: "Time of operation completion.", Computed: true, }, "message": schema.StringAttribute{ MarkdownDescription: "Any pertinent messages when attempting to perform operation (typically errors).", Computed: true, }, "phase": schema.StringAttribute{ MarkdownDescription: "The current phase of the operation.", Computed: true, }, "retry_count": schema.Int64Attribute{ MarkdownDescription: "Count of operation retries.", Computed: true, }, "started_at": schema.StringAttribute{ MarkdownDescription: "Time of operation start.", Computed: true, }, }, } } func newApplicationOperationState(os *v1alpha1.OperationState) *applicationOperationState { if os == nil { return nil } return &applicationOperationState{ FinishedAt: utils.OptionalTimeString(os.FinishedAt), Message: types.StringValue(os.Message), Phase: types.StringValue(string(os.Phase)), RetryCount: types.Int64Value(os.RetryCount), StartedAt: types.StringValue(os.StartedAt.String()), } } type applicationResourceStatus struct { Group types.String `tfsdk:"group"` Health *applicationHealthStatus `tfsdk:"health"` Hook types.Bool `tfsdk:"hook"` Kind types.String `tfsdk:"kind"` Name types.String `tfsdk:"name"` Namespace types.String `tfsdk:"namespace"` RequiresPruning types.Bool `tfsdk:"requires_pruning"` Status types.String `tfsdk:"status"` SyncWave types.Int64 `tfsdk:"sync_wave"` Version types.String `tfsdk:"version"` } func applicationResourceStatusSchemaAttribute() schema.Attribute { return schema.ListNestedAttribute{ MarkdownDescription: "List of Kubernetes resources managed by this application.", Computed: true, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Group.", Computed: true, }, "health": schema.SingleNestedAttribute{ MarkdownDescription: "Resource health status.", Computed: true, Attributes: applicationHealthStatusSchemaAttributes(), }, "kind": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Kind.", Computed: true, }, "hook": schema.BoolAttribute{ MarkdownDescription: "Indicates whether or not this resource has a hook annotation.", Computed: true, }, "name": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Name.", Computed: true, }, "namespace": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Namespace.", Computed: true, }, "requires_pruning": schema.BoolAttribute{ MarkdownDescription: "Indicates if the resources requires pruning or not.", Computed: true, }, "status": schema.StringAttribute{ MarkdownDescription: "Resource sync status.", Computed: true, }, "sync_wave": schema.Int64Attribute{ MarkdownDescription: "Sync wave.", Computed: true, }, "version": schema.StringAttribute{ MarkdownDescription: "The Kubernetes resource Version.", Computed: true, }, }, }, } } func newApplicationResourceStatuses(rss []v1alpha1.ResourceStatus) []applicationResourceStatus { if rss == nil { return nil } rs := make([]applicationResourceStatus, len(rss)) for i, v := range rss { rs[i] = applicationResourceStatus{ Group: types.StringValue(v.Group), Health: newHealthStatus(v.Health), Hook: types.BoolValue(v.Hook), Kind: types.StringValue(v.Kind), Name: types.StringValue(v.Name), Namespace: types.StringValue(v.Namespace), RequiresPruning: types.BoolValue(v.RequiresPruning), Status: types.StringValue(string(v.Status)), SyncWave: types.Int64Value(v.SyncWave), Version: types.StringValue(v.Version), } } return rs } type applicationSummary struct { ExternalURLs []types.String `tfsdk:"external_urls"` Images []types.String `tfsdk:"images"` } func applicationSummarySchemaAttribute() schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "List of URLs and container images used by this application.", Computed: true, Attributes: map[string]schema.Attribute{ "external_urls": schema.ListAttribute{ MarkdownDescription: "All external URLs of application child resources.", Computed: true, ElementType: types.StringType, }, "images": schema.ListAttribute{ MarkdownDescription: "All images of application child resources.", Computed: true, ElementType: types.StringType, }, }, } } func newApplicationSummary(as v1alpha1.ApplicationSummary) applicationSummary { return applicationSummary{ ExternalURLs: pie.Map(as.ExternalURLs, types.StringValue), Images: pie.Map(as.Images, types.StringValue), } } type applicationSyncStatus struct { Revisions []types.String `tfsdk:"revisions"` Status types.String `tfsdk:"status"` } func applicationSyncStatusSchemaAttribute() schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Application's current sync status", Computed: true, Attributes: map[string]schema.Attribute{ "revisions": schema.ListAttribute{ MarkdownDescription: "Information about the revision(s) the comparison has been performed to.", Computed: true, ElementType: types.StringType, }, "status": schema.StringAttribute{ MarkdownDescription: "Sync state of the comparison.", Computed: true, }, }, } } func newApplicationSyncStatus(ss v1alpha1.SyncStatus) applicationSyncStatus { ass := applicationSyncStatus{ Status: types.StringValue(string(ss.Status)), } if ss.Revision != "" { ass.Revisions = append(ass.Revisions, types.StringValue(ss.Revision)) } if len(ss.Revisions) > 0 { ass.Revisions = append(ass.Revisions, pie.Map(ss.Revisions, types.StringValue)...) } return ass } ================================================ FILE: internal/provider/model_gpg_key.go ================================================ package provider import ( customtypes "github.com/argoproj-labs/terraform-provider-argocd/internal/types" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/types" ) type gpgKeyModel struct { ID types.String `tfsdk:"id"` PublicKey customtypes.PGPPublicKey `tfsdk:"public_key"` Fingerprint types.String `tfsdk:"fingerprint"` Owner types.String `tfsdk:"owner"` SubType types.String `tfsdk:"sub_type"` Trust types.String `tfsdk:"trust"` } func gpgKeySchemaAttributes() map[string]schema.Attribute { return map[string]schema.Attribute{ "public_key": schema.StringAttribute{ MarkdownDescription: "Raw key data of the GPG key to create", CustomType: customtypes.PGPPublicKeyType, Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "fingerprint": schema.StringAttribute{ MarkdownDescription: "Fingerprint is the fingerprint of the key", Computed: true, }, "id": schema.StringAttribute{ MarkdownDescription: "GPG key identifier", Computed: true, }, "owner": schema.StringAttribute{ MarkdownDescription: "Owner holds the owner identification, e.g. a name and e-mail address", Computed: true, }, "sub_type": schema.StringAttribute{ MarkdownDescription: "SubType holds the key's sub type (e.g. rsa4096)", Computed: true, }, "trust": schema.StringAttribute{ MarkdownDescription: "Trust holds the level of trust assigned to this key", Computed: true, }, } } func newGPGKey(k *v1alpha1.GnuPGPublicKey) *gpgKeyModel { return &gpgKeyModel{ Fingerprint: types.StringValue(k.Fingerprint), ID: types.StringValue(k.KeyID), Owner: types.StringValue(k.Owner), PublicKey: customtypes.PGPPublicKeyValue(k.KeyData), SubType: types.StringValue(k.SubType), Trust: types.StringValue(k.Trust), } } ================================================ FILE: internal/provider/model_metadata.go ================================================ package provider import ( "fmt" "github.com/argoproj-labs/terraform-provider-argocd/internal/utils" "github.com/argoproj-labs/terraform-provider-argocd/internal/validators" "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) type objectMeta struct { Name types.String `tfsdk:"name"` Namespace types.String `tfsdk:"namespace"` Annotations map[string]types.String `tfsdk:"annotations"` Labels map[string]types.String `tfsdk:"labels"` Generation types.Int64 `tfsdk:"generation"` ResourceVersion types.String `tfsdk:"resource_version"` UID types.String `tfsdk:"uid"` } func objectMetaSchemaAttribute(objectName string, computed bool) schema.Attribute { return schema.SingleNestedAttribute{ MarkdownDescription: "Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).", Required: true, Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ MarkdownDescription: fmt.Sprintf("Name of the %s, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", objectName), Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, Validators: []validator.String{ validators.IsDNSSubdomain(), }, }, "namespace": schema.StringAttribute{ MarkdownDescription: fmt.Sprintf("Namespace of the %s, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", objectName), Optional: true, Computed: computed, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, Validators: []validator.String{ validators.IsDNSSubdomain(), }, }, "annotations": schema.MapAttribute{ MarkdownDescription: fmt.Sprintf("An unstructured key value map stored with the %s that may be used to store arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", objectName), Computed: computed, Optional: !computed, ElementType: types.StringType, Validators: []validator.Map{ validators.MetadataAnnotations(), }, }, "labels": schema.MapAttribute{ MarkdownDescription: fmt.Sprintf("Map of string keys and values that can be used to organize and categorize (scope and select) the %s. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", objectName), Computed: computed, Optional: !computed, ElementType: types.StringType, Validators: []validator.Map{ validators.MetadataLabels(), }, }, "generation": schema.Int64Attribute{ MarkdownDescription: "A sequence number representing a specific generation of the desired state.", Computed: true, PlanModifiers: []planmodifier.Int64{ UseUnknownOnUpdateInt64(), }, }, "resource_version": schema.StringAttribute{ MarkdownDescription: fmt.Sprintf("An opaque value that represents the internal version of this %s that can be used by clients to determine when the %s has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", objectName, objectName), Computed: true, PlanModifiers: []planmodifier.String{ UseUnknownOnUpdateString(), }, }, "uid": schema.StringAttribute{ MarkdownDescription: fmt.Sprintf("The unique in time and space value for this %s. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", objectName), Computed: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, }, }, } } func objectMetaSchemaListBlock(objectName string) schema.Block { return schema.ListNestedBlock{ MarkdownDescription: "Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).", Validators: []validator.List{ listvalidator.IsRequired(), listvalidator.SizeAtLeast(1), listvalidator.SizeAtMost(1), }, NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ MarkdownDescription: fmt.Sprintf("Name of the %s, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", objectName), Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, Validators: []validator.String{ validators.IsDNSSubdomain(), }, }, "namespace": schema.StringAttribute{ MarkdownDescription: fmt.Sprintf("Namespace of the %s, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", objectName), Optional: true, Computed: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, Validators: []validator.String{ validators.IsDNSSubdomain(), }, }, "annotations": schema.MapAttribute{ MarkdownDescription: fmt.Sprintf("An unstructured key value map stored with the %s that may be used to store arbitrary metadata. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", objectName), Optional: true, ElementType: types.StringType, Validators: []validator.Map{ validators.MetadataAnnotations(), }, }, "labels": schema.MapAttribute{ MarkdownDescription: fmt.Sprintf("Map of string keys and values that can be used to organize and categorize (scope and select) the %s. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", objectName), Optional: true, ElementType: types.StringType, Validators: []validator.Map{ validators.MetadataLabels(), }, }, "generation": schema.Int64Attribute{ MarkdownDescription: "A sequence number representing a specific generation of the desired state.", Computed: true, PlanModifiers: []planmodifier.Int64{ UseUnknownOnUpdateInt64(), }, }, "resource_version": schema.StringAttribute{ MarkdownDescription: fmt.Sprintf("An opaque value that represents the internal version of this %s that can be used by clients to determine when the %s has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", objectName, objectName), Computed: true, PlanModifiers: []planmodifier.String{ UseUnknownOnUpdateString(), }, }, "uid": schema.StringAttribute{ MarkdownDescription: fmt.Sprintf("The unique in time and space value for this %s. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", objectName), Computed: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, }, }, }, } } func newObjectMeta(om metav1.ObjectMeta) objectMeta { obj := objectMeta{ Annotations: utils.MapMap(om.Annotations, types.StringValue), Labels: utils.MapMap(om.Labels, types.StringValue), Generation: types.Int64Value(om.Generation), Name: types.StringValue(om.Name), ResourceVersion: types.StringValue(om.ResourceVersion), } // Handle namespace if om.Namespace != "" { obj.Namespace = types.StringValue(om.Namespace) } else { obj.Namespace = types.StringNull() } // Handle UID if string(om.UID) != "" { obj.UID = types.StringValue(string(om.UID)) } else { obj.UID = types.StringNull() } return obj } ================================================ FILE: internal/provider/model_project.go ================================================ package provider import ( "github.com/argoproj-labs/terraform-provider-argocd/internal/validators" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" ) type projectModel struct { ID types.String `tfsdk:"id"` Metadata []objectMeta `tfsdk:"metadata"` Spec []projectSpecModel `tfsdk:"spec"` } type projectSpecModel struct { ClusterResourceBlacklist []groupKindModel `tfsdk:"cluster_resource_blacklist"` ClusterResourceWhitelist []groupKindModel `tfsdk:"cluster_resource_whitelist"` Description types.String `tfsdk:"description"` Destination []destinationModel `tfsdk:"destination"` DestinationServiceAccount []destinationServiceAccountModel `tfsdk:"destination_service_account"` NamespaceResourceBlacklist []groupKindModel `tfsdk:"namespace_resource_blacklist"` NamespaceResourceWhitelist []groupKindModel `tfsdk:"namespace_resource_whitelist"` OrphanedResources []orphanedResourcesModel `tfsdk:"orphaned_resources"` Role []projectRoleModel `tfsdk:"role"` SourceRepos []types.String `tfsdk:"source_repos"` SourceNamespaces []types.String `tfsdk:"source_namespaces"` SignatureKeys []types.String `tfsdk:"signature_keys"` SyncWindow []syncWindowModel `tfsdk:"sync_window"` } type groupKindModel struct { Group types.String `tfsdk:"group"` Kind types.String `tfsdk:"kind"` } type destinationModel struct { Server types.String `tfsdk:"server"` Namespace types.String `tfsdk:"namespace"` Name types.String `tfsdk:"name"` } type destinationServiceAccountModel struct { DefaultServiceAccount types.String `tfsdk:"default_service_account"` Namespace types.String `tfsdk:"namespace"` Server types.String `tfsdk:"server"` } type orphanedResourcesModel struct { Warn types.Bool `tfsdk:"warn"` Ignore []orphanedResourcesIgnoreModel `tfsdk:"ignore"` } type orphanedResourcesIgnoreModel struct { Group types.String `tfsdk:"group"` Kind types.String `tfsdk:"kind"` Name types.String `tfsdk:"name"` } type projectRoleModel struct { Description types.String `tfsdk:"description"` Groups []types.String `tfsdk:"groups"` Name types.String `tfsdk:"name"` Policies []types.String `tfsdk:"policies"` JwtTokens []jwtTokenModel `tfsdk:"jwt_tokens"` } type jwtTokenModel struct { ID types.String `tfsdk:"id"` Iat types.Int64 `tfsdk:"iat"` Exp types.Int64 `tfsdk:"exp"` } type syncWindowModel struct { Applications []types.String `tfsdk:"applications"` Clusters []types.String `tfsdk:"clusters"` Duration types.String `tfsdk:"duration"` Kind types.String `tfsdk:"kind"` ManualSync types.Bool `tfsdk:"manual_sync"` Namespaces []types.String `tfsdk:"namespaces"` Schedule types.String `tfsdk:"schedule"` Timezone types.String `tfsdk:"timezone"` UseAndOperator types.Bool `tfsdk:"use_and_operator"` } func projectSchemaBlocks() map[string]schema.Block { return map[string]schema.Block{ "metadata": objectMetaSchemaListBlock("appproject"), "spec": schema.ListNestedBlock{ Description: "ArgoCD AppProject spec.", Validators: []validator.List{ listvalidator.IsRequired(), listvalidator.SizeAtLeast(1), listvalidator.SizeAtMost(1), }, NestedObject: schema.NestedBlockObject{ Attributes: projectSpecSchemaAttributesOnly(), Blocks: projectSpecSchemaBlocks(), }, }, } } func projectSpecSchemaBlocks() map[string]schema.Block { return map[string]schema.Block{ "destination": schema.SetNestedBlock{ Description: "Destinations available for deployment.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "server": schema.StringAttribute{ Description: "URL of the target cluster and must be set to the Kubernetes control plane API.", Optional: true, }, "namespace": schema.StringAttribute{ Description: "Target namespace for applications' resources.", Required: true, }, "name": schema.StringAttribute{ Description: "Name of the destination cluster which can be used instead of server.", Optional: true, }, }, }, }, "cluster_resource_blacklist": schema.SetNestedBlock{ Description: "Blacklisted cluster level resources.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ Description: "The Kubernetes resource Group to match for.", Optional: true, Validators: []validator.String{ validators.GroupNameValidator(), }, }, "kind": schema.StringAttribute{ Description: "The Kubernetes resource Kind to match for.", Optional: true, }, }, }, }, "cluster_resource_whitelist": schema.SetNestedBlock{ Description: "Whitelisted cluster level resources.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ Description: "The Kubernetes resource Group to match for.", Optional: true, Validators: []validator.String{ validators.GroupNameValidator(), }, }, "kind": schema.StringAttribute{ Description: "The Kubernetes resource Kind to match for.", Optional: true, }, }, }, }, "namespace_resource_blacklist": schema.SetNestedBlock{ Description: "Blacklisted namespace level resources.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ Description: "The Kubernetes resource Group to match for.", Optional: true, Validators: []validator.String{ validators.GroupNameValidator(), }, }, "kind": schema.StringAttribute{ Description: "The Kubernetes resource Kind to match for.", Optional: true, }, }, }, }, "namespace_resource_whitelist": schema.SetNestedBlock{ Description: "Whitelisted namespace level resources.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ Description: "The Kubernetes resource Group to match for.", Optional: true, Validators: []validator.String{ validators.GroupNameValidator(), }, }, "kind": schema.StringAttribute{ Description: "The Kubernetes resource Kind to match for.", Optional: true, }, }, }, }, "orphaned_resources": schema.SetNestedBlock{ Description: "Configuration for orphaned resources tracking.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "warn": schema.BoolAttribute{ Description: "Whether a warning condition should be created for apps which have orphaned resources.", Optional: true, }, }, Blocks: map[string]schema.Block{ "ignore": schema.SetNestedBlock{ Description: "List of resources to ignore during orphaned resources detection.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ Description: "The Kubernetes resource Group to match for.", Optional: true, Validators: []validator.String{ validators.GroupNameValidator(), }, }, "kind": schema.StringAttribute{ Description: "The Kubernetes resource Kind to match for.", Optional: true, }, "name": schema.StringAttribute{ Description: "The Kubernetes resource name to match for.", Optional: true, }, }, }, }, }, }, }, "role": schema.SetNestedBlock{ Description: "Project roles.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "The name of the role.", Required: true, }, "description": schema.StringAttribute{ Description: "Description of the role.", Optional: true, }, "policies": schema.ListAttribute{ Description: "List of casbin formatted strings that define access policies for the role in the project. For more information, see the [ArgoCD RBAC reference](https://argoproj.github.io/argo-cd/operator-manual/rbac/#rbac-permission-structure).", Required: true, ElementType: types.StringType, }, "groups": schema.ListAttribute{ Description: "List of OIDC group claims bound to this role.", Optional: true, ElementType: types.StringType, }, "jwt_tokens": schema.SetNestedAttribute{ Description: "List of JWT tokens issued for this role.", Optional: true, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "iat": schema.Int64Attribute{ Description: "Token issued at (timestamp).", Required: true, }, "id": schema.StringAttribute{ Description: "Token identifier.", Optional: true, }, "exp": schema.Int64Attribute{ Description: "Token expiration (timestamp).", Optional: true, }, }, }, }, }, }, }, "destination_service_account": schema.SetNestedBlock{ Description: "Service accounts to be impersonated for the application sync operation for each destination.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "default_service_account": schema.StringAttribute{ Description: "Used for impersonation during the sync operation", Required: true, }, "namespace": schema.StringAttribute{ Description: "Specifies the target namespace for the application's resources.", Optional: true, }, "server": schema.StringAttribute{ Description: "Specifies the URL of the target cluster's Kubernetes control plane API.", Optional: true, }, }, }, }, "sync_window": schema.SetNestedBlock{ Description: "Controls when sync operations are allowed for the project.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "use_and_operator": schema.BoolAttribute{ Description: "Defines if the AND operator should be used among the various conditions for the sync window.", Optional: true, }, "kind": schema.StringAttribute{ Description: "Defines if the window allows or blocks syncs, allowed values are `allow` or `deny`.", Optional: true, Validators: []validator.String{ validators.SyncWindowKindValidator(), }, }, "applications": schema.ListAttribute{ Description: "List of applications that the window will apply to.", Optional: true, ElementType: types.StringType, }, "namespaces": schema.ListAttribute{ Description: "List of namespaces that the window will apply to.", Optional: true, ElementType: types.StringType, }, "clusters": schema.ListAttribute{ Description: " List of clusters that the window will apply to.", Optional: true, ElementType: types.StringType, }, "manual_sync": schema.BoolAttribute{ Description: "Enables manual syncs when they would otherwise be blocked.", Optional: true, }, "schedule": schema.StringAttribute{ Description: "Time the window will begin, specified in cron format.", Optional: true, Validators: []validator.String{ validators.SyncWindowScheduleValidator(), }, }, "duration": schema.StringAttribute{ Description: "Amount of time the sync window will be open.", Optional: true, Validators: []validator.String{ validators.DurationValidator(), }, }, "timezone": schema.StringAttribute{ Description: "Timezone that the schedule will be evaluated in.", Optional: true, Computed: true, Default: stringdefault.StaticString("UTC"), Validators: []validator.String{ validators.SyncWindowTimezoneValidator(), }, }, }, }, }, } } func projectSpecSchemaAttributesOnly() map[string]schema.Attribute { return map[string]schema.Attribute{ "description": schema.StringAttribute{ Description: "Project description.", Optional: true, }, "source_repos": schema.ListAttribute{ Description: "List of repositories from which applications may be created.", Optional: true, ElementType: types.StringType, }, "source_namespaces": schema.SetAttribute{ Description: "List of source namespaces for applications.", Optional: true, ElementType: types.StringType, }, "signature_keys": schema.SetAttribute{ Description: "Signature keys for verifying the integrity of applications.", Optional: true, ElementType: types.StringType, }, } } func newProject(project *v1alpha1.AppProject) *projectModel { p := &projectModel{ Metadata: []objectMeta{newObjectMeta(project.ObjectMeta)}, Spec: []projectSpecModel{newProjectSpec(&project.Spec)}, } return p } func newProjectSpec(spec *v1alpha1.AppProjectSpec) projectSpecModel { ps := projectSpecModel{ Description: types.StringValue(spec.Description), } if spec.Description != "" { ps.Description = types.StringValue(spec.Description) } else { ps.Description = types.StringNull() } // Convert source repos // Check for non-nil to distinguish between unset (nil) and explicitly empty ([]) // This fixes issue #788 where empty lists were incorrectly converted to null if spec.SourceRepos != nil { ps.SourceRepos = make([]types.String, len(spec.SourceRepos)) for i, repo := range spec.SourceRepos { ps.SourceRepos[i] = types.StringValue(repo) } } // Convert signature keys // Check for non-nil to distinguish between unset (nil) and explicitly empty ([]) if spec.SignatureKeys != nil { ps.SignatureKeys = make([]types.String, len(spec.SignatureKeys)) for i, key := range spec.SignatureKeys { ps.SignatureKeys[i] = types.StringValue(key.KeyID) } } // Convert source namespaces // Check for non-nil to distinguish between unset (nil) and explicitly empty ([]) if spec.SourceNamespaces != nil { ps.SourceNamespaces = make([]types.String, len(spec.SourceNamespaces)) for i, ns := range spec.SourceNamespaces { ps.SourceNamespaces[i] = types.StringValue(ns) } } // Convert cluster resource blacklist if len(spec.ClusterResourceBlacklist) > 0 { ps.ClusterResourceBlacklist = make([]groupKindModel, len(spec.ClusterResourceBlacklist)) for i, gk := range spec.ClusterResourceBlacklist { ps.ClusterResourceBlacklist[i] = groupKindModel{ Group: types.StringValue(gk.Group), Kind: types.StringValue(gk.Kind), } } } // Convert cluster resource whitelist if len(spec.ClusterResourceWhitelist) > 0 { ps.ClusterResourceWhitelist = make([]groupKindModel, len(spec.ClusterResourceWhitelist)) for i, gk := range spec.ClusterResourceWhitelist { ps.ClusterResourceWhitelist[i] = groupKindModel{ Group: types.StringValue(gk.Group), Kind: types.StringValue(gk.Kind), } } } // Convert namespace resource blacklist if len(spec.NamespaceResourceBlacklist) > 0 { ps.NamespaceResourceBlacklist = make([]groupKindModel, len(spec.NamespaceResourceBlacklist)) for i, gk := range spec.NamespaceResourceBlacklist { ps.NamespaceResourceBlacklist[i] = groupKindModel{ Group: types.StringValue(gk.Group), Kind: types.StringValue(gk.Kind), } } } // Convert namespace resource whitelist if len(spec.NamespaceResourceWhitelist) > 0 { ps.NamespaceResourceWhitelist = make([]groupKindModel, len(spec.NamespaceResourceWhitelist)) for i, gk := range spec.NamespaceResourceWhitelist { ps.NamespaceResourceWhitelist[i] = groupKindModel{ Group: types.StringValue(gk.Group), Kind: types.StringValue(gk.Kind), } } } // Convert destinations if len(spec.Destinations) > 0 { ps.Destination = make([]destinationModel, len(spec.Destinations)) for i, dest := range spec.Destinations { d := destinationModel{ Namespace: types.StringValue(dest.Namespace), } if dest.Server != "" { d.Server = types.StringValue(dest.Server) } else { d.Server = types.StringNull() } if dest.Name != "" { d.Name = types.StringValue(dest.Name) } else { d.Name = types.StringNull() } ps.Destination[i] = d } } // Convert destination service accounts if len(spec.DestinationServiceAccounts) > 0 { ps.DestinationServiceAccount = make([]destinationServiceAccountModel, len(spec.DestinationServiceAccounts)) for i, dsa := range spec.DestinationServiceAccounts { ps.DestinationServiceAccount[i] = destinationServiceAccountModel{ DefaultServiceAccount: types.StringValue(dsa.DefaultServiceAccount), Namespace: types.StringValue(dsa.Namespace), Server: types.StringValue(dsa.Server), } } } // Convert orphaned resources if spec.OrphanedResources != nil { or := orphanedResourcesModel{ Warn: types.BoolPointerValue(spec.OrphanedResources.Warn), } if len(spec.OrphanedResources.Ignore) > 0 { or.Ignore = make([]orphanedResourcesIgnoreModel, len(spec.OrphanedResources.Ignore)) for i, ignore := range spec.OrphanedResources.Ignore { or.Ignore[i] = orphanedResourcesIgnoreModel{ Group: types.StringValue(ignore.Group), Kind: types.StringValue(ignore.Kind), Name: types.StringValue(ignore.Name), } } } ps.OrphanedResources = []orphanedResourcesModel{or} } // Convert roles if len(spec.Roles) > 0 { ps.Role = make([]projectRoleModel, len(spec.Roles)) for i, role := range spec.Roles { pr := projectRoleModel{ Name: types.StringValue(role.Name), } // Handle description if role.Description != "" { pr.Description = types.StringValue(role.Description) } else { pr.Description = types.StringNull() } // Handle policies if len(role.Policies) > 0 { pr.Policies = make([]types.String, len(role.Policies)) for j, policy := range role.Policies { pr.Policies[j] = types.StringValue(policy) } } // Handle groups if role.Groups != nil { pr.Groups = make([]types.String, len(role.Groups)) for j, group := range role.Groups { pr.Groups[j] = types.StringValue(group) } } // JWT tokens are not managed by the project resource - they are managed by argocd_project_token resources // So we explicitly set them to nil to avoid conflicts and ensure they don't appear in state pr.JwtTokens = nil ps.Role[i] = pr } } // Convert sync windows if len(spec.SyncWindows) > 0 { ps.SyncWindow = make([]syncWindowModel, len(spec.SyncWindows)) for i, sw := range spec.SyncWindows { swm := syncWindowModel{ Duration: types.StringValue(sw.Duration), Kind: types.StringValue(sw.Kind), ManualSync: types.BoolValue(sw.ManualSync), Schedule: types.StringValue(sw.Schedule), Timezone: types.StringValue("UTC"), // Default UseAndOperator: types.BoolValue(sw.UseAndOperator), } if sw.TimeZone != "" { swm.Timezone = types.StringValue(sw.TimeZone) } if sw.Applications != nil { swm.Applications = make([]types.String, len(sw.Applications)) for j, app := range sw.Applications { swm.Applications[j] = types.StringValue(app) } } if sw.Clusters != nil { swm.Clusters = make([]types.String, len(sw.Clusters)) for j, cluster := range sw.Clusters { swm.Clusters[j] = types.StringValue(cluster) } } if sw.Namespaces != nil { swm.Namespaces = make([]types.String, len(sw.Namespaces)) for j, ns := range sw.Namespaces { swm.Namespaces[j] = types.StringValue(ns) } } ps.SyncWindow[i] = swm } } return ps } ================================================ FILE: internal/provider/model_project_token.go ================================================ package provider import ( "github.com/argoproj-labs/terraform-provider-argocd/internal/validators" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" ) type projectTokenModel struct { ID types.String `tfsdk:"id"` Project types.String `tfsdk:"project"` Role types.String `tfsdk:"role"` ExpiresIn types.String `tfsdk:"expires_in"` RenewAfter types.String `tfsdk:"renew_after"` RenewBefore types.String `tfsdk:"renew_before"` Description types.String `tfsdk:"description"` JWT types.String `tfsdk:"jwt"` IssuedAt types.String `tfsdk:"issued_at"` ExpiresAt types.String `tfsdk:"expires_at"` } func projectTokenSchemaAttributes() map[string]schema.Attribute { return map[string]schema.Attribute{ "id": schema.StringAttribute{ Description: "Token identifier", Computed: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, }, "project": schema.StringAttribute{ Description: "The project associated with the token.", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "role": schema.StringAttribute{ Description: "The name of the role in the project associated with the token.", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "expires_in": schema.StringAttribute{ Description: "Duration before the token will expire. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. E.g. `30m`, `12h`. Default: No expiration.", Optional: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, Validators: []validator.String{ validators.DurationValidator(), }, }, "renew_after": schema.StringAttribute{ Description: "Duration to control token silent regeneration based on token age. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. If set, then the token will be regenerated if it is older than `renew_after`. I.e. if `currentDate - issued_at > renew_after`.", Optional: true, Validators: []validator.String{ validators.DurationValidator(), }, }, "renew_before": schema.StringAttribute{ Description: "Duration to control token silent regeneration based on remaining token lifetime. If `expires_in` is set, Terraform will regenerate the token if `expires_at - currentDate < renew_before`. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`.", Optional: true, Validators: []validator.String{ validators.DurationValidator(), }, }, "description": schema.StringAttribute{ Description: "Description of the token.", Optional: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "jwt": schema.StringAttribute{ Description: "The raw JWT.", Computed: true, Sensitive: true, }, "issued_at": schema.StringAttribute{ Description: "Unix timestamp at which the token was issued.", Computed: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "expires_at": schema.StringAttribute{ Description: "If `expires_in` is set, Unix timestamp upon which the token will expire.", Computed: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, } } ================================================ FILE: internal/provider/model_provider.go ================================================ package provider import ( "bytes" "context" "fmt" "net/url" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj/argo-cd/v3/cmd/argocd/commands/headless" "github.com/argoproj/argo-cd/v3/pkg/apiclient" "github.com/argoproj/argo-cd/v3/pkg/apiclient/session" "github.com/argoproj/argo-cd/v3/util/io" "github.com/argoproj/argo-cd/v3/util/localconfig" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/types" apimachineryschema "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd/api" ) type ArgoCDProviderConfig struct { // Configuration for standard login using either with username/password or auth_token AuthToken types.String `tfsdk:"auth_token"` Username types.String `tfsdk:"username"` Password types.String `tfsdk:"password"` // When using standard login either server address or port forwarding must be used ServerAddr types.String `tfsdk:"server_addr"` PortForward types.Bool `tfsdk:"port_forward"` PortForwardWithNamespace types.String `tfsdk:"port_forward_with_namespace"` Kubernetes []Kubernetes `tfsdk:"kubernetes"` // Run ArgoCD API server locally Core types.Bool `tfsdk:"core"` // Login using credentials from local ArgoCD config file UseLocalConfig types.Bool `tfsdk:"use_local_config"` ConfigPath types.String `tfsdk:"config_path"` Context types.String `tfsdk:"context"` // Other configuration CertFile types.String `tfsdk:"cert_file"` ClientCertFile types.String `tfsdk:"client_cert_file"` ClientCertKey types.String `tfsdk:"client_cert_key"` GRPCWeb types.Bool `tfsdk:"grpc_web"` GRPCWebRootPath types.String `tfsdk:"grpc_web_root_path"` Headers types.Set `tfsdk:"headers"` Insecure types.Bool `tfsdk:"insecure"` PlainText types.Bool `tfsdk:"plain_text"` UserAgent types.String `tfsdk:"user_agent"` } func (p ArgoCDProviderConfig) getApiClientOptions(ctx context.Context) (*apiclient.ClientOptions, diag.Diagnostics) { var diags diag.Diagnostics opts := &apiclient.ClientOptions{ AuthToken: getDefaultString(p.AuthToken, "ARGOCD_AUTH_TOKEN"), CertFile: p.CertFile.ValueString(), ClientCertFile: p.ClientCertFile.ValueString(), ClientCertKeyFile: p.ClientCertKey.ValueString(), GRPCWeb: p.GRPCWeb.ValueBool(), GRPCWebRootPath: p.GRPCWebRootPath.ValueString(), Insecure: getDefaultBool(ctx, p.Insecure, "ARGOCD_INSECURE"), PlainText: p.PlainText.ValueBool(), PortForward: p.PortForward.ValueBool(), PortForwardNamespace: p.PortForwardWithNamespace.ValueString(), ServerAddr: getDefaultString(p.ServerAddr, "ARGOCD_SERVER"), UserAgent: p.Username.ValueString(), } if !p.Headers.IsNull() { var h []string diags.Append(p.Headers.ElementsAs(ctx, &h, false)...) opts.Headers = h } coreEnabled, d := p.setCoreOpts(opts) diags.Append(d...) localConfigEnabled, d := p.setLocalConfigOpts(opts) diags.Append(d...) portForwardingEnabled, d := p.setPortForwardingOpts(ctx, opts) diags.Append(d...) username := getDefaultString(p.Username, "ARGOCD_AUTH_USERNAME") password := getDefaultString(p.Password, "ARGOCD_AUTH_PASSWORD") usernameAndPasswordSet := username != "" && password != "" switch { // Provider configuration errors case !coreEnabled && !portForwardingEnabled && !localConfigEnabled && opts.ServerAddr == "": diags.Append(diagnostics.Error("invalid provider configuration: one of `core,port_forward,port_forward_with_namespace,use_local_config,server_addr` must be specified", nil)...) case portForwardingEnabled && opts.AuthToken == "" && !usernameAndPasswordSet: diags.Append(diagnostics.Error("invalid provider configuration: either `username/password` or `auth_token` must be specified when port forwarding is enabled", nil)...) case opts.ServerAddr != "" && !coreEnabled && opts.AuthToken == "" && !usernameAndPasswordSet: diags.Append(diagnostics.Error("invalid provider configuration: either `username/password` or `auth_token` must be specified if `server_addr` is specified", nil)...) } if diags.HasError() { return nil, diags } switch { // Handle "special" configuration use-cases case coreEnabled: // HACK: `headless.StartLocalServer` manipulates this global variable // when starting the local server without checking it's length/contents // which leads to a panic if called multiple times. So, we need to // ensure we "reset" it before calling the method. if runtimeErrorHandlers == nil { runtimeErrorHandlers = runtime.ErrorHandlers } else { runtime.ErrorHandlers = runtimeErrorHandlers } _, err := headless.MaybeStartLocalServer(ctx, opts, "", nil, nil, nil) if err != nil { diags.Append(diagnostics.Error("failed to start local server", err)...) return nil, diags } case opts.ServerAddr != "" && opts.AuthToken == "" && usernameAndPasswordSet: apiClient, err := apiclient.NewClient(opts) if err != nil { diags.Append(diagnostics.Error("failed to create new API client", err)...) return nil, diags } closer, sc, err := apiClient.NewSessionClient() if err != nil { diags.Append(diagnostics.Error("failed to create new session client", err)...) return nil, diags } defer io.Close(closer) sessionOpts := session.SessionCreateRequest{ Username: username, Password: password, } resp, err := sc.Create(ctx, &sessionOpts) if err != nil { diags.Append(diagnostics.Error("failed to create new session", err)...) return nil, diags } opts.AuthToken = resp.Token } return opts, diags } func (p ArgoCDProviderConfig) setCoreOpts(opts *apiclient.ClientOptions) (bool, diag.Diagnostics) { var diags diag.Diagnostics coreEnabled := p.Core.ValueBool() if coreEnabled { if opts.ServerAddr != "" { diags.AddWarning("`server_addr` is ignored by the provider and overwritten when `core = true`.", "") } opts.ServerAddr = "kubernetes" opts.Core = true if !p.Username.IsNull() { diags.AddWarning("`username` is ignored when `core = true`.", "") } } return coreEnabled, diags } func (p ArgoCDProviderConfig) setLocalConfigOpts(opts *apiclient.ClientOptions) (bool, diag.Diagnostics) { var diags diag.Diagnostics useLocalConfig := p.UseLocalConfig.ValueBool() switch useLocalConfig { case true: if opts.ServerAddr != "" { diags.AddWarning("setting `server_addr` alongside `use_local_config = true` is unnecessary and not recommended as this will overwrite the address retrieved from the local ArgoCD context.", "") } if !p.Username.IsNull() { diags.AddWarning("`username` is ignored when `use_local_config = true`.", "") } opts.Context = getDefaultString(p.Context, "ARGOCD_CONTEXT") cp := getDefaultString(p.ConfigPath, "ARGOCD_CONFIG_PATH") if cp != "" { opts.ConfigPath = p.ConfigPath.ValueString() break } cp, err := localconfig.DefaultLocalConfigPath() if err == nil { opts.ConfigPath = cp break } diags.Append(diagnostics.Error("failed to find default ArgoCD config path", err)...) case false: // Log warnings if explicit configuration has been provided for local config when `use_local_config` is not enabled. if !p.ConfigPath.IsNull() { diags.AddWarning("`config_path` is ignored by provider unless `use_local_config = true`.", "") } if !p.Context.IsNull() { diags.AddWarning("`context` is ignored by provider unless `use_local_config = true`.", "") } } return useLocalConfig, diags } func (p ArgoCDProviderConfig) setPortForwardingOpts(ctx context.Context, opts *apiclient.ClientOptions) (bool, diag.Diagnostics) { var diags diag.Diagnostics portForwardingEnabled := opts.PortForward || opts.PortForwardNamespace != "" switch portForwardingEnabled { case true: if opts.ServerAddr != "" { diags.AddWarning("`server_addr` is ignored by the provider and overwritten when port forwarding is enabled.", "") } opts.ServerAddr = "localhost" // will be overwritten by ArgoCD module when we initialize the API client but needs to be set here to ensure we opts.ServerName = "argocd-server" if opts.PortForwardNamespace == "" { opts.PortForwardNamespace = "argocd" } if p.Kubernetes == nil { break } k := p.Kubernetes[0] opts.KubeOverrides = &clientcmd.ConfigOverrides{ AuthInfo: api.AuthInfo{ ClientCertificateData: bytes.NewBufferString(getDefaultString(k.ClientCertificate, "KUBE_CLIENT_CERT_DATA")).Bytes(), Username: getDefaultString(k.Username, "KUBE_USER"), Password: getDefaultString(k.Password, "KUBE_PASSWORD"), ClientKeyData: bytes.NewBufferString(getDefaultString(k.ClientKey, "KUBE_CLIENT_KEY_DATA")).Bytes(), Token: getDefaultString(k.Token, "KUBE_TOKEN"), }, ClusterInfo: api.Cluster{ InsecureSkipTLSVerify: getDefaultBool(ctx, k.Insecure, "KUBE_INSECURE"), CertificateAuthorityData: bytes.NewBufferString(getDefaultString(k.ClusterCACertificate, "KUBE_CLUSTER_CA_CERT_DATA")).Bytes(), }, CurrentContext: getDefaultString(k.ConfigContext, "KUBE_CTX"), Context: api.Context{ AuthInfo: getDefaultString(k.ConfigContextAuthInfo, "KUBE_CTX_AUTH_INFO"), Cluster: getDefaultString(k.ConfigContextCluster, "KUBE_CTX_CLUSTER"), }, } h := getDefaultString(k.Host, "KUBE_HOST") if h != "" { // Server has to be the complete address of the Kubernetes cluster (scheme://hostname:port), not just the hostname, // because `overrides` are processed too late to be taken into account by `defaultServerUrlFor()`. // This basically replicates what defaultServerUrlFor() does with config but for overrides, // see https://github.com/Kubernetes/client-go/blob/v12.0.0/rest/url_utils.go#L85-L87 hasCA := len(opts.KubeOverrides.ClusterInfo.CertificateAuthorityData) != 0 hasCert := len(opts.KubeOverrides.AuthInfo.ClientCertificateData) != 0 defaultTLS := hasCA || hasCert || opts.KubeOverrides.ClusterInfo.InsecureSkipTLSVerify var host *url.URL host, _, err := rest.DefaultServerURL(h, "", apimachineryschema.GroupVersion{}, defaultTLS) if err == nil { opts.KubeOverrides.ClusterInfo.Server = host.String() } else { diags.Append(diagnostics.Error(fmt.Sprintf("failed to extract default server URL for host %s", h), err)...) } } if k.Exec == nil { break } e := k.Exec[0] exec := &api.ExecConfig{ InteractiveMode: api.IfAvailableExecInteractiveMode, APIVersion: e.APIVersion.ValueString(), Command: e.Command.ValueString(), } var a []string diags.Append(e.Args.ElementsAs(ctx, &a, false)...) exec.Args = a var env map[string]string diags.Append(e.Env.ElementsAs(ctx, &env, false)...) for k, v := range env { exec.Env = append(exec.Env, api.ExecEnvVar{Name: k, Value: v}) } opts.KubeOverrides.AuthInfo.Exec = exec case false: if p.Kubernetes != nil { diags.AddWarning("`Kubernetes` configuration block is ignored by provider unless `port_forward` or `port_forward_with_namespace` are configured.", "") } } return portForwardingEnabled, diags } type Kubernetes struct { Host types.String `tfsdk:"host"` Username types.String `tfsdk:"username"` Password types.String `tfsdk:"password"` Insecure types.Bool `tfsdk:"insecure"` ClientCertificate types.String `tfsdk:"client_certificate"` ClientKey types.String `tfsdk:"client_key"` ClusterCACertificate types.String `tfsdk:"cluster_ca_certificate"` ConfigContext types.String `tfsdk:"config_context"` ConfigContextAuthInfo types.String `tfsdk:"config_context_auth_info"` ConfigContextCluster types.String `tfsdk:"config_context_cluster"` Token types.String `tfsdk:"token"` Exec []KubernetesExec `tfsdk:"exec"` } type KubernetesExec struct { APIVersion types.String `tfsdk:"api_version"` Command types.String `tfsdk:"command"` Env types.Map `tfsdk:"env"` Args types.List `tfsdk:"args"` } ================================================ FILE: internal/provider/model_repository.go ================================================ package provider import ( "strconv" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework-validators/int64validator" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/int64default" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" ) type repositoryModel struct { ID types.String `tfsdk:"id"` Repo types.String `tfsdk:"repo"` Name types.String `tfsdk:"name"` Type types.String `tfsdk:"type"` Project types.String `tfsdk:"project"` UseAzureWorkloadIdentity types.Bool `tfsdk:"use_azure_workload_identity"` Username types.String `tfsdk:"username"` Password types.String `tfsdk:"password"` SSHPrivateKey types.String `tfsdk:"ssh_private_key"` TLSClientCertData types.String `tfsdk:"tls_client_cert_data"` TLSClientCertKey types.String `tfsdk:"tls_client_cert_key"` EnableLFS types.Bool `tfsdk:"enable_lfs"` EnableOCI types.Bool `tfsdk:"enable_oci"` Insecure types.Bool `tfsdk:"insecure"` InheritedCreds types.Bool `tfsdk:"inherited_creds"` ConnectionStateStatus types.String `tfsdk:"connection_state_status"` GitHubAppID types.String `tfsdk:"githubapp_id"` GitHubAppInstallationID types.String `tfsdk:"githubapp_installation_id"` GitHubAppEnterpriseBaseURL types.String `tfsdk:"githubapp_enterprise_base_url"` GitHubAppPrivateKey types.String `tfsdk:"githubapp_private_key"` BearerToken types.String `tfsdk:"bearer_token"` Proxy types.String `tfsdk:"proxy"` NoProxy types.String `tfsdk:"no_proxy"` Depth types.Int64 `tfsdk:"depth"` } func repositorySchemaAttributes() map[string]schema.Attribute { return map[string]schema.Attribute{ "id": schema.StringAttribute{ MarkdownDescription: "Repository identifier", Computed: true, }, "repo": schema.StringAttribute{ MarkdownDescription: "URL of the repository.", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "name": schema.StringAttribute{ MarkdownDescription: "Name to be used for this repo. Only used with Helm repos.", Optional: true, }, "type": schema.StringAttribute{ MarkdownDescription: "Type of the repo. Can be either `git`, `helm` or `oci`. `git` is assumed if empty or absent.", Optional: true, Computed: true, Default: stringdefault.StaticString("git"), Validators: []validator.String{ stringvalidator.OneOf("git", "helm", "oci"), }, }, "project": schema.StringAttribute{ MarkdownDescription: "The project name, in case the repository is project scoped.", Optional: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "use_azure_workload_identity": schema.BoolAttribute{ MarkdownDescription: "Whether `Azure-Workload-identity` should be enabled for this repository.", Optional: true, Computed: true, Default: booldefault.StaticBool(false), }, "username": schema.StringAttribute{ MarkdownDescription: "Username used for authenticating at the remote repository.", Optional: true, }, "password": schema.StringAttribute{ MarkdownDescription: "Password or PAT used for authenticating at the remote repository.", Optional: true, Sensitive: true, }, "bearer_token": schema.StringAttribute{ MarkdownDescription: "BearerToken contains the bearer token used for Git BitBucket Data Center auth at the repo server", Optional: true, Sensitive: true, }, "ssh_private_key": schema.StringAttribute{ MarkdownDescription: "PEM data for authenticating at the repo server. Only used with Git repos.", Optional: true, Sensitive: true, }, "tls_client_cert_data": schema.StringAttribute{ MarkdownDescription: "TLS client certificate in PEM format for authenticating at the repo server.", Optional: true, }, "tls_client_cert_key": schema.StringAttribute{ MarkdownDescription: "TLS client certificate private key in PEM format for authenticating at the repo server.", Optional: true, Sensitive: true, }, "enable_lfs": schema.BoolAttribute{ MarkdownDescription: "Whether `git-lfs` support should be enabled for this repository.", Optional: true, Computed: true, Default: booldefault.StaticBool(false), }, "enable_oci": schema.BoolAttribute{ MarkdownDescription: "Whether `helm-oci` support should be enabled for this repository.", Optional: true, Computed: true, Default: booldefault.StaticBool(false), }, "insecure": schema.BoolAttribute{ MarkdownDescription: "Whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys.", Optional: true, Computed: true, Default: booldefault.StaticBool(false), }, "inherited_creds": schema.BoolAttribute{ MarkdownDescription: "Whether credentials were inherited from a credential set.", Computed: true, }, "connection_state_status": schema.StringAttribute{ MarkdownDescription: "Contains information about the current state of connection to the repository server.", Computed: true, }, "githubapp_id": schema.StringAttribute{ MarkdownDescription: "ID of the GitHub app used to access the repo.", Optional: true, Computed: true, }, "githubapp_installation_id": schema.StringAttribute{ MarkdownDescription: "The installation ID of the GitHub App used to access the repo.", Optional: true, Computed: true, }, "githubapp_enterprise_base_url": schema.StringAttribute{ MarkdownDescription: "GitHub API URL for GitHub app authentication.", Optional: true, Computed: true, }, "githubapp_private_key": schema.StringAttribute{ MarkdownDescription: "Private key data (PEM) for authentication via GitHub app.", Optional: true, Sensitive: true, }, "proxy": schema.StringAttribute{ MarkdownDescription: "HTTP/HTTPS proxy to access the repository.", Optional: true, }, "no_proxy": schema.StringAttribute{ MarkdownDescription: "Comma-separated list of hostnames that should be excluded from proxying.", Optional: true, }, "depth": schema.Int64Attribute{ MarkdownDescription: "Depth specifies the depth for [shallow clones](https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/#shallow-clone). A value of `0` means a full clone (the default). Shallow clone depths (`> 0`) are only supported from ArgoCD 3.3.0 onwards.", Optional: true, Computed: true, Default: int64default.StaticInt64(0), Validators: []validator.Int64{ int64validator.AtLeast(0), }, }, } } func (m *repositoryModel) toAPIModel() (*v1alpha1.Repository, error) { repo := &v1alpha1.Repository{ Repo: m.Repo.ValueString(), Name: m.Name.ValueString(), Type: m.Type.ValueString(), Project: m.Project.ValueString(), UseAzureWorkloadIdentity: m.UseAzureWorkloadIdentity.ValueBool(), Username: m.Username.ValueString(), Password: m.Password.ValueString(), BearerToken: m.BearerToken.ValueString(), SSHPrivateKey: m.SSHPrivateKey.ValueString(), TLSClientCertData: m.TLSClientCertData.ValueString(), TLSClientCertKey: m.TLSClientCertKey.ValueString(), EnableLFS: m.EnableLFS.ValueBool(), EnableOCI: m.EnableOCI.ValueBool(), Insecure: m.Insecure.ValueBool(), InheritedCreds: m.InheritedCreds.ValueBool(), GitHubAppEnterpriseBaseURL: m.GitHubAppEnterpriseBaseURL.ValueString(), GithubAppPrivateKey: m.GitHubAppPrivateKey.ValueString(), Proxy: m.Proxy.ValueString(), NoProxy: m.NoProxy.ValueString(), Depth: m.Depth.ValueInt64(), } // Handle GitHub App ID conversion if !m.GitHubAppID.IsNull() && !m.GitHubAppID.IsUnknown() { id, err := strconv.ParseInt(m.GitHubAppID.ValueString(), 10, 64) if err != nil { return nil, err } repo.GithubAppId = id } // Handle GitHub App Installation ID conversion if !m.GitHubAppInstallationID.IsNull() && !m.GitHubAppInstallationID.IsUnknown() { id, err := strconv.ParseInt(m.GitHubAppInstallationID.ValueString(), 10, 64) if err != nil { return nil, err } repo.GithubAppInstallationId = id } return repo, nil } func (m *repositoryModel) updateFromAPI(repo *v1alpha1.Repository) *repositoryModel { // Generate ID using "|" separator for project-scoped repos if repo.Project != "" { m.ID = types.StringValue(repo.Repo + "|" + repo.Project) } else { m.ID = types.StringValue(repo.Repo) } m.Repo = types.StringValue(repo.Repo) m.Type = types.StringValue(repo.Type) m.UseAzureWorkloadIdentity = types.BoolValue(repo.UseAzureWorkloadIdentity) m.EnableLFS = types.BoolValue(repo.EnableLFS) m.EnableOCI = types.BoolValue(repo.EnableOCI) m.Insecure = types.BoolValue(repo.Insecure) m.InheritedCreds = types.BoolValue(repo.InheritedCreds) if repo.Depth > 0 { m.Depth = types.Int64Value(repo.Depth) } else if m.Depth.IsUnknown() || m.Depth.IsNull() { m.Depth = types.Int64Value(0) } if repo.Name != "" { m.Name = types.StringValue(repo.Name) } // Handle connection state status if repo.ConnectionState.Status != "" { m.ConnectionStateStatus = types.StringValue(repo.ConnectionState.Status) } if repo.Project != "" { m.Project = types.StringValue(repo.Project) } // Handle username based on inheritance if !repo.InheritedCreds { if repo.Username != "" { m.Username = types.StringValue(repo.Username) } } if repo.GitHubAppEnterpriseBaseURL != "" { m.GitHubAppEnterpriseBaseURL = types.StringValue(repo.GitHubAppEnterpriseBaseURL) } else if m.GitHubAppEnterpriseBaseURL.IsUnknown() { // If unknown and API didn't return a value, set to null m.GitHubAppEnterpriseBaseURL = types.StringNull() } if repo.GithubAppId > 0 { m.GitHubAppID = types.StringValue(strconv.FormatInt(repo.GithubAppId, 10)) } else if m.GitHubAppID.IsUnknown() { // If unknown and API didn't return a value, set to null m.GitHubAppID = types.StringNull() } // Handle GitHub App Installation ID conversion if repo.GithubAppInstallationId > 0 { m.GitHubAppInstallationID = types.StringValue(strconv.FormatInt(repo.GithubAppInstallationId, 10)) } else if m.GitHubAppInstallationID.IsUnknown() { // If unknown and API didn't return a value, set to null m.GitHubAppInstallationID = types.StringNull() } // Handle proxy settings if repo.Proxy != "" { m.Proxy = types.StringValue(repo.Proxy) } else if m.Proxy.IsUnknown() { m.Proxy = types.StringNull() } if repo.NoProxy != "" { m.NoProxy = types.StringValue(repo.NoProxy) } else if m.NoProxy.IsUnknown() { m.NoProxy = types.StringNull() } return m } ================================================ FILE: internal/provider/model_repository_certificate.go ================================================ package provider import ( "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/types" ) type repositoryCertificateModel struct { ID types.String `tfsdk:"id"` SSH []repositoryCertificateSSHModel `tfsdk:"ssh"` HTTPS []repositoryCertificateHTTPSModel `tfsdk:"https"` } type repositoryCertificateSSHModel struct { ServerName types.String `tfsdk:"server_name"` CertSubType types.String `tfsdk:"cert_subtype"` CertData types.String `tfsdk:"cert_data"` CertInfo types.String `tfsdk:"cert_info"` } type repositoryCertificateHTTPSModel struct { ServerName types.String `tfsdk:"server_name"` CertData types.String `tfsdk:"cert_data"` CertSubType types.String `tfsdk:"cert_subtype"` CertInfo types.String `tfsdk:"cert_info"` } func repositoryCertificateSchemaAttributes() map[string]schema.Attribute { return map[string]schema.Attribute{ "id": schema.StringAttribute{ MarkdownDescription: "Repository certificate identifier", Computed: true, }, } } func repositoryCertificateSchemaBlocks() map[string]schema.Block { return map[string]schema.Block{ "ssh": schema.ListNestedBlock{ MarkdownDescription: "SSH certificate configuration", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "server_name": schema.StringAttribute{ MarkdownDescription: "DNS name of the server this certificate is intended for", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "cert_subtype": schema.StringAttribute{ MarkdownDescription: "The sub type of the cert, i.e. `ssh-rsa`", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "cert_data": schema.StringAttribute{ MarkdownDescription: "The actual certificate data, dependent on the certificate type", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "cert_info": schema.StringAttribute{ MarkdownDescription: "Additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName)", Computed: true, }, }, }, }, "https": schema.ListNestedBlock{ MarkdownDescription: "HTTPS certificate configuration", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "server_name": schema.StringAttribute{ MarkdownDescription: "DNS name of the server this certificate is intended for", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "cert_data": schema.StringAttribute{ MarkdownDescription: "The actual certificate data, dependent on the certificate type", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "cert_subtype": schema.StringAttribute{ MarkdownDescription: "The sub type of the cert, i.e. `ssh-rsa`", Computed: true, }, "cert_info": schema.StringAttribute{ MarkdownDescription: "Additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName)", Computed: true, }, }, }, }, } } func (m *repositoryCertificateModel) toAPIModel() *v1alpha1.RepositoryCertificate { cert := &v1alpha1.RepositoryCertificate{} if len(m.SSH) > 0 { ssh := m.SSH[0] cert.CertType = "ssh" cert.ServerName = ssh.ServerName.ValueString() cert.CertSubType = ssh.CertSubType.ValueString() cert.CertData = []byte(ssh.CertData.ValueString()) } else if len(m.HTTPS) > 0 { https := m.HTTPS[0] cert.CertType = "https" cert.ServerName = https.ServerName.ValueString() cert.CertData = []byte(https.CertData.ValueString()) } return cert } func (m *repositoryCertificateModel) generateID() string { if len(m.SSH) > 0 { ssh := m.SSH[0] return "ssh/" + ssh.CertSubType.ValueString() + "/" + ssh.ServerName.ValueString() } else if len(m.HTTPS) > 0 { https := m.HTTPS[0] return "https/" + https.ServerName.ValueString() } return "" } ================================================ FILE: internal/provider/model_repository_credentials.go ================================================ package provider import ( "strconv" "github.com/argoproj-labs/terraform-provider-argocd/internal/validators" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" ) type repositoryCredentialsModel struct { ID types.String `tfsdk:"id"` URL types.String `tfsdk:"url"` UseAzureWorkloadIdentity types.Bool `tfsdk:"use_azure_workload_identity"` Type types.String `tfsdk:"type"` Username types.String `tfsdk:"username"` Password types.String `tfsdk:"password"` SSHPrivateKey types.String `tfsdk:"ssh_private_key"` TLSClientCertData types.String `tfsdk:"tls_client_cert_data"` TLSClientCertKey types.String `tfsdk:"tls_client_cert_key"` EnableOCI types.Bool `tfsdk:"enable_oci"` GitHubAppID types.String `tfsdk:"githubapp_id"` GitHubAppInstallationID types.String `tfsdk:"githubapp_installation_id"` GitHubAppEnterpriseBaseURL types.String `tfsdk:"githubapp_enterprise_base_url"` GitHubAppPrivateKey types.String `tfsdk:"githubapp_private_key"` } func repositoryCredentialsSchemaAttributes() map[string]schema.Attribute { return map[string]schema.Attribute{ "id": schema.StringAttribute{ MarkdownDescription: "Repository credentials identifier", Computed: true, }, "url": schema.StringAttribute{ MarkdownDescription: "URL that these credentials match to", Required: true, PlanModifiers: []planmodifier.String{ stringplanmodifier.RequiresReplace(), }, }, "type": schema.StringAttribute{ MarkdownDescription: "Type of the repository credentials. Can be either `git`, `oci` or `helm`. `git` is assumed if empty or absent.", Optional: true, Computed: true, Default: stringdefault.StaticString("git"), Validators: []validator.String{ stringvalidator.OneOf("git", "helm", "oci"), }, }, "username": schema.StringAttribute{ MarkdownDescription: "Username for authenticating at the repo server", Optional: true, }, "password": schema.StringAttribute{ MarkdownDescription: "Password for authenticating at the repo server", Optional: true, Sensitive: true, }, "ssh_private_key": schema.StringAttribute{ MarkdownDescription: "Private key data for authenticating at the repo server using SSH (only Git repos)", Optional: true, Sensitive: true, Validators: []validator.String{ validators.SSHPrivateKey(), }, }, "tls_client_cert_data": schema.StringAttribute{ MarkdownDescription: "TLS client cert data for authenticating at the repo server", Optional: true, }, "tls_client_cert_key": schema.StringAttribute{ MarkdownDescription: "TLS client cert key for authenticating at the repo server", Optional: true, Sensitive: true, }, "enable_oci": schema.BoolAttribute{ MarkdownDescription: "Whether `helm-oci` support should be enabled for this repo. Can only be set to `true` when `type` is `helm`.", Optional: true, Computed: true, Default: booldefault.StaticBool(false), Validators: []validator.Bool{ validators.EnableOCIRequiresHelmType(), }, }, "use_azure_workload_identity": schema.BoolAttribute{ MarkdownDescription: "Whether `Azure-Workload-identity` should be enabled for this repository.", Optional: true, Computed: true, Default: booldefault.StaticBool(false), }, "githubapp_id": schema.StringAttribute{ MarkdownDescription: "GitHub App ID of the app used to access the repo for GitHub app authentication", Optional: true, Validators: []validator.String{ validators.PositiveInteger(), }, }, "githubapp_installation_id": schema.StringAttribute{ MarkdownDescription: "ID of the installed GitHub App for GitHub app authentication", Optional: true, Validators: []validator.String{ validators.PositiveInteger(), }, }, "githubapp_enterprise_base_url": schema.StringAttribute{ MarkdownDescription: "GitHub API URL for GitHub app authentication", Optional: true, }, "githubapp_private_key": schema.StringAttribute{ MarkdownDescription: "Private key data (PEM) for authentication via GitHub app", Optional: true, Sensitive: true, Validators: []validator.String{ validators.SSHPrivateKey(), }, }, } } func (m *repositoryCredentialsModel) toAPIModel() (*v1alpha1.RepoCreds, error) { creds := &v1alpha1.RepoCreds{ URL: m.URL.ValueString(), UseAzureWorkloadIdentity: m.UseAzureWorkloadIdentity.ValueBool(), Type: m.Type.ValueString(), Username: m.Username.ValueString(), Password: m.Password.ValueString(), SSHPrivateKey: m.SSHPrivateKey.ValueString(), TLSClientCertData: m.TLSClientCertData.ValueString(), TLSClientCertKey: m.TLSClientCertKey.ValueString(), EnableOCI: m.EnableOCI.ValueBool(), GitHubAppEnterpriseBaseURL: m.GitHubAppEnterpriseBaseURL.ValueString(), GithubAppPrivateKey: m.GitHubAppPrivateKey.ValueString(), } // Handle GitHub App ID conversion if !m.GitHubAppID.IsNull() && !m.GitHubAppID.IsUnknown() { id, err := strconv.ParseInt(m.GitHubAppID.ValueString(), 10, 64) if err != nil { return nil, err } creds.GithubAppId = id } // Handle GitHub App Installation ID conversion if !m.GitHubAppInstallationID.IsNull() && !m.GitHubAppInstallationID.IsUnknown() { id, err := strconv.ParseInt(m.GitHubAppInstallationID.ValueString(), 10, 64) if err != nil { return nil, err } creds.GithubAppInstallationId = id } return creds, nil } ================================================ FILE: internal/provider/planmodifiers.go ================================================ package provider import ( "context" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/types" ) // UseUnknownOnUpdate returns a plan modifier that sets the value to unknown // whenever the resource is being updated. This is useful for computed fields like // resource_version and generation that change on every Kubernetes API call. // // Unlike UseStateForUnknown which preserves the prior state value, this modifier // marks the value as unknown during updates so that Terraform accepts any value // returned by the provider after apply. // // Fixes: https://github.com/argoproj-labs/terraform-provider-argocd/issues/807 func UseUnknownOnUpdateString() planmodifier.String { return useUnknownOnUpdateStringModifier{} } type useUnknownOnUpdateStringModifier struct{} func (m useUnknownOnUpdateStringModifier) Description(_ context.Context) string { return "Sets the value to unknown during updates since server-managed fields change on every API call." } func (m useUnknownOnUpdateStringModifier) MarkdownDescription(_ context.Context) string { return "Sets the value to unknown during updates since server-managed fields change on every API call." } func (m useUnknownOnUpdateStringModifier) PlanModifyString(_ context.Context, req planmodifier.StringRequest, resp *planmodifier.StringResponse) { // If there's no state (create), leave as unknown (default behavior) if req.State.Raw.IsNull() { return } // If the plan is being destroyed, no need to modify if req.Plan.Raw.IsNull() { return } // This is an update - check if any values in the resource are changing // by comparing the full plan to the full state using Equal if !req.Plan.Raw.Equal(req.State.Raw) { // Resource is being modified, mark as unknown so any value is accepted resp.PlanValue = types.StringUnknown() return } // No change to the resource, preserve the state value resp.PlanValue = req.StateValue } // UseUnknownOnUpdateInt64 returns a plan modifier for Int64 attributes // that sets the value to unknown whenever the resource is being updated. func UseUnknownOnUpdateInt64() planmodifier.Int64 { return useUnknownOnUpdateInt64Modifier{} } type useUnknownOnUpdateInt64Modifier struct{} func (m useUnknownOnUpdateInt64Modifier) Description(_ context.Context) string { return "Sets the value to unknown during updates since server-managed fields change on every API call." } func (m useUnknownOnUpdateInt64Modifier) MarkdownDescription(_ context.Context) string { return "Sets the value to unknown during updates since server-managed fields change on every API call." } func (m useUnknownOnUpdateInt64Modifier) PlanModifyInt64(_ context.Context, req planmodifier.Int64Request, resp *planmodifier.Int64Response) { // If there's no state (create), leave as unknown (default behavior) if req.State.Raw.IsNull() { return } // If the plan is being destroyed, no need to modify if req.Plan.Raw.IsNull() { return } // This is an update - check if any values in the resource are changing if !req.Plan.Raw.Equal(req.State.Raw) { // Resource is being modified, mark as unknown so any value is accepted resp.PlanValue = types.Int64Unknown() return } // No change to the resource, preserve the state value resp.PlanValue = req.StateValue } ================================================ FILE: internal/provider/provider.go ================================================ package provider import ( "context" "github.com/hashicorp/terraform-plugin-framework-validators/listvalidator" "github.com/hashicorp/terraform-plugin-framework-validators/providervalidator" "github.com/hashicorp/terraform-plugin-framework/datasource" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/provider" "github.com/hashicorp/terraform-plugin-framework/provider/schema" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" ) // Ensure ArgoCDProvider satisfies various provider interfaces. var _ provider.Provider = (*ArgoCDProvider)(nil) type ArgoCDProvider struct { // version is set to the provider version on release, "dev" when the // provider is built and ran locally, and "test" when running acceptance // testing. version string } func New(version string) provider.Provider { return &ArgoCDProvider{ version: version, } } func (p *ArgoCDProvider) Metadata(_ context.Context, _ provider.MetadataRequest, resp *provider.MetadataResponse) { resp.TypeName = "argocd" } func (p *ArgoCDProvider) Schema(ctx context.Context, req provider.SchemaRequest, resp *provider.SchemaResponse) { resp.Schema = schema.Schema{ Attributes: map[string]schema.Attribute{ "auth_token": schema.StringAttribute{ Description: "ArgoCD authentication token, takes precedence over `username`/`password`. Can be set through the `ARGOCD_AUTH_TOKEN` environment variable.", Optional: true, Sensitive: true, }, "username": schema.StringAttribute{ Description: "Authentication username. Can be set through the `ARGOCD_AUTH_USERNAME` environment variable.", Optional: true, }, "password": schema.StringAttribute{ Description: "Authentication password. Can be set through the `ARGOCD_AUTH_PASSWORD` environment variable.", Optional: true, Sensitive: true, }, "core": schema.BoolAttribute{ Description: "Configure direct access using Kubernetes API server.\n\n " + "**Warning**: this feature works by starting a local ArgoCD API server that talks directly to the Kubernetes API using the **current context " + "in the default kubeconfig** (`~/.kube/config`). This behavior cannot be overridden using either environment variables or the `kubernetes` block " + "in the provider configuration at present).\n\n If the server fails to start (e.g. your kubeconfig is misconfigured) then the provider will " + "fail as a result of the `argocd` module forcing it to exit and no logs will be available to help you debug this. The error message will be " + "similar to\n > `The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ReadResource call. The plugin logs may " + "contain more details.`\n\n To debug this, you will need to login via the ArgoCD CLI using `argocd login --core` and then running an operation. " + "E.g. `argocd app list`.", Optional: true, }, "server_addr": schema.StringAttribute{ Description: "ArgoCD server address with port. Can be set through the `ARGOCD_SERVER` environment variable.", Optional: true, }, "port_forward": schema.BoolAttribute{ Description: "Connect to a random argocd-server port using port forwarding.", Optional: true, }, "port_forward_with_namespace": schema.StringAttribute{ Description: "Namespace name which should be used for port forwarding.", Optional: true, }, "use_local_config": schema.BoolAttribute{ Description: "Use the authentication settings found in the local config file. Useful when you have previously logged in using SSO. Conflicts with `auth_token`, `username` and `password`.", Optional: true, }, "config_path": schema.StringAttribute{ Description: "Override the default config path of `$HOME/.config/argocd/config`. Only relevant when `use_local_config`. Can be set through the `ARGOCD_CONFIG_PATH` environment variable.", Optional: true, }, "context": schema.StringAttribute{ Description: "Context to choose when using a local ArgoCD config file. Only relevant when `use_local_config`. Can be set through `ARGOCD_CONTEXT` environment variable.", Optional: true, }, "cert_file": schema.StringAttribute{ Description: "Additional root CA certificates file to add to the client TLS connection pool.", Optional: true, }, "client_cert_file": schema.StringAttribute{ Description: "Client certificate.", Optional: true, }, "client_cert_key": schema.StringAttribute{ Description: "Client certificate key.", Optional: true, }, "grpc_web": schema.BoolAttribute{ Description: "Whether to use gRPC web proxy client. Useful if Argo CD server is behind proxy which does not support HTTP2.", Optional: true, }, "grpc_web_root_path": schema.StringAttribute{ Description: "Use the gRPC web proxy client and set the web root, e.g. `argo-cd`. Useful if the Argo CD server is behind a proxy at a non-root path.", Optional: true, }, "headers": schema.SetAttribute{ Description: "Additional headers to add to each request to the ArgoCD server.", ElementType: types.StringType, Optional: true, }, "insecure": schema.BoolAttribute{ Description: "Whether to skip TLS server certificate. Can be set through the `ARGOCD_INSECURE` environment variable.", Optional: true, }, "plain_text": schema.BoolAttribute{ Description: "Whether to initiate an unencrypted connection to ArgoCD server.", Optional: true, }, "user_agent": schema.StringAttribute{ Description: "User-Agent request header override.", Optional: true, }, }, Blocks: map[string]schema.Block{ "kubernetes": schema.ListNestedBlock{ Validators: []validator.List{ listvalidator.SizeAtMost(1), }, Description: "Kubernetes configuration overrides. Only relevant when `port_forward = true` or `port_forward_with_namespace = \"foo\"`. The kubeconfig file that is used can be overridden using the [`KUBECONFIG` environment variable](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#the-kubeconfig-environment-variable)).", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "host": schema.StringAttribute{ Optional: true, Description: "The hostname (in form of URI) of the Kubernetes API. Can be sourced from `KUBE_HOST`.", }, "username": schema.StringAttribute{ Description: "The username to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_USER`.", Optional: true, }, "password": schema.StringAttribute{ Description: "The password to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_PASSWORD`.", Optional: true, Sensitive: true, }, "insecure": schema.BoolAttribute{ Description: "Whether server should be accessed without verifying the TLS certificate. Can be sourced from `KUBE_INSECURE`.", Optional: true, }, "client_certificate": schema.StringAttribute{ Description: "PEM-encoded client certificate for TLS authentication. Can be sourced from `KUBE_CLIENT_CERT_DATA`.", Optional: true, }, "client_key": schema.StringAttribute{ Description: "PEM-encoded client certificate key for TLS authentication. Can be sourced from `KUBE_CLIENT_KEY_DATA`.", Optional: true, Sensitive: true, }, "cluster_ca_certificate": schema.StringAttribute{ Description: "PEM-encoded root certificates bundle for TLS authentication. Can be sourced from `KUBE_CLUSTER_CA_CERT_DATA`.", Optional: true, }, "config_context": schema.StringAttribute{ Description: "Context to choose from the config file. Can be sourced from `KUBE_CTX`.", Optional: true, }, "config_context_auth_info": schema.StringAttribute{ Description: "", Optional: true, }, "config_context_cluster": schema.StringAttribute{ Description: "", Optional: true, }, "token": schema.StringAttribute{ Description: "Token to authenticate an service account. Can be sourced from `KUBE_TOKEN`.", Optional: true, Sensitive: true, }, }, Blocks: map[string]schema.Block{ "exec": schema.ListNestedBlock{ Validators: []validator.List{ listvalidator.SizeAtMost(1), }, Description: "Configuration block to use an [exec-based credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials.", NestedObject: schema.NestedBlockObject{ Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`.", Required: true, }, "command": schema.StringAttribute{ Description: "Command to execute.", Required: true, }, "env": schema.MapAttribute{ Description: "List of arguments to pass when executing the plugin.", Optional: true, ElementType: types.StringType, }, "args": schema.ListAttribute{ Description: "Map of environment variables to set when executing the plugin.", Optional: true, ElementType: types.StringType, }, }, }, }, }, }, }, }, } } func (p *ArgoCDProvider) ConfigValidators(ctx context.Context) []provider.ConfigValidator { return []provider.ConfigValidator{ // Don't mix/match different mechanisms used to determine which server to speak to (i.e. how ArgoCD API server is exposed or whether to expose it locally) providervalidator.Conflicting( path.MatchRoot("port_forward"), path.MatchRoot("port_forward_with_namespace"), path.MatchRoot("server_addr"), path.MatchRoot("use_local_config"), path.MatchRoot("core"), ), // Don't mix/match different authentication mechanisms providervalidator.Conflicting( path.MatchRoot("auth_token"), path.MatchRoot("password"), path.MatchRoot("use_local_config"), path.MatchRoot("core"), ), } } func (p *ArgoCDProvider) Configure(ctx context.Context, req provider.ConfigureRequest, resp *provider.ConfigureResponse) { var config ArgoCDProviderConfig // Read configuration into model resp.Diagnostics.Append(req.Config.Get(ctx, &config)...) if resp.Diagnostics.HasError() { return } server := NewServerInterface(config) resp.DataSourceData = server resp.ResourceData = server } func (p *ArgoCDProvider) Resources(context.Context) []func() resource.Resource { return []func() resource.Resource{ NewGPGKeyResource, NewRepositoryResource, NewRepositoryCertificateResource, NewRepositoryCredentialsResource, NewProjectResource, NewProjectTokenResource, } } func (p *ArgoCDProvider) DataSources(context.Context) []func() datasource.DataSource { return []func() datasource.DataSource{ NewArgoCDApplicationDataSource, } } ================================================ FILE: internal/provider/provider_test.go ================================================ package provider import ( "context" "os" "testing" "github.com/Masterminds/semver/v3" "github.com/argoproj-labs/terraform-provider-argocd/argocd" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/argoproj-labs/terraform-provider-argocd/internal/testhelpers" "github.com/hashicorp/terraform-plugin-framework/providerserver" "github.com/hashicorp/terraform-plugin-go/tfprotov6" "github.com/hashicorp/terraform-plugin-mux/tf5to6server" "github.com/hashicorp/terraform-plugin-mux/tf6muxserver" "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) // testAccProtoV6ProviderFactories are used to instantiate a provider during // acceptance testing. The factory function will be invoked for every Terraform // CLI command executed to create a provider server to which the CLI can // reattach. var testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){ "argocd": func() (tfprotov6.ProviderServer, error) { ctx := context.Background() upgradedSdkServer, err := tf5to6server.UpgradeServer( ctx, argocd.Provider().GRPCProvider, ) if err != nil { return nil, err } providers := []func() tfprotov6.ProviderServer{ providerserver.NewProtocol6(New("test")), func() tfprotov6.ProviderServer { return upgradedSdkServer }, } muxServer, err := tf6muxserver.NewMuxServer(ctx, providers...) if err != nil { return nil, err } return muxServer.ProviderServer(), nil }, } func TestMain(m *testing.M) { testhelpers.TestMain(m) } func TestProvider_headers(t *testing.T) { t.Parallel() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: ` provider "argocd" { headers = [ "Hello: HiThere", ] }`, }, }, }) } func testAccPreCheck(t *testing.T) { if v := os.Getenv("ARGOCD_AUTH_USERNAME"); v == "" { t.Fatal("ARGOCD_AUTH_USERNAME must be set for acceptance tests") } if v := os.Getenv("ARGOCD_AUTH_PASSWORD"); v == "" { t.Fatal("ARGOCD_AUTH_PASSWORD must be set for acceptance tests") } if v := os.Getenv("ARGOCD_SERVER"); v == "" { t.Fatal("ARGOCD_SERVER must be set for acceptance tests") } if v := os.Getenv("ARGOCD_INSECURE"); v == "" { t.Fatal("ARGOCD_INSECURE should be set for acceptance tests") } } // Skip test if feature is not supported func testAccPreCheckFeatureSupported(t *testing.T, feature features.Feature) { v := os.Getenv("ARGOCD_VERSION") if v == "" { t.Skip("ARGOCD_VERSION must be set set for feature supported acceptance tests") } serverVersion, err := semver.NewVersion(v) if err != nil { t.Fatalf("could not parse ARGOCD_VERSION as semantic version: %s", v) } fc, ok := features.ConstraintsMap[feature] if !ok { t.Fatal("feature constraint is not handled by the provider") } if i := fc.MinVersion.Compare(serverVersion); i == 1 { t.Skipf("version %s does not support feature", v) } } // Skip test if feature IS supported (for testing version gate errors) func testAccPreCheckFeatureNotSupported(t *testing.T, feature features.Feature) { v := os.Getenv("ARGOCD_VERSION") if v == "" { t.Skip("ARGOCD_VERSION must be set for feature not supported acceptance tests") } serverVersion, err := semver.NewVersion(v) if err != nil { t.Fatalf("could not parse ARGOCD_VERSION as semantic version: %s", v) } fc, ok := features.ConstraintsMap[feature] if !ok { t.Fatal("feature constraint is not handled by the provider") } if i := fc.MinVersion.Compare(serverVersion); i != 1 { t.Skipf("version %s already supports feature, skipping", v) } } ================================================ FILE: internal/provider/resource_gpg_key.go ================================================ package provider import ( "context" "fmt" "strings" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj-labs/terraform-provider-argocd/internal/sync" "github.com/argoproj/argo-cd/v3/pkg/apiclient/gpgkey" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-log/tflog" ) // Ensure provider defined types fully satisfy framework interfaces. var _ resource.Resource = &gpgKeyResource{} func NewGPGKeyResource() resource.Resource { return &gpgKeyResource{} } // gpgKeyResource defines the resource implementation. type gpgKeyResource struct { si *ServerInterface } func (r *gpgKeyResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_gpg_key" } func (r *gpgKeyResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Manages [GPG keys](https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/) within ArgoCD.", Attributes: gpgKeySchemaAttributes(), } } func (r *gpgKeyResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { // Prevent panic if the provider has not been configured. if req.ProviderData == nil { return } si, ok := req.ProviderData.(*ServerInterface) if !ok { resp.Diagnostics.AddError( "Unexpected Provider Data Type", fmt.Sprintf("Expected *ServerInterface, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } r.si = si } func (r *gpgKeyResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var data gpgKeyModel // Read Terraform configuration data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Create GPG key sync.GPGKeysMutex.Lock() keys, err := r.si.GPGKeysClient.Create(ctx, &gpgkey.GnuPGPublicKeyCreateRequest{ Publickey: &v1alpha1.GnuPGPublicKey{KeyData: data.PublicKey.String()}, }) sync.GPGKeysMutex.Unlock() if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("create", "GPG key", "", err)...) return } if keys.Created == nil || len(keys.Created.Items) == 0 { resp.Diagnostics.AddError("unexpected response when creating ArgoCD GPG Key - no keys created", "") return } tflog.Trace(ctx, fmt.Sprintf("created GPG key %s", keys.Created.Items[0].KeyID)) // Parse response and store state resp.Diagnostics.Append(resp.State.Set(ctx, newGPGKey(&keys.Created.Items[0]))...) } func (r *gpgKeyResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var data gpgKeyModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Read key from API key, diags := readGPGKey(ctx, r.si, data.ID.ValueString()) resp.Diagnostics.Append(diags...) // Save updated data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, key)...) } func (r *gpgKeyResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var data gpgKeyModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // In general, this resource will be recreated rather than updated. However, // `Update` will be called on the first apply after an import so we need to // ensure that we set the state of the computed data by reading the key from // the API. key, diags := readGPGKey(ctx, r.si, data.ID.ValueString()) resp.Diagnostics.Append(diags...) // Save updated data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, key)...) } func (r *gpgKeyResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var data gpgKeyModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } sync.GPGKeysMutex.Lock() _, err := r.si.GPGKeysClient.Delete(ctx, &gpgkey.GnuPGPublicKeyQuery{ KeyID: data.ID.ValueString(), }) sync.GPGKeysMutex.Unlock() if err != nil && !strings.Contains(err.Error(), "NotFound") { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("delete", "GPG key", data.ID.ValueString(), err)...) return } tflog.Trace(ctx, fmt.Sprintf("deleted GPG key %s", data.ID.ValueString())) } func (r *gpgKeyResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) } func readGPGKey(ctx context.Context, si *ServerInterface, id string) (*gpgKeyModel, diag.Diagnostics) { var diags diag.Diagnostics sync.GPGKeysMutex.RLock() k, err := si.GPGKeysClient.Get(ctx, &gpgkey.GnuPGPublicKeyQuery{ KeyID: id, }) sync.GPGKeysMutex.RUnlock() if err != nil { if !strings.Contains(err.Error(), "NotFound") { diags.Append(diagnostics.ArgoCDAPIError("read", "GPG key", id, err)...) } return nil, diags } return newGPGKey(k), diags } ================================================ FILE: internal/provider/resource_gpg_key_test.go ================================================ package provider import ( "regexp" "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) func TestAccArgoCDGPGKeyResource(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ // Create and Read testing { Config: ` resource "argocd_gpg_key" "this" { public_key = chomp( <<-EOF -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGSJdlcBEACnza+KvWLyKWUHJPhgs//HRL0EEmA/EcFKioBlrgPNYf/O7hNg KT3NDaNrD26pr+bOb4mfaqNNS9no8b9EP3C7Co3Wf2d4xpJ5/hlpIm3V652S5daZ I7ylVT8QOrhaqEnHH2hEcOfDaqjrYfrx3qiI8v7DmV6jfGi1tDUUgfJwiOyZk4q1 jiPo5k4+XNp9mCtUAGyidLFcUqQ9XbHKgBwgAoxtIKNSbdPCGhsjgTHHhzswMH/Z DhhtcraqrfOhoP9lI4/zyCS+B9OfUy7BS/1SqWKIgdsjFIR+zHIOI69lh77+ZAVE MVYJBdFke5/g/tTPaQGuBqaIJ3d/Mi/ZlbTsoBcq5qam73uh7fcgBV5la6NeuNcR tvKMVl4DlnkJS8LBtElLEeHEylTCdNltrUFwshDKDBtq6ilTKCK14R6g4lkn8VcE 9xx7Mhdh77tp66FRZ6ge1E8EUEFwEeFhp240KRyaA5U1/kAarn8083zZ7d4+QObp L4KMqgrwLaxyPLgu0J/f946qLewV7XsbZRXE1jQa9Z7W5TEoJwjcC79DXe1wChc6 cBfCtluDsnklwvldpKTEZU0q/hKE6Zt7NjLUyExV+5guoHllxoVxx7sh+jtKm/J+ 5gh+B3xOTDxRV2XYIx1TM6U1iLxAqchzFec8dfkuTbs/5f++PrddvZfiUQARAQAB tD1BcmdvQ0QgVGVycmFmb3JtIFByb3ZpZGVyIDxmYWtldXNlckB1c2Vycy5ub3Jl cGx5LmdpdGh1Yi5jb20+iQJOBBMBCgA4FiEEvK9bNlncXDhFAk6kmtkpVUAdOI0F AmSJdlcCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmtkpVUAdOI2FdA// YuFYsX6SUVgI4l68ZHE34jLTWU5R2ujB6luErcguAlLyDtrD3melva3V/ETc69/1 5o7Ayn3a7uz5lCEvUSLsCN+V2o3EjrA81pt8Zs+Z9WYeZE5F5DnKzq81PObdASB7 Po2X0qLqqKIhpQxc/E7m26xmePCf82H36gtvPiEVmVA5yduk1lLG3aZtNIRCa4VK gmDjR8Se+OZeAw7JQCOeJB9/Y8oQ8nVkj1SWNIICaUwIXHtrj7r1z6XTDAEkGeBg HXW8IEhZDE1Nq3vQtZvgwftEoPT/Ff+8DwvL1JUov2ObQDolallzKaiiVfGZhPJZ 4PMtEPEmSL9QWJAG5jiBVC3BdVZtXBNkC1HqTCXwZc/wzp5O9MmMXmCrUFr4FfHu IZ560MNpp/SrtUrOahLmvuG0B+Ze96e2nm5ap5wkCDaQouOIqM7Lj+FGq64cu2B/ oSsl7joBZQUYXv8meNOQssm6jArRLG2oFoiEdRqzd2/RjvvJliLN9OCNvV43f38h 8Ep8RDi9RiHhSKvwrvDD9x/JRm6zQUetjrctmjdIYp8k129LrD0Qr9ULXfphZdrv xga7/lyQLmukLu7Mxwp+ss2bY/wjT8mlT5P55kBpXXyYILhLsUESCHG6D8/Ov+vv OoZS+BSfe/0vc1aTfDKxj5wAx27a6z5o25X27feEl3U= =kqkH -----END PGP PUBLIC KEY BLOCK----- EOF ) } `, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_gpg_key.this", "id", "9AD92955401D388D"), resource.TestCheckResourceAttr("argocd_gpg_key.this", "fingerprint", "BCAF5B3659DC5C3845024EA49AD92955401D388D"), resource.TestCheckResourceAttr("argocd_gpg_key.this", "owner", "ArgoCD Terraform Provider "), resource.TestCheckResourceAttr("argocd_gpg_key.this", "sub_type", "rsa4096"), resource.TestCheckResourceAttr("argocd_gpg_key.this", "trust", "unknown"), ), }, // ImportState testing { ResourceName: "argocd_gpg_key.this", ImportState: true, ImportStateVerify: true, }, // Update (i.e. recreate) { Config: ` resource "argocd_gpg_key" "this" { public_key = <"), resource.TestCheckResourceAttr("argocd_gpg_key.this", "sub_type", "rsa4096"), resource.TestCheckResourceAttr("argocd_gpg_key.this", "trust", "unknown"), ), }, }, }) } func TestAccArgoCDGPGKeyResource_Invalid_NotAGPGKey(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: ` resource "argocd_gpg_key" "invalid" { public_key = "invalid" } `, ExpectError: regexp.MustCompile("Invalid PGP Public Key"), }, }, }) } ================================================ FILE: internal/provider/resource_project.go ================================================ package provider import ( "context" "fmt" "strings" "time" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" argocdSync "github.com/argoproj-labs/terraform-provider-argocd/internal/sync" "github.com/argoproj/argo-cd/v3/pkg/apiclient/project" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // Ensure provider defined types fully satisfy framework interfaces. var _ resource.Resource = &projectResource{} func NewProjectResource() resource.Resource { return &projectResource{} } type projectResource struct { si *ServerInterface } func (r *projectResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_project" } func (r *projectResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Manages [projects](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/) within ArgoCD.", Version: 2, Attributes: map[string]schema.Attribute{ "id": schema.StringAttribute{ Description: "Project identifier", Computed: true, }, }, Blocks: projectSchemaBlocks(), } } func (r *projectResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { // Prevent panic if the provider has not been configured. if req.ProviderData == nil { return } si, ok := req.ProviderData.(*ServerInterface) if !ok { resp.Diagnostics.AddError( "Unexpected Provider Data Type", fmt.Sprintf("Expected *ServerInterface, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } r.si = si } func (r *projectResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var data projectModel // Read Terraform configuration data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Validate that spec list is not empty if len(data.Spec) == 0 { resp.Diagnostics.AddError( "Invalid Configuration", "spec block is required but not provided", ) return } // Convert model to ArgoCD project objectMeta, spec, diags := expandProject(ctx, &data) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } projectName := objectMeta.Name model := data.Spec[0] // Check feature support if !r.si.IsFeatureSupported(features.ProjectSourceNamespaces) && len(model.SourceNamespaces) > 0 { resp.Diagnostics.Append(diagnostics.FeatureNotSupported(features.ProjectSourceNamespaces)...) return } if !r.si.IsFeatureSupported(features.ProjectDestinationServiceAccounts) && len(model.DestinationServiceAccount) > 0 { resp.Diagnostics.Append(diagnostics.FeatureNotSupported(features.ProjectDestinationServiceAccounts)...) return } // Get or create project mutex safely projectMutex := argocdSync.GetProjectMutex(projectName) projectMutex.Lock() defer projectMutex.Unlock() // Check if project already exists p, err := r.si.ProjectClient.Get(ctx, &project.ProjectQuery{ Name: projectName, }) if err != nil && !strings.Contains(err.Error(), "NotFound") { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("get", "project", projectName, err)...) return } else if p != nil { switch p.DeletionTimestamp { case nil: default: // Pre-existing project is still in Kubernetes soft deletion queue if p.DeletionGracePeriodSeconds != nil { time.Sleep(time.Duration(*p.DeletionGracePeriodSeconds) * time.Second) } } } // Create project p, err = r.si.ProjectClient.Create(ctx, &project.ProjectCreateRequest{ Project: &v1alpha1.AppProject{ ObjectMeta: objectMeta, Spec: spec, }, Upsert: false, }) if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("create", "project", projectName, err)...) return } else if p == nil { resp.Diagnostics.AddError( "Project Creation Failed", fmt.Sprintf("project %s could not be created: unknown reason", projectName), ) return } tflog.Trace(ctx, fmt.Sprintf("created project %s", projectName)) // Parse response and store state projectData := newProject(p) projectData.ID = types.StringValue(projectName) // Preserve empty lists from plan that ArgoCD might have normalized to null (issue #788) preserveEmptyLists(&data.Spec[0], &projectData.Spec[0]) resp.Diagnostics.Append(resp.State.Set(ctx, projectData)...) } // preserveEmptyLists applies preservation logic to ensure empty lists and null values from the source // are not lost when the ArgoCD API normalizes them. func preserveEmptyLists(sourceModel, apiModel *projectSpecModel) { // Preserve top-level empty lists if sourceModel.SourceRepos != nil && len(sourceModel.SourceRepos) == 0 && apiModel.SourceRepos == nil { apiModel.SourceRepos = make([]types.String, 0) } if sourceModel.SignatureKeys != nil && len(sourceModel.SignatureKeys) == 0 && apiModel.SignatureKeys == nil { apiModel.SignatureKeys = make([]types.String, 0) } if sourceModel.SourceNamespaces != nil && len(sourceModel.SourceNamespaces) == 0 && apiModel.SourceNamespaces == nil { apiModel.SourceNamespaces = make([]types.String, 0) } // Preserve empty groups lists in roles for i := range apiModel.Role { apiRole := &apiModel.Role[i] for j := range sourceModel.Role { sourceRole := &sourceModel.Role[j] if apiRole.Name.Equal(sourceRole.Name) { if sourceRole.Groups != nil && len(sourceRole.Groups) == 0 && apiRole.Groups == nil { apiRole.Groups = make([]types.String, 0) } break } } } // Preserve empty lists and null values in sync windows (match by identifying fields since sync_window is a Set) for i := range apiModel.SyncWindow { apiSync := &apiModel.SyncWindow[i] for j := range sourceModel.SyncWindow { sourceSync := &sourceModel.SyncWindow[j] // Match sync windows by their identifying fields if apiSync.Kind.Equal(sourceSync.Kind) && apiSync.Schedule.Equal(sourceSync.Schedule) && apiSync.Duration.Equal(sourceSync.Duration) { if sourceSync.Applications != nil && len(sourceSync.Applications) == 0 && apiSync.Applications == nil { apiSync.Applications = make([]types.String, 0) } if sourceSync.Clusters != nil && len(sourceSync.Clusters) == 0 && apiSync.Clusters == nil { apiSync.Clusters = make([]types.String, 0) } if sourceSync.Namespaces != nil && len(sourceSync.Namespaces) == 0 && apiSync.Namespaces == nil { apiSync.Namespaces = make([]types.String, 0) } // Preserve null for manual_sync if it wasn't specified in source (issue #788) // API returns false (zero value) but source has null when not specified if sourceSync.ManualSync.IsNull() && apiSync.ManualSync.Equal(types.BoolValue(false)) { apiSync.ManualSync = types.BoolNull() } if sourceSync.UseAndOperator.IsNull() && apiSync.UseAndOperator.Equal(types.BoolValue(false)) { apiSync.UseAndOperator = types.BoolNull() } break } } } } func (r *projectResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var data projectModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } projectName := data.Metadata[0].Name.ValueString() // Get or create project mutex safely projectMutex := argocdSync.GetProjectMutex(projectName) projectMutex.RLock() defer projectMutex.RUnlock() r.readUnsafe(ctx, data, nil, projectName, resp) } func (r *projectResource) readUnsafe(ctx context.Context, data projectModel, plan *projectModel, projectName string, resp *resource.ReadResponse) { // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Validate that metadata list is not empty if len(data.Metadata) == 0 { resp.Diagnostics.AddError( "Invalid State", "metadata block is missing from state", ) return } p, err := r.si.ProjectClient.Get(ctx, &project.ProjectQuery{ Name: projectName, }) if err != nil { if strings.Contains(err.Error(), "NotFound") { resp.State.RemoveResource(ctx) return } resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("read", "project", projectName, err)...) return } // Save updated data into Terraform state apiData := newProject(p) apiData.ID = types.StringValue(projectName) // Preserve empty lists from prior state/plan that ArgoCD might have normalized to null (issue #788) // Use plan if provided (during Update), otherwise use prior state (during Read) if len(data.Spec) > 0 { sourceModel := &data.Spec[0] if plan != nil && len(plan.Spec) > 0 { sourceModel = &plan.Spec[0] } preserveEmptyLists(sourceModel, &apiData.Spec[0]) } resp.Diagnostics.Append(resp.State.Set(ctx, apiData)...) } func (r *projectResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var data projectModel // Read Terraform plan data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Validate that spec list is not empty if len(data.Spec) == 0 { resp.Diagnostics.AddError( "Invalid Configuration", "spec block is required but not provided", ) return } // Convert model to ArgoCD project objectMeta, spec, diags := expandProject(ctx, &data) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } projectName := objectMeta.Name // Check feature support if !r.si.IsFeatureSupported(features.ProjectSourceNamespaces) && len(data.Spec[0].SourceNamespaces) > 0 { resp.Diagnostics.Append(diagnostics.FeatureNotSupported(features.ProjectSourceNamespaces)...) return } if !r.si.IsFeatureSupported(features.ProjectDestinationServiceAccounts) && len(data.Spec[0].DestinationServiceAccount) > 0 { resp.Diagnostics.Append(diagnostics.FeatureNotSupported(features.ProjectDestinationServiceAccounts)...) return } // Get or create project mutex safely projectMutex := argocdSync.GetProjectMutex(projectName) projectMutex.Lock() defer projectMutex.Unlock() // Get current project p, err := r.si.ProjectClient.Get(ctx, &project.ProjectQuery{ Name: projectName, }) if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("get", "project", projectName, err)...) return } // Preserve preexisting JWTs for managed roles roles := expandProjectRoles(ctx, data.Spec[0].Role) for _, r := range roles { var pr *v1alpha1.ProjectRole var i int pr, i, err = p.GetRoleByName(r.Name) if err != nil { // i == -1 means the role does not exist and was recently added if i != -1 { resp.Diagnostics.AddError( "Project Role Retrieval Failed", fmt.Sprintf("project role %s could not be retrieved: %s", r.Name, err.Error()), ) return } } else { // Only preserve preexisting JWTs for managed roles if we found an existing matching project spec.Roles[i].JWTTokens = pr.JWTTokens } } // Update project projectRequest := &project.ProjectUpdateRequest{ Project: &v1alpha1.AppProject{ ObjectMeta: objectMeta, Spec: spec, }, } // Kubernetes API requires providing the up-to-date correct ResourceVersion for updates projectRequest.Project.ResourceVersion = p.ResourceVersion _, err = r.si.ProjectClient.Update(ctx, projectRequest) if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("update", "project", projectName, err)...) return } tflog.Trace(ctx, fmt.Sprintf("updated project %s", projectName)) // Read updated resource with plan context for proper empty list preservation readReq := resource.ReadRequest{State: req.State} readResp := resource.ReadResponse{State: resp.State, Diagnostics: resp.Diagnostics} var updatedData projectModel // Read Terraform state data into the model resp.Diagnostics.Append(readReq.State.Get(ctx, &updatedData)...) // Pass plan to readUnsafe so it uses the plan (not old state) for preservation r.readUnsafe(ctx, updatedData, &data, projectName, &readResp) resp.State = readResp.State resp.Diagnostics = readResp.Diagnostics } func (r *projectResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var data projectModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Validate that metadata list is not empty if len(data.Metadata) == 0 { resp.Diagnostics.AddError( "Invalid State", "metadata block is missing from state", ) return } projectName := data.Metadata[0].Name.ValueString() // Get or create project mutex safely projectMutex := argocdSync.GetProjectMutex(projectName) projectMutex.Lock() defer projectMutex.Unlock() _, err := r.si.ProjectClient.Delete(ctx, &project.ProjectQuery{Name: projectName}) if err != nil && !strings.Contains(err.Error(), "NotFound") { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("delete", "project", projectName, err)...) return } tflog.Trace(ctx, fmt.Sprintf("deleted project %s", projectName)) } func (r *projectResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) if resp.Diagnostics.HasError() { return } // Try to get the project from ArgoCD to verify it exists p, err := r.si.ProjectClient.Get(ctx, &project.ProjectQuery{ Name: req.ID, }) if err != nil { if strings.Contains(err.Error(), "NotFound") { resp.Diagnostics.AddError( "Cannot import non-existent remote object", fmt.Sprintf("Project %s does not exist in ArgoCD", req.ID), ) return } resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("get", "project", req.ID, err)...) return } // If project exists, populate the state with the full project data projectData := newProject(p) projectData.ID = types.StringValue(req.ID) resp.Diagnostics.Append(resp.State.Set(ctx, projectData)...) } // expandProject converts the Terraform model to ArgoCD API types func expandProject(ctx context.Context, data *projectModel) (metav1.ObjectMeta, v1alpha1.AppProjectSpec, diag.Diagnostics) { var diags diag.Diagnostics // Validate that metadata list is not empty if len(data.Metadata) == 0 { diags.AddError( "Invalid Configuration", "metadata block is required but not provided", ) return metav1.ObjectMeta{}, v1alpha1.AppProjectSpec{}, diags } // Validate that spec list is not empty if len(data.Spec) == 0 { diags.AddError( "Invalid Configuration", "spec block is required but not provided", ) return metav1.ObjectMeta{}, v1alpha1.AppProjectSpec{}, diags } objectMeta := metav1.ObjectMeta{ Name: data.Metadata[0].Name.ValueString(), Namespace: data.Metadata[0].Namespace.ValueString(), } if len(data.Metadata[0].Labels) > 0 { labels := make(map[string]string) for k, v := range data.Metadata[0].Labels { labels[k] = v.ValueString() } objectMeta.Labels = labels } if len(data.Metadata[0].Annotations) > 0 { annotations := make(map[string]string) for k, v := range data.Metadata[0].Annotations { annotations[k] = v.ValueString() } objectMeta.Annotations = annotations } spec := v1alpha1.AppProjectSpec{} if !data.Spec[0].Description.IsNull() { spec.Description = data.Spec[0].Description.ValueString() } // Convert source repos // Initialize to empty slice if set (even if empty) to maintain empty list vs null distinction // This fixes issue #788 where empty lists were incorrectly converted to null if data.Spec[0].SourceRepos != nil { spec.SourceRepos = make([]string, 0, len(data.Spec[0].SourceRepos)) for _, repo := range data.Spec[0].SourceRepos { spec.SourceRepos = append(spec.SourceRepos, repo.ValueString()) } } // Convert signature keys // Initialize to empty slice if set (even if empty) to maintain empty list vs null distinction if data.Spec[0].SignatureKeys != nil { spec.SignatureKeys = make([]v1alpha1.SignatureKey, 0, len(data.Spec[0].SignatureKeys)) for _, key := range data.Spec[0].SignatureKeys { spec.SignatureKeys = append(spec.SignatureKeys, v1alpha1.SignatureKey{KeyID: key.ValueString()}) } } // Convert source namespaces // Initialize to empty slice if set (even if empty) to maintain empty list vs null distinction if data.Spec[0].SourceNamespaces != nil { spec.SourceNamespaces = make([]string, 0, len(data.Spec[0].SourceNamespaces)) for _, ns := range data.Spec[0].SourceNamespaces { spec.SourceNamespaces = append(spec.SourceNamespaces, ns.ValueString()) } } // Convert destinations for _, dest := range data.Spec[0].Destination { d := v1alpha1.ApplicationDestination{ Namespace: dest.Namespace.ValueString(), } if !dest.Server.IsNull() { d.Server = dest.Server.ValueString() } if !dest.Name.IsNull() { d.Name = dest.Name.ValueString() } spec.Destinations = append(spec.Destinations, d) } // Convert destination service accounts for _, dsa := range data.Spec[0].DestinationServiceAccount { d := v1alpha1.ApplicationDestinationServiceAccount{ DefaultServiceAccount: dsa.DefaultServiceAccount.ValueString(), Server: dsa.Server.ValueString(), } if !dsa.Namespace.IsNull() { d.Namespace = dsa.Namespace.ValueString() } spec.DestinationServiceAccounts = append(spec.DestinationServiceAccounts, d) } // Convert cluster resource blacklist for _, gk := range data.Spec[0].ClusterResourceBlacklist { spec.ClusterResourceBlacklist = append(spec.ClusterResourceBlacklist, v1alpha1.ClusterResourceRestrictionItem{ Group: gk.Group.ValueString(), Kind: gk.Kind.ValueString(), }) } // Convert cluster resource whitelist for _, gk := range data.Spec[0].ClusterResourceWhitelist { spec.ClusterResourceWhitelist = append(spec.ClusterResourceWhitelist, v1alpha1.ClusterResourceRestrictionItem{ Group: gk.Group.ValueString(), Kind: gk.Kind.ValueString(), }) } // Convert namespace resource blacklist for _, gk := range data.Spec[0].NamespaceResourceBlacklist { spec.NamespaceResourceBlacklist = append(spec.NamespaceResourceBlacklist, metav1.GroupKind{ Group: gk.Group.ValueString(), Kind: gk.Kind.ValueString(), }) } // Convert namespace resource whitelist for _, gk := range data.Spec[0].NamespaceResourceWhitelist { spec.NamespaceResourceWhitelist = append(spec.NamespaceResourceWhitelist, metav1.GroupKind{ Group: gk.Group.ValueString(), Kind: gk.Kind.ValueString(), }) } // Convert orphaned resources if len(data.Spec[0].OrphanedResources) > 0 { or := data.Spec[0].OrphanedResources[0] spec.OrphanedResources = &v1alpha1.OrphanedResourcesMonitorSettings{} if !or.Warn.IsNull() { spec.OrphanedResources.Warn = or.Warn.ValueBoolPointer() } for _, ignore := range or.Ignore { i := v1alpha1.OrphanedResourceKey{ Group: ignore.Group.ValueString(), Kind: ignore.Kind.ValueString(), } if !ignore.Name.IsNull() { i.Name = ignore.Name.ValueString() } spec.OrphanedResources.Ignore = append(spec.OrphanedResources.Ignore, i) } } // Convert roles spec.Roles = expandProjectRoles(ctx, data.Spec[0].Role) // Convert sync windows for _, sw := range data.Spec[0].SyncWindow { window := v1alpha1.SyncWindow{} if !sw.UseAndOperator.IsNull() { window.UseAndOperator = sw.UseAndOperator.ValueBool() } if !sw.Duration.IsNull() { window.Duration = sw.Duration.ValueString() } if !sw.Kind.IsNull() { window.Kind = sw.Kind.ValueString() } if !sw.ManualSync.IsNull() { window.ManualSync = sw.ManualSync.ValueBool() } if !sw.Schedule.IsNull() { window.Schedule = sw.Schedule.ValueString() } if !sw.Timezone.IsNull() { window.TimeZone = sw.Timezone.ValueString() } // Initialize to empty slice if set (even if empty) to maintain empty list vs null distinction // This fixes issue #788 where empty lists were incorrectly converted to null if sw.Applications != nil { window.Applications = make([]string, 0, len(sw.Applications)) for _, app := range sw.Applications { window.Applications = append(window.Applications, app.ValueString()) } } if sw.Clusters != nil { window.Clusters = make([]string, 0, len(sw.Clusters)) for _, cluster := range sw.Clusters { window.Clusters = append(window.Clusters, cluster.ValueString()) } } if sw.Namespaces != nil { window.Namespaces = make([]string, 0, len(sw.Namespaces)) for _, ns := range sw.Namespaces { window.Namespaces = append(window.Namespaces, ns.ValueString()) } } spec.SyncWindows = append(spec.SyncWindows, &window) } return objectMeta, spec, diags } // expandProjectRoles converts project role models to ArgoCD API types func expandProjectRoles(_ context.Context, roles []projectRoleModel) []v1alpha1.ProjectRole { var result []v1alpha1.ProjectRole for _, role := range roles { pr := v1alpha1.ProjectRole{ Name: role.Name.ValueString(), } if !role.Description.IsNull() { pr.Description = role.Description.ValueString() } for _, policy := range role.Policies { pr.Policies = append(pr.Policies, policy.ValueString()) } // Groups is optional - initialize to empty slice if set to maintain empty list vs null distinction // This fixes issue #788 where empty lists were incorrectly converted to null if role.Groups != nil { pr.Groups = make([]string, 0, len(role.Groups)) for _, group := range role.Groups { pr.Groups = append(pr.Groups, group.ValueString()) } } result = append(result, pr) } return result } ================================================ FILE: internal/provider/resource_project_test.go ================================================ package provider import ( "fmt" "regexp" "testing" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" ) func TestAccArgoCDProject(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectPolicyError( "test-acc-" + acctest.RandString(10), ), ExpectError: regexp.MustCompile("invalid policy rule"), }, { Config: testAccArgoCDProjectRoleNameError( "test-acc-" + acctest.RandString(10), ), ExpectError: regexp.MustCompile("invalid role name"), }, { Config: testAccArgoCDProjectSyncWindowKindError( "test-acc-" + acctest.RandString(10), ), ExpectError: regexp.MustCompile("mismatch: can only be allow or deny"), }, { Config: testAccArgoCDProjectSyncWindowDurationError( "test-acc-" + acctest.RandString(10), ), ExpectError: regexp.MustCompile("cannot parse duration"), }, { Config: testAccArgoCDProjectSyncWindowScheduleError( "test-acc-" + acctest.RandString(10), ), ExpectError: regexp.MustCompile("cannot parse schedule"), }, { Config: testAccArgoCDProjectSyncWindowTimezoneError( "test-acc-" + acctest.RandString(10), ), ExpectError: regexp.MustCompile("cannot parse timezone"), }, { Config: testAccArgoCDProjectSimple(name), Check: resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", ), }, { ResourceName: "argocd_project.simple", ImportState: true, ImportStateVerify: true, }, // Check with the same name for rapid project recreation robustness { Config: testAccArgoCDProjectSimple(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", ), // TODO: check all possible attributes ), }, { Config: testAccArgoCDProjectSimpleWithoutOrphaned(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", // TODO: check all possible attributes ), ), }, { Config: testAccArgoCDProjectSimpleWithEmptyOrphaned(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", // TODO: check all possible attributes ), ), }, }, }) } func TestAccArgoCDProject_tokensCoexistence(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectCoexistenceWithTokenResource( "test-acc-"+acctest.RandString(10), 4, ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.coexistence", "metadata.0.uid", ), resource.TestCheckNoResourceAttr( "argocd_project.coexistence", "spec.0.role.0.jwt_tokens", ), resource.TestCheckResourceAttrSet( "argocd_project_token.coexistence_testrole_exp", "issued_at", ), resource.TestCheckResourceAttrSet( "argocd_project_token.multiple.0", "issued_at", ), resource.TestCheckResourceAttrSet( "argocd_project_token.multiple.1", "issued_at", ), resource.TestCheckResourceAttrSet( "argocd_project_token.multiple.2", "issued_at", ), resource.TestCheckResourceAttrSet( "argocd_project_token.multiple.3", "issued_at", ), ), }, }, }) } func TestAccArgoCDProjectUpdateAddRole(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectSimpleWithoutRole(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", ), ), }, { ResourceName: "argocd_project.simple", ImportState: true, ImportStateVerify: true, }, { Config: testAccArgoCDProjectSimpleWithRole(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", ), ), }, }, }) } func TestAccArgoCDProjectWithClustersRepositoriesRolePolicy(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectWithClustersRepositoriesRolePolicy(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", ), ), }, { ResourceName: "argocd_project.simple", ImportState: true, ImportStateVerify: true, }, }, }) } func TestAccArgoCDProjectWithLogsExecRolePolicy(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ExecLogsPolicy) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectWithExecLogsRolePolicy(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", ), ), }, { ResourceName: "argocd_project.simple", ImportState: true, ImportStateVerify: true, }, }, }) } func TestAccArgoCDProjectWithSourceNamespaces(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ProjectSourceNamespaces) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectWithSourceNamespaces(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", ), ), }, { ResourceName: "argocd_project.simple", ImportState: true, ImportStateVerify: true, }, }, }) } func TestAccArgoCDProjectWithDestinationServiceAccounts(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) testAccPreCheckFeatureSupported(t, features.ProjectDestinationServiceAccounts) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectWithDestinationServiceAccounts(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.simple", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_project.simple", "spec.0.destination_service_account.0.default_service_account", "default", ), resource.TestCheckResourceAttr( "argocd_project.simple", "spec.0.destination_service_account.1.default_service_account", "foo", ), ), }, { ResourceName: "argocd_project.simple", ImportState: true, ImportStateVerify: true, }, }, }) } func TestAccArgoCDProjectWithFineGrainedPolicy(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ProjectFineGrainedPolicy) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectWithFineGrainedPolicy(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.fine_grained_policy", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_project.fine_grained_policy", "spec.0.role.0.policies.#", "2", ), ), }, }, }) } func TestAccArgoCDProjectWithAppsInAnyNSPolicy(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckFeatureSupported(t, features.ProjectFineGrainedPolicy) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectWithAppsInAnyNSPolicy(name), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project.app_in_any_ns_policy", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_project.app_in_any_ns_policy", "spec.0.role.0.policies.#", "2", ), ), }, }, }) } func testAccArgoCDProjectSimple(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } destination { server = "https://kubernetes.default.svc" namespace = "foo" } cluster_resource_whitelist { group = "rbac.authorization.k8s.io" kind = "ClusterRoleBinding" } cluster_resource_whitelist { group = "rbac.authorization.k8s.io" kind = "ClusterRole" } cluster_resource_whitelist { group = "" kind = "Namespace" } cluster_resource_blacklist { group = "" kind = "ResourceQuota" } cluster_resource_blacklist { group = "*" kind = "*" } namespace_resource_blacklist { group = "networking.k8s.io" kind = "Ingress" } namespace_resource_whitelist { group = "*" kind = "*" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "ignored1" } ignore { group = "apps/v1" kind = "Deployment" name = "ignored2" } } sync_window { kind = "allow" applications = ["api-*"] clusters = ["*"] namespaces = ["*"] duration = "3600s" schedule = "10 1 * * *" manual_sync = true use_and_operator = false } sync_window { kind = "deny" applications = ["foo"] clusters = ["in-cluster"] namespaces = ["default"] duration = "12h" schedule = "22 1 5 * *" manual_sync = false timezone = "Europe/London" use_and_operator = false } signature_keys = [ "4AEE18F83AFDEB23", "07E34825A909B250" ] } } `, name) } func testAccArgoCDProjectSimpleWithoutOrphaned(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple project" source_repos = ["*"] destination { name = "anothercluster" namespace = "bar" } } } `, name) } func testAccArgoCDProjectSimpleWithEmptyOrphaned(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple project" source_repos = ["*"] destination { name = "anothercluster" namespace = "bar" } orphaned_resources { } } } `, name) } func testAccArgoCDProjectCoexistenceWithTokenResource(name string, count int) string { return fmt.Sprintf(` resource "argocd_project" "coexistence" { metadata { name = "%s" namespace = "argocd" } spec { description = "coexistence" destination { server = "https://kubernetes.default.svc" namespace = "*" } source_repos = ["*"] role { name = "testrole" policies = [ "p, proj:%s:testrole, applications, override, %s/foo, allow", ] } } } resource "argocd_project_token" "multiple" { count = %d project = argocd_project.coexistence.metadata.0.name role = "testrole" } resource "argocd_project_token" "coexistence_testrole_exp" { project = argocd_project.coexistence.metadata.0.name role = "testrole" expires_in = "264h" } `, name, name, name, count) } func testAccArgoCDProjectPolicyError(name string) string { return fmt.Sprintf(` resource "argocd_project" "failure" { metadata { name = "%s" namespace = "argocd" } spec { description = "expected policy failures" destination { server = "https://kubernetes.default.svc" namespace = "*" } source_repos = ["*"] role { name = "incorrect-policy" policies = [ "p, proj:%s:bar, applicat, foo, %s/*, whatever", ] } } } `, name, name, name) } func testAccArgoCDProjectRoleNameError(name string) string { return fmt.Sprintf(` resource "argocd_project" "failure" { metadata { name = "%s" namespace = "argocd" } spec { description = "expected role name failure" destination { server = "https://kubernetes.default.svc" namespace = "*" } source_repos = ["*"] role { name = "incorrect role name" policies = [ "p, proj:%s:testrole, applications, override, %s/foo, allow", ] } } } `, name, name, name) } func testAccArgoCDProjectSyncWindowScheduleError(name string) string { return fmt.Sprintf(` resource "argocd_project" "failure" { metadata { name = "%s" namespace = "argocd" } spec { description = "expected policy failures" destination { server = "https://kubernetes.default.svc" namespace = "*" } source_repos = ["*"] role { name = "incorrect-syncwindow" policies = [ "p, proj:%s:testrole, applications, override, %s/foo, allow", ] } sync_window { kind = "allow" applications = ["api-*"] clusters = ["*"] namespaces = ["*"] duration = "3600s" schedule = "10 1 * * * 5" manual_sync = true } } } `, name, name, name) } func testAccArgoCDProjectSyncWindowDurationError(name string) string { return fmt.Sprintf(` resource "argocd_project" "failure" { metadata { name = "%s" namespace = "argocd" } spec { description = "expected duration failure" destination { server = "https://kubernetes.default.svc" namespace = "*" } source_repos = ["*"] role { name = "incorrect-syncwindow" policies = [ "p, proj:%s:testrole, applications, override, %s/foo, allow", ] } sync_window { kind = "allow" applications = ["api-*"] clusters = ["*"] namespaces = ["*"] duration = "123" schedule = "10 1 * * *" manual_sync = true } } } `, name, name, name) } func testAccArgoCDProjectSyncWindowKindError(name string) string { return fmt.Sprintf(` resource "argocd_project" "failure" { metadata { name = "%s" namespace = "argocd" } spec { description = "expected kind failure" destination { server = "https://kubernetes.default.svc" namespace = "*" } source_repos = ["*"] role { name = "incorrect-syncwindow" policies = [ "p, proj:%s:testrole, applications, override, %s/foo, allow", ] } sync_window { kind = "whatever" applications = ["api-*"] clusters = ["*"] namespaces = ["*"] duration = "600s" schedule = "10 1 * * *" manual_sync = true } } } `, name, name, name) } func testAccArgoCDProjectSimpleWithoutRole(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple project" source_repos = ["*"] destination { name = "anothercluster" namespace = "bar" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "ignored1" } } } } `, name) } func testAccArgoCDProjectSimpleWithRole(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple project" source_repos = ["*"] destination { name = "anothercluster" namespace = "bar" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "ignored1" } } role { name = "anotherrole" policies = [ "p, proj:%s:anotherrole, applications, get, %s/*, allow", "p, proj:%s:anotherrole, applications, sync, %s/*, deny", ] } } } `, name, name, name, name, name) } func testAccArgoCDProjectWithClustersRepositoriesRolePolicy(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%[1]s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple project" source_repos = ["*"] destination { name = "anothercluster" namespace = "bar" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "ignored1" } } role { name = "admin" policies = [ "p, proj:%[1]s:admin, clusters, get, %[1]s/*, allow", "p, proj:%[1]s:admin, repositories, get, %[1]s/*, allow", ] } } } `, name) } func testAccArgoCDProjectWithExecLogsRolePolicy(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%[1]s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple project" source_repos = ["*"] destination { name = "anothercluster" namespace = "bar" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "ignored1" } } role { name = "admin" policies = [ "p, proj:%[1]s:admin, exec, create, %[1]s/*, allow", "p, proj:%[1]s:admin, logs, get, %[1]s/*, allow", ] } } } `, name) } func testAccArgoCDProjectWithSourceNamespaces(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple project" source_repos = ["*"] source_namespaces = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } destination { server = "https://kubernetes.default.svc" namespace = "foo" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "ignored1" } } } } `, name) } func testAccArgoCDProjectSyncWindowTimezoneError(name string) string { return fmt.Sprintf(` resource "argocd_project" "failure" { metadata { name = "%s" namespace = "argocd" } spec { description = "expected timezone failure" destination { server = "https://kubernetes.default.svc" namespace = "*" } source_repos = ["*"] role { name = "incorrect-syncwindow" policies = [ "p, proj:%s:testrole, applications, override, %s/foo, allow", ] } sync_window { kind = "allow" applications = ["api-*"] clusters = ["*"] namespaces = ["*"] duration = "1h" schedule = "10 1 * * *" manual_sync = true timezone = "invalid" } } } `, name, name, name) } func testAccArgoCDProjectWithDestinationServiceAccounts(name string) string { return fmt.Sprintf(` resource "argocd_project" "simple" { metadata { name = "%s" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { description = "simple" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } destination { server = "https://kubernetes.default.svc" namespace = "foo" } destination_service_account { default_service_account = "default" namespace = "default" server = "https://kubernetes.default.svc" } destination_service_account { default_service_account = "foo" namespace = "foo" server = "https://kubernetes.default.svc" } } } `, name) } // TestAccArgoCDProject_MetadataFieldsConsistency tests consistency of metadata fields func TestAccArgoCDProject_MetadataFieldsConsistency(t *testing.T) { name := acctest.RandString(10) config := fmt.Sprintf(` resource "argocd_project" "metadata_consistency" { metadata { name = "%[1]s" namespace = "argocd" labels = { acceptance = "true" environment = "test" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" "description" = "test project" } } spec { description = "test project for metadata consistency" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } } } `, name) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.metadata_consistency", "metadata.0.name", name, ), resource.TestCheckResourceAttr( "argocd_project.metadata_consistency", "metadata.0.labels.acceptance", "true", ), resource.TestCheckResourceAttr( "argocd_project.metadata_consistency", "metadata.0.labels.environment", "test", ), resource.TestCheckResourceAttr( "argocd_project.metadata_consistency", "metadata.0.annotations.this.is.a.really.long.nested.key", "yes, really!", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.metadata_consistency", "metadata.0.name", name, ), resource.TestCheckResourceAttr( "argocd_project.metadata_consistency", "metadata.0.labels.acceptance", "true", ), resource.TestCheckResourceAttr( "argocd_project.metadata_consistency", "metadata.0.labels.environment", "test", ), resource.TestCheckResourceAttr( "argocd_project.metadata_consistency", "metadata.0.annotations.this.is.a.really.long.nested.key", "yes, really!", ), ), }, }, }) } // TestAccArgoCDProject_RolesConsistency tests consistency of role fields func TestAccArgoCDProject_RolesConsistency(t *testing.T) { name := acctest.RandString(10) config := fmt.Sprintf(` resource "argocd_project" "roles_consistency" { metadata { name = "%[1]s" namespace = "argocd" } spec { description = "test project with roles" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } role { name = "admin" policies = [ "p, proj:%[1]s:admin, applications, get, %[1]s/*, allow", "p, proj:%[1]s:admin, applications, sync, %[1]s/*, allow", ] groups = ["admin-group", "ops-group"] } role { name = "read-only" policies = [ "p, proj:%[1]s:read-only, applications, get, %[1]s/*, allow", ] groups = ["dev-group"] } } } `, name) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.roles_consistency", "spec.0.role.0.name", "admin", ), resource.TestCheckResourceAttr( "argocd_project.roles_consistency", "spec.0.role.0.policies.#", "2", ), resource.TestCheckResourceAttr( "argocd_project.roles_consistency", "spec.0.role.0.groups.#", "2", ), resource.TestCheckResourceAttr( "argocd_project.roles_consistency", "spec.0.role.1.name", "read-only", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.roles_consistency", "spec.0.role.0.name", "admin", ), resource.TestCheckResourceAttr( "argocd_project.roles_consistency", "spec.0.role.0.policies.#", "2", ), resource.TestCheckResourceAttr( "argocd_project.roles_consistency", "spec.0.role.0.groups.#", "2", ), resource.TestCheckResourceAttr( "argocd_project.roles_consistency", "spec.0.role.1.name", "read-only", ), ), }, }, }) } // TestAccArgoCDProject_SyncWindowsConsistency tests consistency of sync window fields func TestAccArgoCDProject_SyncWindowsConsistency(t *testing.T) { name := acctest.RandString(10) config := fmt.Sprintf(` resource "argocd_project" "sync_windows_consistency" { metadata { name = "%[1]s" namespace = "argocd" } spec { description = "test project with sync windows" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } sync_window { kind = "allow" applications = ["api-*"] clusters = ["*"] namespaces = ["*"] duration = "3600s" schedule = "10 1 * * *" manual_sync = true } sync_window { use_and_operator = true kind = "deny" applications = ["foo", "bar"] clusters = ["in-cluster"] namespaces = ["default"] duration = "12h" schedule = "22 1 5 * *" manual_sync = false timezone = "Europe/London" } } } `, name) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.0.kind", "allow", ), resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.0.duration", "3600s", ), resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.0.manual_sync", "true", ), resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.1.use_and_operator", "true", ), resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.1.timezone", "Europe/London", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.0.kind", "allow", ), resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.0.duration", "3600s", ), resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.0.manual_sync", "true", ), resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.1.use_and_operator", "true", ), resource.TestCheckResourceAttr( "argocd_project.sync_windows_consistency", "spec.0.sync_window.1.timezone", "Europe/London", ), ), }, }, }) } // TestAccArgoCDProject_OrphanedResourcesConsistency tests consistency of orphaned resources func TestAccArgoCDProject_OrphanedResourcesConsistency(t *testing.T) { name := acctest.RandString(10) config := fmt.Sprintf(` resource "argocd_project" "orphaned_resources_consistency" { metadata { name = "%[1]s" namespace = "argocd" } spec { description = "test project with orphaned resources" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "ignored1" } ignore { group = "apps/v1" kind = "Deployment" name = "ignored2" } } } } `, name) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.orphaned_resources_consistency", "spec.0.orphaned_resources.0.warn", "true", ), resource.TestCheckResourceAttr( "argocd_project.orphaned_resources_consistency", "spec.0.orphaned_resources.0.ignore.#", "2", ), resource.TestCheckResourceAttr( "argocd_project.orphaned_resources_consistency", "spec.0.orphaned_resources.0.ignore.0.name", "ignored1", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.orphaned_resources_consistency", "spec.0.orphaned_resources.0.warn", "true", ), resource.TestCheckResourceAttr( "argocd_project.orphaned_resources_consistency", "spec.0.orphaned_resources.0.ignore.#", "2", ), resource.TestCheckResourceAttr( "argocd_project.orphaned_resources_consistency", "spec.0.orphaned_resources.0.ignore.0.name", "ignored1", ), ), }, }, }) } func testAccArgoCDProjectWithFineGrainedPolicy(name string) string { return fmt.Sprintf(` resource "argocd_project" "fine_grained_policy" { metadata { name = "%[1]s" namespace = "argocd" labels = { acceptance = "true" } } spec { description = "simple project with fine-grained policies" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } role { name = "fine-grained" policies = [ "p, proj:%[1]s:fine-grained, applications, update/*, %[1]s/*, allow", "p, proj:%[1]s:fine-grained, applications, delete/*/Pod/*/*, %[1]s/*, allow", ] } } } `, name) } func testAccArgoCDProjectWithAppsInAnyNSPolicy(name string) string { return fmt.Sprintf(` resource "argocd_project" "app_in_any_ns_policy" { metadata { name = "%[1]s" namespace = "argocd" labels = { acceptance = "true" } } spec { description = "simple project with multi-ns policy" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } role { name = "multi-ns" policies = [ "p, proj:%[1]s:multi-ns, applications, update/*, %[1]s/*/multi-ns, allow", "p, proj:%[1]s:multi-ns, applications, delete/*/Pod/default/*, %[1]s/*, allow", ] } } } `, name) } // TestAccArgoCDProject_ProviderUpgradeStateMigration tests that resources created with the // old SDK-based provider (v7.12.0) can be successfully read and managed by the new // framework-based provider. This ensures backward compatibility when upgrading the provider. func TestAccArgoCDProject_ProviderUpgradeStateMigration(t *testing.T) { name := acctest.RandomWithPrefix("test-acc-migrate") config := testAccArgoCDProjectForStateMigration(name) resource.Test(t, resource.TestCase{ Steps: []resource.TestStep{ { // Step 1: Create project using old SDK-based provider (v7.12.0) ExternalProviders: map[string]resource.ExternalProvider{ "argocd": { VersionConstraint: "7.12.0", Source: "argoproj-labs/argocd", }, }, Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_project.migration", "metadata.0.name", name), resource.TestCheckResourceAttrSet("argocd_project.migration", "metadata.0.uid"), ), }, { // Step 2: Upgrade to new framework-based provider - verify it can read existing state ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_project.migration", "metadata.0.name", name), resource.TestCheckResourceAttr("argocd_project.migration", "spec.0.description", "project for state migration testing"), resource.TestCheckResourceAttr("argocd_project.migration", "spec.0.source_repos.#", "2"), resource.TestCheckResourceAttr("argocd_project.migration", "spec.0.destination.#", "2"), resource.TestCheckResourceAttr("argocd_project.migration", "spec.0.role.#", "2"), ), }, { // Step 3: Verify no unexpected plan changes after migration ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: config, ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ plancheck.ExpectEmptyPlan(), }, }, }, }, }) } func testAccArgoCDProjectForStateMigration(name string) string { return fmt.Sprintf(` resource "argocd_project" "migration" { metadata { name = "%[1]s" namespace = "argocd" labels = { test = "migration" env = "acceptance" } annotations = { "description" = "testing provider upgrade" } } spec { description = "project for state migration testing" source_repos = ["https://github.com/example/repo1", "https://github.com/example/repo2"] destination { server = "https://kubernetes.default.svc" namespace = "default" } destination { server = "https://kubernetes.default.svc" namespace = "production" } cluster_resource_whitelist { group = "rbac.authorization.k8s.io" kind = "ClusterRole" } namespace_resource_blacklist { group = "v1" kind = "ConfigMap" } orphaned_resources { warn = true ignore { group = "apps/v1" kind = "Deployment" name = "legacy-app" } } role { name = "admin" description = "Admin role" policies = [ "p, proj:%[1]s:admin, applications, *, %[1]s/*, allow", ] groups = ["platform-team"] } role { name = "readonly" description = "Read-only role" policies = [ "p, proj:%[1]s:readonly, applications, get, %[1]s/*, allow", ] groups = ["developers"] } sync_window { kind = "allow" applications = ["*"] clusters = ["*"] namespaces = ["*"] duration = "1h" schedule = "0 22 * * *" manual_sync = true } } } `, name) } // TestAccArgoCDProject_ProviderUpgradeStateMigration_WithoutNamespace tests the specific // case reported in issue #783 where projects created without an explicit namespace field // in v7.12.1 cause forced replacement when upgrading to v7.12.3+. // The namespace should be computed from the API response without causing drift. func TestAccArgoCDProject_ProviderUpgradeStateMigration_WithoutNamespace(t *testing.T) { name := acctest.RandomWithPrefix("test-acc-migrate-no-ns") config := testAccArgoCDProjectForStateMigrationWithoutNamespace(name) resource.Test(t, resource.TestCase{ Steps: []resource.TestStep{ { // Step 1: Create project using old SDK-based provider (v7.12.1) // without specifying namespace in metadata (this is the key scenario) ExternalProviders: map[string]resource.ExternalProvider{ "argocd": { VersionConstraint: "7.12.1", Source: "argoproj-labs/argocd", }, }, Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_project.tech", "metadata.0.name", name), resource.TestCheckResourceAttrSet("argocd_project.tech", "metadata.0.uid"), ), }, { // Step 2: Upgrade to new framework-based provider ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_project.tech", "metadata.0.name", name), resource.TestCheckResourceAttr("argocd_project.tech", "spec.0.source_repos.#", "1"), resource.TestCheckResourceAttr("argocd_project.tech", "spec.0.destination.#", "1"), resource.TestCheckResourceAttr("argocd_project.tech", "spec.0.cluster_resource_whitelist.#", "1"), // Namespace should be computed from API, not forcing replacement resource.TestCheckResourceAttr("argocd_project.tech", "metadata.0.namespace", "argocd"), ), }, { // Step 3: Verify no unexpected plan changes after migration (issue #783) // This should NOT show a forced replacement due to namespace changing ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: config, ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ plancheck.ExpectEmptyPlan(), }, }, }, }, }) } func testAccArgoCDProjectForStateMigrationWithoutNamespace(name string) string { return fmt.Sprintf(` resource "argocd_project" "tech" { metadata { name = "%s" # NOTE: namespace is intentionally NOT specified here to test issue #783 } spec { source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "*" } cluster_resource_whitelist { group = "*" kind = "*" } } } `, name) } // TestAccArgoCDProject_EmptySourceRepos tests the issue #788 where an empty source_repos list // causes "Provider produced inconsistent result after apply" error. // The provider should maintain an empty list as empty list, not convert it to null. func TestAccArgoCDProject_EmptySourceRepos(t *testing.T) { name := acctest.RandomWithPrefix("test-acc-empty-repos") config := testAccArgoCDProjectWithEmptySourceRepos(name) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_project.empty_repos", "metadata.0.name", name), resource.TestCheckResourceAttr("argocd_project.empty_repos", "spec.0.source_repos.#", "0"), ), }, { // Apply the same configuration again to verify no drift Config: config, ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ plancheck.ExpectEmptyPlan(), }, }, }, }, }) } func testAccArgoCDProjectWithEmptySourceRepos(name string) string { return fmt.Sprintf(` resource "argocd_project" "empty_repos" { metadata { name = "%s" namespace = "argocd" } spec { description = "project with empty source_repos" source_repos = [] destination { server = "https://kubernetes.default.svc" namespace = "default" } } } `, name) } // TestAccArgoCDProject_EmptyRoleGroups tests that empty groups list in roles // doesn't cause "Provider produced inconsistent result after apply" error. func TestAccArgoCDProject_EmptyRoleGroups(t *testing.T) { name := acctest.RandomWithPrefix("test-acc-empty-groups") config := testAccArgoCDProjectWithEmptyRoleGroups(name) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_project.empty_groups", "metadata.0.name", name), resource.TestCheckResourceAttr("argocd_project.empty_groups", "spec.0.role.0.groups.#", "0"), ), }, { // Apply the same configuration again to verify no drift Config: config, ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ plancheck.ExpectEmptyPlan(), }, }, }, }, }) } func testAccArgoCDProjectWithEmptyRoleGroups(name string) string { return fmt.Sprintf(` resource "argocd_project" "empty_groups" { metadata { name = "%s" namespace = "argocd" } spec { description = "project with role having empty groups" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } role { name = "test-role" groups = [] policies = ["p, proj:%s:test-role, applications, get, %s/*, allow"] } } } `, name, name, name) } // TestAccArgoCDProject_EmptyListsComprehensive tests multiple empty list fields // in a single project to ensure they all work correctly together (issue #788) func TestAccArgoCDProject_EmptyListsComprehensive(t *testing.T) { name := acctest.RandomWithPrefix("test-acc-comprehensive") config := testAccArgoCDProjectWithMultipleEmptyLists(name) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_project.comprehensive", "metadata.0.name", name), // Verify empty source_repos resource.TestCheckResourceAttr("argocd_project.comprehensive", "spec.0.source_repos.#", "0"), // Verify empty signature_keys resource.TestCheckResourceAttr("argocd_project.comprehensive", "spec.0.signature_keys.#", "0"), // Verify empty groups in role resource.TestCheckResourceAttr("argocd_project.comprehensive", "spec.0.role.0.groups.#", "0"), // Verify sync window with mixed empty/non-empty lists resource.TestCheckResourceAttr("argocd_project.comprehensive", "spec.0.sync_window.0.applications.#", "1"), resource.TestCheckResourceAttr("argocd_project.comprehensive", "spec.0.sync_window.0.clusters.#", "0"), resource.TestCheckResourceAttr("argocd_project.comprehensive", "spec.0.sync_window.0.namespaces.#", "0"), ), }, { // Apply the same configuration again to verify no drift Config: config, ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ plancheck.ExpectEmptyPlan(), }, }, }, }, }) } func testAccArgoCDProjectWithMultipleEmptyLists(name string) string { return fmt.Sprintf(` resource "argocd_project" "comprehensive" { metadata { name = "%s" namespace = "argocd" } spec { description = "project testing multiple empty list fields" source_repos = [] signature_keys = [] destination { server = "https://kubernetes.default.svc" namespace = "default" } role { name = "test-role" groups = [] policies = ["p, proj:%s:test-role, applications, get, %s/*, allow"] } sync_window { kind = "allow" schedule = "0 0 * * *" duration = "1h" applications = ["test-app"] clusters = [] namespaces = [] } } } `, name, name, name) } // TestAccArgoCDProject_MetadataComputedFieldsOnUpdate tests that computed metadata fields // (resource_version, generation, uid) don't cause "inconsistent state after apply" errors // when the spec is updated with lifecycle { ignore_changes = [metadata] }. // This is a regression test for issue #807. // See: https://github.com/argoproj-labs/terraform-provider-argocd/issues/807 func TestAccArgoCDProject_MetadataComputedFieldsOnUpdate(t *testing.T) { name := acctest.RandString(10) // Initial configuration with lifecycle ignore_changes on metadata // This replicates the exact scenario from issue #807 configInitial := fmt.Sprintf(` resource "argocd_project" "metadata_computed" { metadata { name = "%s" namespace = "argocd" labels = { "test" = "initial" } } spec { description = "initial description" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } } lifecycle { ignore_changes = [metadata] } } `, name) // Updated configuration - changes the spec but keeps metadata the same // With ignore_changes = [metadata], this should trigger resource_version // and generation changes without causing "inconsistent state after apply" errors configUpdated := fmt.Sprintf(` resource "argocd_project" "metadata_computed" { metadata { name = "%s" namespace = "argocd" labels = { "test" = "initial" } } spec { description = "updated description" source_repos = ["*", "https://github.com/example/repo"] destination { server = "https://kubernetes.default.svc" namespace = "default" } destination { server = "https://kubernetes.default.svc" namespace = "test" } } lifecycle { ignore_changes = [metadata] } } `, name) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: configInitial, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.metadata_computed", "metadata.0.name", name, ), resource.TestCheckResourceAttrSet( "argocd_project.metadata_computed", "metadata.0.resource_version", ), resource.TestCheckResourceAttrSet( "argocd_project.metadata_computed", "metadata.0.generation", ), resource.TestCheckResourceAttrSet( "argocd_project.metadata_computed", "metadata.0.uid", ), ), }, { // Update the spec - this should not cause inconsistent state errors // even though resource_version and generation will change Config: configUpdated, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.metadata_computed", "spec.0.description", "updated description", ), resource.TestCheckResourceAttrSet( "argocd_project.metadata_computed", "metadata.0.resource_version", ), resource.TestCheckResourceAttrSet( "argocd_project.metadata_computed", "metadata.0.generation", ), ), }, { // Apply the same configuration again to ensure no drift Config: configUpdated, ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ plancheck.ExpectEmptyPlan(), }, }, }, }, }) } // TestAccArgoCDProject_MultipleSpecUpdates tests that multiple sequential spec updates // don't cause inconsistent state errors due to rapidly changing resource_version/generation. // This is a stress test for issue #807. func TestAccArgoCDProject_MultipleSpecUpdates(t *testing.T) { name := acctest.RandString(10) configs := []string{ // Config 1: Initial fmt.Sprintf(` resource "argocd_project" "multi_update" { metadata { name = "%s" namespace = "argocd" } spec { description = "version 1" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } } } `, name), // Config 2: Update description fmt.Sprintf(` resource "argocd_project" "multi_update" { metadata { name = "%s" namespace = "argocd" } spec { description = "version 2" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } } } `, name), // Config 3: Add destination fmt.Sprintf(` resource "argocd_project" "multi_update" { metadata { name = "%s" namespace = "argocd" } spec { description = "version 3" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } destination { server = "https://kubernetes.default.svc" namespace = "kube-system" } } } `, name), // Config 4: Add role fmt.Sprintf(` resource "argocd_project" "multi_update" { metadata { name = "%s" namespace = "argocd" } spec { description = "version 4" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } destination { server = "https://kubernetes.default.svc" namespace = "kube-system" } role { name = "test-role" policies = ["p, proj:%[1]s:test-role, applications, get, %[1]s/*, allow"] } } } `, name), } steps := make([]resource.TestStep, len(configs)) for i, config := range configs { steps[i] = resource.TestStep{ Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.multi_update", "spec.0.description", fmt.Sprintf("version %d", i+1), ), resource.TestCheckResourceAttrSet( "argocd_project.multi_update", "metadata.0.resource_version", ), resource.TestCheckResourceAttrSet( "argocd_project.multi_update", "metadata.0.generation", ), ), } } resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: steps, }) } // TestAccArgoCDProject_UnknownAnnotationValues tests that argocd_project handles unknown // (computed) annotation and label values at plan time without crashing. // This is a regression test for issue #846. // See: https://github.com/argoproj-labs/terraform-provider-argocd/issues/846 func TestAccArgoCDProject_UnknownAnnotationValues(t *testing.T) { name := acctest.RandomWithPrefix("test-acc") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { // First step: terraform_data.test is new so its output is unknown at plan time. // The argocd_project annotation references this unknown value. // Before the fix, this would crash with "Value Conversion Error". Config: testAccArgoCDProjectWithUnknownAnnotation(name, "initial"), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.unknown_annotation", "metadata.0.annotations.computed-key", "initial", ), resource.TestCheckResourceAttr( "argocd_project.unknown_annotation", "metadata.0.labels.computed-label", "initial", ), ), }, { // Second step: changing the input makes the output unknown again at plan time. Config: testAccArgoCDProjectWithUnknownAnnotation(name, "updated"), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project.unknown_annotation", "metadata.0.annotations.computed-key", "updated", ), resource.TestCheckResourceAttr( "argocd_project.unknown_annotation", "metadata.0.labels.computed-label", "updated", ), ), }, }, }) } func testAccArgoCDProjectWithUnknownAnnotation(name, value string) string { return fmt.Sprintf(` resource "terraform_data" "test" { input = "%s" } resource "argocd_project" "unknown_annotation" { metadata { name = "%s" namespace = "argocd" annotations = { "computed-key" = terraform_data.test.output } labels = { "computed-label" = terraform_data.test.output } } spec { description = "test unknown annotation values" source_repos = ["*"] destination { server = "https://kubernetes.default.svc" namespace = "default" } } } `, value, name) } ================================================ FILE: internal/provider/resource_project_token.go ================================================ package provider import ( "context" "encoding/json" "fmt" "strconv" "strings" "time" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" argocdSync "github.com/argoproj-labs/terraform-provider-argocd/internal/sync" "github.com/argoproj/argo-cd/v3/pkg/apiclient/project" "github.com/cristalhq/jwt/v5" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" ) // Ensure provider defined types fully satisfy framework interfaces. var _ resource.Resource = &projectTokenResource{} var _ resource.ResourceWithModifyPlan = &projectTokenResource{} func NewProjectTokenResource() resource.Resource { return &projectTokenResource{} } type projectTokenResource struct { si *ServerInterface } func (r *projectTokenResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_project_token" } func (r *projectTokenResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Manages ArgoCD project role JWT tokens. See [Project Roles](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-roles) for more info.\n\n~> **Security Notice** The JWT token generated by this resource is treated as sensitive and, thus, not displayed in console output. However, it will be stored *unencrypted* in your Terraform state file. Read more about sensitive data handling in the [Terraform documentation](https://www.terraform.io/docs/language/state/sensitive-data.html).\n", Attributes: projectTokenSchemaAttributes(), } } func (r *projectTokenResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { // Prevent panic if the provider has not been configured. if req.ProviderData == nil { return } si, ok := req.ProviderData.(*ServerInterface) if !ok { resp.Diagnostics.AddError( "Unexpected Provider Data Type", fmt.Sprintf("Expected *ServerInterface, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } r.si = si } func (r *projectTokenResource) ModifyPlan(ctx context.Context, req resource.ModifyPlanRequest, resp *resource.ModifyPlanResponse) { if req.Plan.Raw.IsNull() { // Resource is being destroyed return } var planData *projectTokenModel resp.Diagnostics.Append(req.Plan.Get(ctx, &planData)...) var stateData *projectTokenModel resp.Diagnostics.Append(req.State.Get(ctx, &stateData)...) if resp.Diagnostics.HasError() { return } // If issued_at is empty, this indicates a new token - nothing to do here if stateData == nil || stateData.IssuedAt.IsNull() || stateData.IssuedAt.ValueString() == "" { return } issuedAt, err := strconv.ParseInt(stateData.IssuedAt.ValueString(), 10, 64) if err != nil { resp.Diagnostics.AddError("Invalid issued_at", fmt.Sprintf("invalid issued_at: %s", err.Error())) return } // Check renew_after if planData != nil && !planData.RenewAfter.IsNull() && !planData.RenewAfter.IsUnknown() { renewAfterDuration, err := time.ParseDuration(planData.RenewAfter.ValueString()) if err != nil { resp.Diagnostics.AddError("Invalid renew_after", fmt.Sprintf("invalid renew_after: %s", err.Error())) return } if time.Now().Unix()-issuedAt > int64(renewAfterDuration.Seconds()) { // Token is older than renewAfterDuration - force recreation resp.Plan.SetAttribute(ctx, path.Root("issued_at"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("id"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("jwt"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("expires_at"), types.StringUnknown()) return } } // Check expiration and renew_before if stateData != nil && !stateData.ExpiresAt.IsNull() && !stateData.ExpiresAt.IsUnknown() && stateData.ExpiresAt.ValueString() != "" { expiresAt, err := strconv.ParseInt(stateData.ExpiresAt.ValueString(), 10, 64) if err != nil { resp.Diagnostics.AddError("Invalid expires_at", fmt.Sprintf("invalid expires_at: %s", err.Error())) return } if expiresAt == 0 { // Token not set to expire - no need to check anything else return } if expiresAt < time.Now().Unix() { // Token has expired - force recreation resp.Plan.SetAttribute(ctx, path.Root("issued_at"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("id"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("jwt"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("expires_at"), types.StringUnknown()) return } if planData != nil && !planData.RenewBefore.IsNull() && !planData.RenewBefore.IsUnknown() { renewBeforeDuration, err := time.ParseDuration(planData.RenewBefore.ValueString()) if err != nil { resp.Diagnostics.AddError("Invalid renew_before", fmt.Sprintf("invalid renew_before: %s", err.Error())) return } if expiresAt-time.Now().Unix() < int64(renewBeforeDuration.Seconds()) { // Token will expire within renewBeforeDuration - force recreation resp.Plan.SetAttribute(ctx, path.Root("issued_at"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("id"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("jwt"), types.StringUnknown()) resp.Plan.SetAttribute(ctx, path.Root("expires_at"), types.StringUnknown()) } } } } func (r *projectTokenResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var data *projectTokenModel // Read Terraform configuration data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } projectName := data.Project.ValueString() role := data.Role.ValueString() opts := &project.ProjectTokenCreateRequest{ Project: projectName, Role: role, } if !data.Description.IsNull() { opts.Description = data.Description.ValueString() } var expiresIn int64 if !data.ExpiresIn.IsNull() { expiresInDuration, err := time.ParseDuration(data.ExpiresIn.ValueString()) if err != nil { resp.Diagnostics.AddError( "Invalid Expiration Duration", fmt.Sprintf("token expiration duration for project %s could not be parsed: %s", projectName, err.Error()), ) return } expiresIn = int64(expiresInDuration.Seconds()) opts.ExpiresIn = expiresIn } if !data.RenewBefore.IsNull() { renewBeforeDuration, err := time.ParseDuration(data.RenewBefore.ValueString()) if err != nil { resp.Diagnostics.AddError( "Invalid Renewal Duration", fmt.Sprintf("token renewal duration for project %s could not be parsed: %s", projectName, err.Error()), ) return } renewBefore := int64(renewBeforeDuration.Seconds()) if renewBefore > expiresIn { resp.Diagnostics.AddError( "Invalid Token Configuration", fmt.Sprintf("renew_before (%d) cannot be greater than expires_in (%d) for project %s", renewBefore, expiresIn, projectName), ) return } } // Get or create project mutex safely projectMutex := argocdSync.GetProjectMutex(projectName) projectMutex.Lock() defer projectMutex.Unlock() tokenResp, err := r.si.ProjectClient.CreateToken(ctx, opts) if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("create", "token for project", projectName, err)...) return } token, err := jwt.ParseNoVerify([]byte(tokenResp.GetToken())) if err != nil { resp.Diagnostics.AddError( "Invalid JWT Token", fmt.Sprintf("token for project %s is not a valid jwt: %s", projectName, err.Error()), ) return } var claims jwt.RegisteredClaims if err = json.Unmarshal(token.Claims(), &claims); err != nil { resp.Diagnostics.AddError( "JWT Claims Parse Error", fmt.Sprintf("token claims for project %s could not be parsed: %s", projectName, err.Error()), ) return } if claims.IssuedAt == nil { resp.Diagnostics.AddError( "Missing JWT Issue Date", fmt.Sprintf("token claims issue date for project %s is missing", projectName), ) return } if claims.ID == "" { resp.Diagnostics.AddError( "Missing JWT ID", fmt.Sprintf("token claims ID for project %s is missing", projectName), ) return } // Set the response data data.ID = types.StringValue(claims.ID) data.JWT = types.StringValue(token.String()) data.IssuedAt = types.StringValue(strconv.FormatInt(claims.IssuedAt.Unix(), 10)) if !data.ExpiresIn.IsNull() { if claims.ExpiresAt == nil { resp.Diagnostics.AddError( "Missing JWT Expiration Date", fmt.Sprintf("token claims expiration date for project %s is missing", projectName), ) return } data.ExpiresAt = types.StringValue(strconv.FormatInt(claims.ExpiresAt.Unix(), 10)) } else { data.ExpiresAt = types.StringValue("0") } tflog.Trace(ctx, fmt.Sprintf("created project token %s for project %s", claims.ID, projectName)) // Save data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *projectTokenResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var data *projectTokenModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } projectName := data.Project.ValueString() // Get or create project mutex safely projectMutex := argocdSync.GetProjectMutex(projectName) // Delete token from state if project has been deleted in an out-of-band fashion projectMutex.RLock() defer projectMutex.RUnlock() p, err := r.si.ProjectClient.Get(ctx, &project.ProjectQuery{ Name: projectName, }) if err != nil { if strings.Contains(err.Error(), "NotFound") { resp.State.RemoveResource(ctx) return } resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("read", "project", projectName, err)...) return } token, _, err := p.GetJWTToken( data.Role.ValueString(), 0, data.ID.ValueString(), ) if err != nil { // Token has been deleted in an out-of-band fashion resp.State.RemoveResource(ctx) return } data.IssuedAt = types.StringValue(strconv.FormatInt(token.IssuedAt, 10)) data.ExpiresAt = types.StringValue(strconv.FormatInt(token.ExpiresAt, 10)) // Save updated data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *projectTokenResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var data *projectTokenModel var stateData *projectTokenModel // Read Terraform plan data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) resp.Diagnostics.Append(req.State.Get(ctx, &stateData)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Check if this is a token renewal (issued_at is unknown in plan) if data.IssuedAt.IsUnknown() { // Delete the old token first if stateData != nil && !stateData.ID.IsNull() { deleteReq := resource.DeleteRequest{State: req.State} deleteResp := resource.DeleteResponse{Diagnostics: resp.Diagnostics} r.Delete(ctx, deleteReq, &deleteResp) resp.Diagnostics = deleteResp.Diagnostics if resp.Diagnostics.HasError() { return } } // Create a new token createReq := resource.CreateRequest{Plan: req.Plan} createResp := resource.CreateResponse{State: resp.State, Diagnostics: resp.Diagnostics} r.Create(ctx, createReq, &createResp) resp.State = createResp.State resp.Diagnostics = createResp.Diagnostics return } projectName := data.Project.ValueString() // Validate renewal configuration var expiresIn int64 if !data.ExpiresIn.IsNull() { expiresInDuration, err := time.ParseDuration(data.ExpiresIn.ValueString()) if err != nil { resp.Diagnostics.AddError( "Invalid Expiration Duration", fmt.Sprintf("token expiration duration for project %s could not be parsed: %s", projectName, err.Error()), ) return } expiresIn = int64(expiresInDuration.Seconds()) } if !data.RenewBefore.IsNull() { renewBeforeDuration, err := time.ParseDuration(data.RenewBefore.ValueString()) if err != nil { resp.Diagnostics.AddError( "Invalid Renewal Duration", fmt.Sprintf("token renewal duration for project %s could not be parsed: %s", projectName, err.Error()), ) return } renewBefore := int64(renewBeforeDuration.Seconds()) if renewBefore > expiresIn { resp.Diagnostics.AddError( "Invalid Token Configuration", fmt.Sprintf("renew_before (%d) cannot be greater than expires_in (%d) for project %s", renewBefore, expiresIn, projectName), ) return } } // Update the state data with the plan data // (no actual API update needed as tokens are immutable) resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *projectTokenResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var data *projectTokenModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } projectName := data.Project.ValueString() // Get or create project mutex safely projectMutex := argocdSync.GetProjectMutex(projectName) projectMutex.Lock() defer projectMutex.Unlock() _, err := r.si.ProjectClient.DeleteToken(ctx, &project.ProjectTokenDeleteRequest{ Id: data.ID.ValueString(), Project: projectName, Role: data.Role.ValueString(), }) if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("delete", "token for project", projectName, err)...) return } tflog.Trace(ctx, fmt.Sprintf("deleted project token %s for project %s", data.ID.ValueString(), projectName)) } func (r *projectTokenResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { // Import format: project:role:id parts := strings.Split(req.ID, ":") if len(parts) != 3 { resp.Diagnostics.AddError( "Invalid Import ID", "Import ID must be in the format 'project:role:id'", ) return } resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project"), parts[0])...) resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("role"), parts[1])...) resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("id"), parts[2])...) } ================================================ FILE: internal/provider/resource_project_token_test.go ================================================ package provider import ( "fmt" "math/rand" "regexp" "strconv" "testing" "time" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/stretchr/testify/assert" ) func TestAccArgoCDProjectToken(t *testing.T) { expiresInDurationFunc := func(i int) time.Duration { d, err := time.ParseDuration(fmt.Sprintf("%ds", i)) assert.NoError(t, err) return d } count := 3 + rand.Intn(7) expIn1 := expiresInDurationFunc(rand.Intn(100000)) resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectTokenSimple(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_project_token.simple", "issued_at", ), testCheckTokenIssuedAt( "argocd_project_token.simple", ), ), }, { Config: testAccArgoCDProjectTokenExpiry(int64(expIn1.Seconds())), Check: testCheckTokenExpiresAt( "argocd_project_token.expires", int64(expIn1.Seconds()), ), }, { Config: testAccArgoCDProjectTokenMultiple(count), Check: resource.ComposeTestCheckFunc( testTokenIssuedAtSet( "argocd_project_token.multiple1a", count, ), testTokenIssuedAtSet( "argocd_project_token.multiple1b", count, ), testTokenIssuedAtSet( "argocd_project_token.multiple2a", count, ), testTokenIssuedAtSet( "argocd_project_token.multiple2b", count, ), ), }, }, }) } func TestAccArgoCDProjectToken_RenewBefore(t *testing.T) { resourceName := "argocd_project_token.renew_before" expiresInSeconds := 30 expiresIn := fmt.Sprintf("%ds", expiresInSeconds) expiresInDuration, _ := time.ParseDuration(expiresIn) renewBeforeSeconds := expiresInSeconds - 1 resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectTokenRenewBeforeSuccess(expiresIn, "20s"), Check: resource.ComposeTestCheckFunc( testCheckTokenExpiresAt(resourceName, int64(expiresInDuration.Seconds())), resource.TestCheckResourceAttr(resourceName, "renew_before", "20s"), ), }, { Config: testAccArgoCDProjectTokenRenewBeforeSuccess(expiresIn, fmt.Sprintf("%ds", renewBeforeSeconds)), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "renew_before", fmt.Sprintf("%ds", renewBeforeSeconds)), testDelay(renewBeforeSeconds+1), ), ExpectNonEmptyPlan: true, // token should be recreated when refreshed at end of step due to delay above }, { Config: testAccArgoCDProjectTokenRenewBeforeFailure(expiresInDuration), ExpectError: regexp.MustCompile("renew_before .* cannot be greater than expires_in .*"), }, }, }) } func TestAccArgoCDProjectToken_RenewAfter(t *testing.T) { resourceName := "argocd_project_token.renew_after" renewAfterSeconds := 30 // Note: not running in parallel as this is a time sensitive test case resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDProjectTokenRenewAfter(renewAfterSeconds), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "renew_after", fmt.Sprintf("%ds", renewAfterSeconds)), ), }, { Config: testAccArgoCDProjectTokenRenewAfter(renewAfterSeconds), Check: resource.ComposeTestCheckFunc( testDelay(renewAfterSeconds + 1), ), ExpectNonEmptyPlan: true, // token should be recreated when refreshed at end of step due to delay above }, { Config: testAccArgoCDProjectTokenRenewAfter(renewAfterSeconds), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "renew_after", fmt.Sprintf("%ds", renewAfterSeconds)), ), }, }, }) } func testAccArgoCDProjectTokenSimple() string { return ` resource "argocd_project_token" "simple" { project = "myproject1" role = "test-role1234" } ` } func testAccArgoCDProjectTokenExpiry(expiresIn int64) string { return fmt.Sprintf(` resource "argocd_project_token" "expires" { project = "myproject1" role = "test-role1234" expires_in = "%ds" } `, expiresIn) } func testAccArgoCDProjectTokenMultiple(count int) string { return fmt.Sprintf(` resource "argocd_project_token" "multiple1a" { count = %d project = "myproject1" role = "test-role1234" } resource "argocd_project_token" "multiple1b" { count = %d project = "myproject1" role = "test-role4321" } resource "argocd_project_token" "multiple2a" { count = %d project = "myproject2" role = "test-role1234" } resource "argocd_project_token" "multiple2b" { count = %d project = "myproject2" role = "test-role4321" } `, count, count, count, count) } func testAccArgoCDProjectTokenRenewBeforeSuccess(expiresIn, renewBefore string) string { return fmt.Sprintf(` resource "argocd_project_token" "renew_before" { project = "myproject1" role = "test-role1234" expires_in = "%s" renew_before = "%s" } `, expiresIn, renewBefore) } func testAccArgoCDProjectTokenRenewBeforeFailure(expiresInDuration time.Duration) string { expiresIn := int64(expiresInDuration.Seconds()) renewBefore := int64(expiresInDuration.Seconds() + 1.0) return fmt.Sprintf(` resource "argocd_project_token" "renew_before" { project = "myproject1" role = "test-role1234" expires_in = "%ds" renew_before = "%ds" } `, expiresIn, renewBefore) } func testAccArgoCDProjectTokenRenewAfter(renewAfter int) string { return fmt.Sprintf(` resource "argocd_project_token" "renew_after" { project = "myproject1" description = "auto-renewing long-lived token" role = "test-role1234" renew_after = "%ds" } `, renewAfter) } func testCheckTokenIssuedAt(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("not found: %s", resourceName) } if rs.Primary.ID == "" { return fmt.Errorf("token ID is not set") } _issuedAt, ok := rs.Primary.Attributes["issued_at"] if !ok { return fmt.Errorf("testCheckTokenIssuedAt: issued_at is not set") } _, err := convertStringToInt64(_issuedAt) if err != nil { return fmt.Errorf("testCheckTokenIssuedAt: string attribute 'issued_at' stored in state cannot be converted to int64: %s", err) } return nil } } func testCheckTokenExpiresAt(resourceName string, expiresIn int64) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resourceName] if !ok { return fmt.Errorf("not found: %s", resourceName) } if rs.Primary.ID == "" { return fmt.Errorf("token ID is not set") } _expiresAt, ok := rs.Primary.Attributes["expires_at"] if !ok { return fmt.Errorf("expires_at is not set") } _issuedAt, ok := rs.Primary.Attributes["issued_at"] if !ok { return fmt.Errorf("testCheckTokenExpiresAt: issued_at is not set") } expiresAt, err := convertStringToInt64(_expiresAt) if err != nil { return fmt.Errorf("testCheckTokenExpiresAt: string attribute 'expires_at' stored in state cannot be converted to int64: %s", err) } issuedAt, err := convertStringToInt64(_issuedAt) if err != nil { return fmt.Errorf("testCheckTokenExpiresAt: string attribute 'issued_at' stored in state cannot be converted to int64: %s", err) } if issuedAt+expiresIn != expiresAt { return fmt.Errorf("testCheckTokenExpiresAt: issuedAt + expiresIn != expiresAt : %d + %d != %d", issuedAt, expiresIn, expiresAt) } return nil } } func testTokenIssuedAtSet(name string, count int) resource.TestCheckFunc { return func(s *terraform.State) error { key := "issued_at" for i := 0; i < count; i++ { ms := s.RootModule() _name := fmt.Sprintf("%s.%d", name, i) rs, ok := ms.Resources[_name] if !ok { return fmt.Errorf("not found: %s in %s", _name, ms.Path) } is := rs.Primary if is == nil { return fmt.Errorf("no primary instance: %s in %s", _name, ms.Path) } if val, ok := is.Attributes[key]; !ok || val == "" { return fmt.Errorf("%s: Attribute '%s' expected to be set", _name, key) } } return nil } } func testDelay(seconds int) resource.TestCheckFunc { return func(s *terraform.State) error { time.Sleep(time.Duration(seconds) * time.Second) return nil } } // TestAccArgoCDProjectToken_BasicFieldsConsistency tests consistency of basic token fields func TestAccArgoCDProjectToken_BasicFieldsConsistency(t *testing.T) { config := ` resource "argocd_project_token" "basic_consistency" { project = "myproject1" role = "test-role1234" description = "test token for consistency" } ` resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project_token.basic_consistency", "project", "myproject1", ), resource.TestCheckResourceAttr( "argocd_project_token.basic_consistency", "role", "test-role1234", ), resource.TestCheckResourceAttr( "argocd_project_token.basic_consistency", "description", "test token for consistency", ), resource.TestCheckResourceAttrSet( "argocd_project_token.basic_consistency", "issued_at", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project_token.basic_consistency", "project", "myproject1", ), resource.TestCheckResourceAttr( "argocd_project_token.basic_consistency", "role", "test-role1234", ), resource.TestCheckResourceAttr( "argocd_project_token.basic_consistency", "description", "test token for consistency", ), resource.TestCheckResourceAttrSet( "argocd_project_token.basic_consistency", "issued_at", ), ), }, }, }) } // TestAccArgoCDProjectToken_ExpiryFieldsConsistency tests consistency of expiry-related fields func TestAccArgoCDProjectToken_ExpiryFieldsConsistency(t *testing.T) { config := ` resource "argocd_project_token" "expiry_consistency" { project = "myproject1" role = "test-role1234" expires_in = "3600s" } ` resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project_token.expiry_consistency", "expires_in", "3600s", ), resource.TestCheckResourceAttrSet( "argocd_project_token.expiry_consistency", "expires_at", ), resource.TestCheckResourceAttrSet( "argocd_project_token.expiry_consistency", "issued_at", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project_token.expiry_consistency", "expires_in", "3600s", ), resource.TestCheckResourceAttrSet( "argocd_project_token.expiry_consistency", "expires_at", ), resource.TestCheckResourceAttrSet( "argocd_project_token.expiry_consistency", "issued_at", ), ), }, }, }) } // TestAccArgoCDProjectToken_RenewFieldsConsistency tests consistency of renew-related fields func TestAccArgoCDProjectToken_RenewFieldsConsistency(t *testing.T) { config := ` resource "argocd_project_token" "renew_consistency" { project = "myproject1" role = "test-role1234" expires_in = "3600s" renew_before = "600s" } ` resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project_token.renew_consistency", "expires_in", "3600s", ), resource.TestCheckResourceAttr( "argocd_project_token.renew_consistency", "renew_before", "600s", ), resource.TestCheckResourceAttrSet( "argocd_project_token.renew_consistency", "expires_at", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project_token.renew_consistency", "expires_in", "3600s", ), resource.TestCheckResourceAttr( "argocd_project_token.renew_consistency", "renew_before", "600s", ), resource.TestCheckResourceAttrSet( "argocd_project_token.renew_consistency", "expires_at", ), ), }, }, }) } // TestAccArgoCDProjectToken_RenewAfterConsistency tests consistency of renew_after field func TestAccArgoCDProjectToken_RenewAfterConsistency(t *testing.T) { config := ` resource "argocd_project_token" "renew_after_consistency" { project = "myproject1" role = "test-role1234" description = "long-lived token with renew_after" renew_after = "86400s" } ` resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project_token.renew_after_consistency", "project", "myproject1", ), resource.TestCheckResourceAttr( "argocd_project_token.renew_after_consistency", "role", "test-role1234", ), resource.TestCheckResourceAttr( "argocd_project_token.renew_after_consistency", "renew_after", "86400s", ), resource.TestCheckResourceAttr( "argocd_project_token.renew_after_consistency", "description", "long-lived token with renew_after", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_project_token.renew_after_consistency", "project", "myproject1", ), resource.TestCheckResourceAttr( "argocd_project_token.renew_after_consistency", "role", "test-role1234", ), resource.TestCheckResourceAttr( "argocd_project_token.renew_after_consistency", "renew_after", "86400s", ), resource.TestCheckResourceAttr( "argocd_project_token.renew_after_consistency", "description", "long-lived token with renew_after", ), ), }, }, }) } func convertStringToInt64(s string) (i int64, err error) { i, err = strconv.ParseInt(s, 10, 64) return } // TestAccArgoCDProjectToken_ProviderUpgradeStateMigration tests that tokens created with the // old SDK-based provider (v7.12.0) can be successfully read and managed by the new // framework-based provider. This ensures backward compatibility when upgrading the provider. func TestAccArgoCDProjectToken_ProviderUpgradeStateMigration(t *testing.T) { config := testAccArgoCDProjectTokenForStateMigration() resource.Test(t, resource.TestCase{ Steps: []resource.TestStep{ { // Step 1: Create tokens using old SDK-based provider (v7.12.0) ExternalProviders: map[string]resource.ExternalProvider{ "argocd": { VersionConstraint: "7.12.0", Source: "argoproj-labs/argocd", }, }, Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("argocd_project_token.migration_simple", "issued_at"), resource.TestCheckResourceAttrSet("argocd_project_token.migration_simple", "id"), resource.TestCheckResourceAttr("argocd_project_token.migration_simple", "project", "myproject1"), resource.TestCheckResourceAttr("argocd_project_token.migration_simple", "role", "test-role1234"), ), }, { // Step 2: Upgrade to new framework-based provider - verify it can read existing state ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: config, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("argocd_project_token.migration_simple", "issued_at"), resource.TestCheckResourceAttr("argocd_project_token.migration_simple", "project", "myproject1"), resource.TestCheckResourceAttr("argocd_project_token.migration_simple", "role", "test-role1234"), resource.TestCheckResourceAttrSet("argocd_project_token.migration_with_expiry", "issued_at"), resource.TestCheckResourceAttrSet("argocd_project_token.migration_with_expiry", "expires_at"), resource.TestCheckResourceAttr("argocd_project_token.migration_with_expiry", "description", "token with expiration"), ), }, { // Step 3: Verify no unexpected plan changes after migration ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Config: config, ConfigPlanChecks: resource.ConfigPlanChecks{ PreApply: []plancheck.PlanCheck{ plancheck.ExpectEmptyPlan(), }, }, }, }, }) } func testAccArgoCDProjectTokenForStateMigration() string { return ` resource "argocd_project_token" "migration_simple" { project = "myproject1" role = "test-role1234" } resource "argocd_project_token" "migration_with_expiry" { project = "myproject1" role = "test-role1234" description = "token with expiration" expires_in = "7200s" } ` } ================================================ FILE: internal/provider/resource_repository.go ================================================ package provider import ( "context" "fmt" "regexp" "strings" "time" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj-labs/terraform-provider-argocd/internal/features" "github.com/argoproj-labs/terraform-provider-argocd/internal/sync" "github.com/argoproj/argo-cd/v3/pkg/apiclient/repository" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-log/tflog" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" ) // Ensure provider defined types fully satisfy framework interfaces. var _ resource.Resource = &repositoryResource{} var _ resource.ResourceWithImportState = &repositoryResource{} func NewRepositoryResource() resource.Resource { return &repositoryResource{} } // repositoryResource defines the resource implementation. type repositoryResource struct { si *ServerInterface } func (r *repositoryResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_repository" } func (r *repositoryResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Manages [repositories](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) within ArgoCD.", Attributes: repositorySchemaAttributes(), } } func (r *repositoryResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { // Prevent panic if the provider has not been configured. if req.ProviderData == nil { return } si, ok := req.ProviderData.(*ServerInterface) if !ok { resp.Diagnostics.AddError( "Unexpected Provider Data Type", fmt.Sprintf("Expected *ServerInterface, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } r.si = si } func (r *repositoryResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var data repositoryModel // Read Terraform configuration data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } if !r.si.IsFeatureSupported(features.RepositoryDepth) && !data.Depth.IsUnknown() && !data.Depth.IsNull() && data.Depth.ValueInt64() > 0 { resp.Diagnostics.Append(diagnostics.FeatureNotSupported(features.RepositoryDepth)...) return } // Convert to API model repo, err := data.toAPIModel() if err != nil { resp.Diagnostics.AddError("Failed to convert repository model", err.Error()) return } timeout := 2 * time.Minute // Create repository with retry logic for SSH handshake issues var createdRepo *v1alpha1.Repository retryErr := retry.RetryContext(ctx, timeout, func() *retry.RetryError { sync.RepositoryMutex.Lock() defer sync.RepositoryMutex.Unlock() var createErr error createdRepo, createErr = r.si.RepositoryClient.CreateRepository( ctx, &repository.RepoCreateRequest{ Repo: repo, Upsert: false, }, ) if createErr != nil { // Check for SSH handshake issues and retry if matched, _ := regexp.MatchString("ssh: handshake failed: knownhosts: key is unknown", createErr.Error()); matched { tflog.Warn(ctx, fmt.Sprintf("SSH handshake failed for repository %s, retrying in case a repository certificate has been set recently", repo.Repo)) return retry.RetryableError(createErr) } return retry.NonRetryableError(createErr) } if createdRepo == nil { return retry.NonRetryableError(fmt.Errorf("ArgoCD did not return an error or a repository result")) } if createdRepo.ConnectionState.Status == v1alpha1.ConnectionStatusFailed { return retry.NonRetryableError(fmt.Errorf("could not connect to repository %s: %s", repo.Repo, createdRepo.ConnectionState.Message)) } return nil }) if retryErr != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("create", "repository", repo.Repo, retryErr)...) return } tflog.Trace(ctx, fmt.Sprintf("created repository %s", createdRepo.Repo)) // Save data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, data.updateFromAPI(createdRepo))...) // Perform a read to get the latest state with connection status if !resp.Diagnostics.HasError() { readResp := &resource.ReadResponse{State: resp.State, Diagnostics: resp.Diagnostics} r.Read(ctx, resource.ReadRequest{State: resp.State}, readResp) resp.Diagnostics = readResp.Diagnostics resp.State = readResp.State } } func (r *repositoryResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var data repositoryModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Read repository from API repo, diags := r.readRepository(ctx, data.Repo.ValueString(), data.Project.ValueString()) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } // If repository was not found, remove from state if repo == nil { resp.State.RemoveResource(ctx) return } // Save updated data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, data.updateFromAPI(repo))...) } func (r *repositoryResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var data repositoryModel // Read Terraform plan data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } if !r.si.IsFeatureSupported(features.RepositoryDepth) && !data.Depth.IsUnknown() && !data.Depth.IsNull() && data.Depth.ValueInt64() > 0 { resp.Diagnostics.Append(diagnostics.FeatureNotSupported(features.RepositoryDepth)...) return } // Convert to API model repo, err := data.toAPIModel() if err != nil { resp.Diagnostics.AddError("Failed to convert repository model", err.Error()) return } var updatedRepo *v1alpha1.Repository func() { // Keep mutex enclosed in a function to keep the lock scoped to it and to prevent deadlocking sync.RepositoryMutex.Lock() defer sync.RepositoryMutex.Unlock() updatedRepo, err = r.si.RepositoryClient.UpdateRepository( ctx, &repository.RepoUpdateRequest{Repo: repo}, ) }() if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("update", "repository", repo.Repo, err)...) return } if updatedRepo == nil { resp.Diagnostics.AddError("ArgoCD did not return an error or a repository result", "") return } if updatedRepo.ConnectionState.Status == v1alpha1.ConnectionStatusFailed { resp.Diagnostics.AddError( "Repository connection failed", fmt.Sprintf("could not connect to repository %s: %s", repo.Repo, updatedRepo.ConnectionState.Message), ) return } tflog.Trace(ctx, fmt.Sprintf("updated repository %s", updatedRepo.Repo)) // Save updated data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, data.updateFromAPI(updatedRepo))...) // Perform a read to get the latest state if !resp.Diagnostics.HasError() { readResp := &resource.ReadResponse{State: resp.State, Diagnostics: resp.Diagnostics} r.Read(ctx, resource.ReadRequest{State: resp.State}, readResp) resp.Diagnostics = readResp.Diagnostics resp.State = readResp.State } } func (r *repositoryResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var data repositoryModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Delete repository sync.RepositoryMutex.Lock() defer sync.RepositoryMutex.Unlock() _, err := r.si.RepositoryClient.DeleteRepository( ctx, &repository.RepoQuery{ Repo: data.Repo.ValueString(), AppProject: data.Project.ValueString(), }, ) if err != nil { if !strings.Contains(err.Error(), "NotFound") { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("delete", "repository", data.Repo.ValueString(), err)...) return } } tflog.Trace(ctx, fmt.Sprintf("deleted repository %s", data.Repo.ValueString())) } func (r *repositoryResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { // Import ID format can be: // - "repo_url" for global repositories // - "repo_url|project_name" for project-scoped repositories idParts := strings.SplitN(req.ID, "|", 2) repoURL := idParts[0] // Set repo attribute resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("repo"), repoURL)...) // Only set project if it was provided in the import ID if len(idParts) == 2 && idParts[1] != "" { resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project"), idParts[1])...) } } func (r *repositoryResource) readRepository(ctx context.Context, repoURL, project string) (*v1alpha1.Repository, diag.Diagnostics) { var diags diag.Diagnostics sync.RepositoryMutex.RLock() defer sync.RepositoryMutex.RUnlock() repos, err := r.si.RepositoryClient.List(ctx, &repository.RepoQuery{ AppProject: project, }) var finalRepo *v1alpha1.Repository if repos != nil { for _, repo := range repos.Items { // Match both URL and project to handle cases where the same repo URL // exists in multiple projects if repo.Repo == repoURL && repo.Project == project { finalRepo = repo break } } } if err != nil { if strings.Contains(err.Error(), "NotFound") { // Repository has been deleted out-of-band return nil, diags } diags.Append(diagnostics.ArgoCDAPIError("read", "repository", repoURL, err)...) return nil, diags } return finalRepo, diags } ================================================ FILE: internal/provider/resource_repository_certificate.go ================================================ package provider import ( "context" "fmt" "strings" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj-labs/terraform-provider-argocd/internal/sync" "github.com/argoproj-labs/terraform-provider-argocd/internal/validators" "github.com/argoproj/argo-cd/v3/pkg/apiclient/certificate" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" ) const sshCertType = "ssh" // Ensure provider defined types fully satisfy framework interfaces. var _ resource.Resource = &repositoryCertificateResource{} var _ resource.ResourceWithImportState = &repositoryCertificateResource{} var _ resource.ResourceWithConfigValidators = &repositoryCertificateResource{} func NewRepositoryCertificateResource() resource.Resource { return &repositoryCertificateResource{} } // repositoryCertificateResource defines the resource implementation. type repositoryCertificateResource struct { si *ServerInterface } func (r *repositoryCertificateResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_repository_certificate" } func (r *repositoryCertificateResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Manages [custom TLS certificates](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#self-signed-untrusted-tls-certificates) used by ArgoCD for connecting Git repositories.", Attributes: repositoryCertificateSchemaAttributes(), Blocks: repositoryCertificateSchemaBlocks(), } } func (r *repositoryCertificateResource) ConfigValidators(ctx context.Context) []resource.ConfigValidator { return []resource.ConfigValidator{ validators.RepositoryCertificate(), } } func (r *repositoryCertificateResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { // Prevent panic if the provider has not been configured. if req.ProviderData == nil { return } si, ok := req.ProviderData.(*ServerInterface) if !ok { resp.Diagnostics.AddError( "Unexpected Provider Data Type", fmt.Sprintf("Expected *ServerInterface, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } r.si = si } func (r *repositoryCertificateResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var data repositoryCertificateModel // Read Terraform configuration data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Convert to API model cert := data.toAPIModel() // Check if HTTPS certificate already exists if cert.CertType == "https" { sync.CertificateMutex.Lock() existing, err := r.si.CertificateClient.ListCertificates(ctx, &certificate.RepositoryCertificateQuery{ HostNamePattern: cert.ServerName, CertType: cert.CertType, }) sync.CertificateMutex.Unlock() if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("list", "repository certificates", cert.ServerName, err)...) return } if len(existing.Items) > 0 { resp.Diagnostics.AddError( "Repository certificate already exists", fmt.Sprintf("https certificate for '%s' already exist.", cert.ServerName), ) return } } // Create certificate certs := v1alpha1.RepositoryCertificateList{ Items: []v1alpha1.RepositoryCertificate{*cert}, } sync.CertificateMutex.Lock() _, err := r.si.CertificateClient.CreateCertificate( ctx, &certificate.RepositoryCertificateCreateRequest{ Certificates: &certs, Upsert: false, }, ) sync.CertificateMutex.Unlock() if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("create", "repository certificate", cert.ServerName, err)...) return } // Set the ID so we can read the certificate back data.ID = types.StringValue(data.generateID()) // Read the certificate back to get computed fields like cert_subtype for HTTPS // This is necessary because the create response doesn't include computed fields certType, certSubType, serverName, err := r.parseID(data.ID.ValueString()) if err != nil { resp.Diagnostics.AddError("Failed to parse certificate ID", err.Error()) return } readCert, diags := r.readCertificate(ctx, certType, certSubType, serverName) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } if readCert == nil { resp.Diagnostics.AddError("Certificate not found", "Certificate was created but could not be read back") return } // Update the model with the read certificate data result := data // Start with the original data to preserve all fields result.ID = data.ID // Update computed fields from API response if len(data.SSH) > 0 && readCert.CertType == sshCertType { result.SSH[0].CertInfo = types.StringValue(readCert.CertInfo) } if len(data.HTTPS) > 0 && readCert.CertType == "https" { result.HTTPS[0].CertInfo = types.StringValue(readCert.CertInfo) result.HTTPS[0].CertSubType = types.StringValue(readCert.CertSubType) } // Save data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, result)...) tflog.Trace(ctx, fmt.Sprintf("created repository certificate %s", data.ID.ValueString())) } func (r *repositoryCertificateResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var data repositoryCertificateModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Parse certificate ID to get query parameters certType, certSubType, serverName, err := r.parseID(data.ID.ValueString()) if err != nil { resp.Diagnostics.AddError("Failed to parse certificate ID", err.Error()) return } // Read certificate from API cert, diags := r.readCertificate(ctx, certType, certSubType, serverName) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } // If certificate was not found, remove from state if cert == nil { resp.State.RemoveResource(ctx) return } // Update the model with the read certificate data result := data // Start with the original data to preserve all fields result.ID = data.ID // Update computed fields from API response if len(data.SSH) > 0 && cert.CertType == sshCertType { result.SSH[0].CertInfo = types.StringValue(cert.CertInfo) } if len(data.HTTPS) > 0 && cert.CertType == "https" { result.HTTPS[0].CertInfo = types.StringValue(cert.CertInfo) result.HTTPS[0].CertSubType = types.StringValue(cert.CertSubType) } // Save updated data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, result)...) } func (r *repositoryCertificateResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { // Repository certificates don't support updates - all attributes are ForceNew resp.Diagnostics.AddError( "Repository certificates cannot be updated", "Repository certificates are immutable. To change a certificate, it must be deleted and recreated.", ) } func (r *repositoryCertificateResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var data repositoryCertificateModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Parse certificate ID to get query parameters certType, certSubType, serverName, err := r.parseID(data.ID.ValueString()) if err != nil { resp.Diagnostics.AddError("Failed to parse certificate ID", err.Error()) return } // Delete certificate query := certificate.RepositoryCertificateQuery{ HostNamePattern: serverName, CertType: certType, CertSubType: certSubType, } sync.CertificateMutex.Lock() _, err = r.si.CertificateClient.DeleteCertificate(ctx, &query) sync.CertificateMutex.Unlock() if err != nil { if !strings.Contains(err.Error(), "NotFound") { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("delete", "repository certificate", serverName, err)...) return } } tflog.Trace(ctx, fmt.Sprintf("deleted repository certificate %s", data.ID.ValueString())) } func (r *repositoryCertificateResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) } func (r *repositoryCertificateResource) readCertificate(ctx context.Context, certType, certSubType, serverName string) (*v1alpha1.RepositoryCertificate, diag.Diagnostics) { var diags diag.Diagnostics sync.CertificateMutex.RLock() defer sync.CertificateMutex.RUnlock() certs, err := r.si.CertificateClient.ListCertificates(ctx, &certificate.RepositoryCertificateQuery{ HostNamePattern: serverName, CertType: certType, CertSubType: certSubType, }) if err != nil { diags.Append(diagnostics.ArgoCDAPIError("read", "repository certificate", serverName, err)...) return nil, diags } if certs == nil || len(certs.Items) == 0 { // Certificate has been deleted out-of-band return nil, diags } // Find the specific certificate by generating its ID targetID := r.generateID(certType, certSubType, serverName) for _, cert := range certs.Items { certID := r.generateIDFromCert(&cert) if certID == targetID { return &cert, diags } } // Certificate not found return nil, diags } func (r *repositoryCertificateResource) parseID(id string) (certType, certSubType, serverName string, err error) { parts := strings.Split(id, "/") if len(parts) < 2 { return "", "", "", fmt.Errorf("invalid certificate ID format: %s", id) } certType = parts[0] switch certType { case sshCertType: if len(parts) < 3 { return "", "", "", fmt.Errorf("invalid SSH certificate ID format: %s", id) } return parts[0], parts[1], parts[2], nil case "https": if len(parts) < 2 { return "", "", "", fmt.Errorf("invalid HTTPS certificate ID format: %s", id) } return parts[0], "", parts[1], nil default: return "", "", "", fmt.Errorf("unknown certificate type: %s", certType) } } func (r *repositoryCertificateResource) generateID(certType, certSubType, serverName string) string { if certType == sshCertType { return fmt.Sprintf("%s/%s/%s", certType, certSubType, serverName) } return fmt.Sprintf("%s/%s", certType, serverName) } func (r *repositoryCertificateResource) generateIDFromCert(cert *v1alpha1.RepositoryCertificate) string { if cert.CertType == sshCertType { return fmt.Sprintf("%s/%s/%s", cert.CertType, cert.CertSubType, cert.ServerName) } return fmt.Sprintf("%s/%s", cert.CertType, cert.ServerName) } ================================================ FILE: internal/provider/resource_repository_certificate_test.go ================================================ package provider import ( "context" "fmt" "os" "os/exec" "regexp" "testing" "github.com/argoproj-labs/terraform-provider-argocd/internal/testhelpers" "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/stretchr/testify/require" ) func TestAccArgoCDRepositoryCertificatesSSH(t *testing.T) { serverName := acctest.RandomWithPrefix("mywebsite") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificatesSSH( serverName, "ecdsa-sha2-nistp256", // gitlab's "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=", ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "ssh.0.server_name", serverName), resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "ssh.0.cert_subtype", "ecdsa-sha2-nistp256"), resource.TestCheckResourceAttrSet("argocd_repository_certificate.simple", "ssh.0.cert_info"), ), }, // same, no diff { Config: testAccArgoCDRepositoryCertificatesSSH( serverName, "ecdsa-sha2-nistp256", // gitlab's "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=", ), PlanOnly: true, ExpectNonEmptyPlan: false, }, // change only the cert_data => same id => diff { Config: testAccArgoCDRepositoryCertificatesSSH( serverName, "ecdsa-sha2-nistp256", // github's "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=", ), PlanOnly: true, ExpectNonEmptyPlan: true, }, // change cert_subtype & cert_data => changes id => diff { Config: testAccArgoCDRepositoryCertificatesSSH( serverName, "ssh-rsa", // github's "AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==", ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "ssh.0.server_name", serverName), resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "ssh.0.cert_subtype", "ssh-rsa"), ), }, }, }) } func TestAccArgoCDRepositoryCertificatesHttps(t *testing.T) { serverName := acctest.RandomWithPrefix("github") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificateHttps( serverName, // github's "-----BEGIN CERTIFICATE-----\nMIIFajCCBPCgAwIBAgIQBRiaVOvox+kD4KsNklVF3jAKBggqhkjOPQQDAzBWMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTAwLgYDVQQDEydEaWdp\nQ2VydCBUTFMgSHlicmlkIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjIwMzE1MDAw\nMDAwWhcNMjMwMzE1MjM1OTU5WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs\naWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHVi\nLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAESrCTcYUh7GI/y3TARsjnANwnSjJLitVRgwgRI1JlxZ1kdZQQn5ltP3v7\nKTtYuDdUeEu3PRx3fpDdu2cjMlyA0aOCA44wggOKMB8GA1UdIwQYMBaAFAq8CCkX\njKU5bXoOzjPHLrPt+8N6MB0GA1UdDgQWBBR4qnLGcWloFLVZsZ6LbitAh0I7HjAl\nBgNVHREEHjAcggpnaXRodWIuY29tgg53d3cuZ2l0aHViLmNvbTAOBgNVHQ8BAf8E\nBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGbBgNVHR8EgZMw\ngZAwRqBEoEKGQGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5\nYnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5jcmwwRqBEoEKGQGh0dHA6Ly9jcmw0LmRp\nZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5YnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5j\ncmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3\ndy5kaWdpY2VydC5jb20vQ1BTMIGFBggrBgEFBQcBAQR5MHcwJAYIKwYBBQUHMAGG\nGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZDaHR0cDovL2Nh\nY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTSHlicmlkRUNDU0hBMzg0MjAy\nMENBMS0xLmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA\ndgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAX+Oi8SRAAAEAwBH\nMEUCIAR9cNnvYkZeKs9JElpeXwztYB2yLhtc8bB0rY2ke98nAiEAjiML8HZ7aeVE\nP/DkUltwIS4c73VVrG9JguoRrII7gWMAdwA1zxkbv7FsV78PrUxtQsu7ticgJlHq\nP+Eq76gDwzvWTAAAAX+Oi8R7AAAEAwBIMEYCIQDNckqvBhup7GpANMf0WPueytL8\nu/PBaIAObzNZeNMpOgIhAMjfEtE6AJ2fTjYCFh/BNVKk1mkTwBTavJlGmWomQyaB\nAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF/jovErAAABAMA\nRzBFAiEA9Uj5Ed/XjQpj/MxQRQjzG0UFQLmgWlc73nnt3CJ7vskCICqHfBKlDz7R\nEHdV5Vk8bLMBW1Q6S7Ga2SbFuoVXs6zFMAoGCCqGSM49BAMDA2gAMGUCMCiVhqft\n7L/stBmv1XqSRNfE/jG/AqKIbmjGTocNbuQ7kt1Cs7kRg+b3b3C9Ipu5FQIxAM7c\ntGKrYDGt0pH8iF6rzbp9Q4HQXMZXkNxg+brjWxnaOVGTDNwNH7048+s/hT9bUQ==\n-----END CERTIFICATE-----", ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "https.0.server_name", serverName), resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "https.0.cert_subtype", "ecdsa"), resource.TestCheckResourceAttrSet("argocd_repository_certificate.simple", "https.0.cert_info"), ), }, { Config: testAccArgoCDRepositoryCertificateHttps( serverName, // gitlab's "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQXCLSMilzZJR9TSABzbgKzzANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDQxMjAwMDAwMFoXDTIyMDUxMTIzNTk1OVowFTETMBEGA1UEAxMKZ2l0\nbGFiLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXnhcvOl289\n8oMglaax6bDz988oNMpXZCH6sI7Fzx9G/isEPObN6cyP+fjFa0dvwRmOHnepk2eo\nbzcECdgdBLCa7E29p7lLF0NFFTuIb52ew58fK/209XJ3amvjJ/m5rPP00uHrT+9v\nky2jkQUQszuC9R4vK+tfs2S5z9w6qh3hwIJecChzWKce8hRZdiO9S7ix/6ZNiAgw\nY2h8AiG0VruPOJ6PbNXOFUTsajK0EP8AzJfNDIjvWHjUOawR352m4eKxXvXm9knd\nB/w1gY90jmAQ9JIiyOm+QlmHwO+qQUpWYOxt5Xnb0Pp/RRHEtxDgjygQWajAwsxG\nobx6sCf6+qcCAwEAAaOCAtYwggLSMB8GA1UdIwQYMBaAFI2MXsRUrYrhd+mb+ZsF\n4bgBjWHhMB0GA1UdDgQWBBTFjbuGoOUrgk9Dhr35DblkBZCj1jAOBgNVHQ8BAf8E\nBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH\nAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICBzAlMCMGCCsGAQUFBwIBFhdodHRw\nczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwgYQGCCsGAQUFBwEBBHgwdjBP\nBggrBgEFBQcwAoZDaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBRG9t\nYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0\ncDovL29jc3Auc2VjdGlnby5jb20wggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBG\npVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXjDcW8TAAAEAwBHMEUC\nIQCxf+r8/dbHJDrh0YTAKSwdR8VUxAT6kHN5/HLuOvSsKgIgY2jAAf/tr59/f0JX\nKvHaN4qIv54gtj+KsNo7N0d4xcEAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47\nEsAgRFwqcwAAAXjDcW7VAAAEAwBHMEUCID0jtWvtpO1yypP7i7SeZZb3dQ6QdLlD\nlXpvWhjqrQfdAiEA0gp8tTUwOt2XN01OVTUrDgb4wV5VbFtx1SSYNFREQxwweQYD\nVR0RBHIwcIIKZ2l0bGFiLmNvbYIPYXV0aC5naXRsYWIuY29tghRjdXN0b21lcnMu\nZ2l0bGFiLmNvbYIaZW1haWwuY3VzdG9tZXJzLmdpdGxhYi5jb22CD2dwcmQuZ2l0\nbGFiLmNvbYIOd3d3LmdpdGxhYi5jb20wDQYJKoZIhvcNAQELBQADggEBAD7lgx6z\ncZI+uLtr7fYWOZDtPChNy7YjAXVtDbrQ61D1lESUIZwyDF9/xCDMqMSe+It2+j+t\nT0PHkbz6zbJdUMQhQxW0RLMZUthPg66YLqRJuvBU7VdWHxhqjfFb9UZvxOzTGgmN\nMuzmdThtlhRacNCTxGO/AJfcAt13RbKyR30UtqHb883qAH6isQvYFsQmijXcJXiT\ntRbcJ1Dm/dI+57BCTYLp2WfBdg0Axla5QsApQ+ER5GZoY1m6H3+OWpX77IdCgXF+\nHMtKCn08QLVBjhLr3IkeKgrYJTR1IDmzRwGUuUVvn1iO9+W10GV02SMngdN4nFp3\nwoE3CsYogf1SfQM=\n-----END CERTIFICATE-----", ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "https.0.server_name", serverName), resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "https.0.cert_subtype", "rsa"), resource.TestCheckResourceAttrSet("argocd_repository_certificate.simple", "https.0.cert_info"), ), }, }, }) } func TestAccArgoCDRepositoryCertificatesHttps_Crash(t *testing.T) { serverName := acctest.RandomWithPrefix("github") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificateHttps( serverName, // github's "-----BEGIN CERTIFICATE-----\nMIIFajCCBPCgAwIBAgIQBRiaVOvox+kD4KsNklVF3jAKBggqhkjOPQQDAzBWMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTAwLgYDVQQDEydEaWdp\nQ2VydCBUTFMgSHlicmlkIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjIwMzE1MDAw\nMDAwWhcNMjMwMzE1MjM1OTU5WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs\naWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHVi\nLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAESrCTcYUh7GI/y3TARsjnANwnSjJLitVRgwgRI1JlxZ1kdZQQn5ltP3v7\nKTtYuDdUeEu3PRx3fpDdu2cjMlyA0aOCA44wggOKMB8GA1UdIwQYMBaAFAq8CCkX\njKU5bXoOzjPHLrPt+8N6MB0GA1UdDgQWBBR4qnLGcWloFLVZsZ6LbitAh0I7HjAl\nBgNVHREEHjAcggpnaXRodWIuY29tgg53d3cuZ2l0aHViLmNvbTAOBgNVHQ8BAf8E\nBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGbBgNVHR8EgZMw\ngZAwRqBEoEKGQGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5\nYnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5jcmwwRqBEoEKGQGh0dHA6Ly9jcmw0LmRp\nZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5YnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5j\ncmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3\ndy5kaWdpY2VydC5jb20vQ1BTMIGFBggrBgEFBQcBAQR5MHcwJAYIKwYBBQUHMAGG\nGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZDaHR0cDovL2Nh\nY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTSHlicmlkRUNDU0hBMzg0MjAy\nMENBMS0xLmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA\ndgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAX+Oi8SRAAAEAwBH\nMEUCIAR9cNnvYkZeKs9JElpeXwztYB2yLhtc8bB0rY2ke98nAiEAjiML8HZ7aeVE\nP/DkUltwIS4c73VVrG9JguoRrII7gWMAdwA1zxkbv7FsV78PrUxtQsu7ticgJlHq\nP+Eq76gDwzvWTAAAAX+Oi8R7AAAEAwBIMEYCIQDNckqvBhup7GpANMf0WPueytL8\nu/PBaIAObzNZeNMpOgIhAMjfEtE6AJ2fTjYCFh/BNVKk1mkTwBTavJlGmWomQyaB\nAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF/jovErAAABAMA\nRzBFAiEA9Uj5Ed/XjQpj/MxQRQjzG0UFQLmgWlc73nnt3CJ7vskCICqHfBKlDz7R\nEHdV5Vk8bLMBW1Q6S7Ga2SbFuoVXs6zFMAoGCCqGSM49BAMDA2gAMGUCMCiVhqft\n7L/stBmv1XqSRNfE/jG/AqKIbmjGTocNbuQ7kt1Cs7kRg+b3b3C9Ipu5FQIxAM7c\ntGKrYDGt0pH8iF6rzbp9Q4HQXMZXkNxg+brjWxnaOVGTDNwNH7048+s/hT9bUQ==\n-----END CERTIFICATE-----", ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "https.0.server_name", serverName), resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "https.0.cert_subtype", "ecdsa"), resource.TestCheckResourceAttrSet("argocd_repository_certificate.simple", "https.0.cert_info"), ), }, { Config: testAccArgoCDRepositoryCertificateHttps( serverName, // gitlab's "-----BEGIN CERTIFICATE-----\nMIIGBzCCBO+gAwIBAgIQXCLSMilzZJR9TSABzbgKzzANBgkqhkiG9w0BAQsFADCB\njzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQD\nEy5TZWN0aWdvIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENB\nMB4XDTIxMDQxMjAwMDAwMFoXDTIyMDUxMTIzNTk1OVowFTETMBEGA1UEAxMKZ2l0\nbGFiLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANXnhcvOl289\n8oMglaax6bDz988oNMpXZCH6sI7Fzx9G/isEPObN6cyP+fjFa0dvwRmOHnepk2eo\nbzcECdgdBLCa7E29p7lLF0NFFTuIb52ew58fK/209XJ3amvjJ/m5rPP00uHrT+9v\nky2jkQUQszuC9R4vK+tfs2S5z9w6qh3hwIJecChzWKce8hRZdiO9S7ix/6ZNiAgw\nY2h8AiG0VruPOJ6PbNXOFUTsajK0EP8AzJfNDIjvWHjUOawR352m4eKxXvXm9knd\nB/w1gY90jmAQ9JIiyOm+QlmHwO+qQUpWYOxt5Xnb0Pp/RRHEtxDgjygQWajAwsxG\nobx6sCf6+qcCAwEAAaOCAtYwggLSMB8GA1UdIwQYMBaAFI2MXsRUrYrhd+mb+ZsF\n4bgBjWHhMB0GA1UdDgQWBBTFjbuGoOUrgk9Dhr35DblkBZCj1jAOBgNVHQ8BAf8E\nBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH\nAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICBzAlMCMGCCsGAQUFBwIBFhdodHRw\nczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwgYQGCCsGAQUFBwEBBHgwdjBP\nBggrBgEFBQcwAoZDaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBRG9t\nYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0\ncDovL29jc3Auc2VjdGlnby5jb20wggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgBG\npVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXjDcW8TAAAEAwBHMEUC\nIQCxf+r8/dbHJDrh0YTAKSwdR8VUxAT6kHN5/HLuOvSsKgIgY2jAAf/tr59/f0JX\nKvHaN4qIv54gtj+KsNo7N0d4xcEAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47\nEsAgRFwqcwAAAXjDcW7VAAAEAwBHMEUCID0jtWvtpO1yypP7i7SeZZb3dQ6QdLlD\nlXpvWhjqrQfdAiEA0gp8tTUwOt2XN01OVTUrDgb4wV5VbFtx1SSYNFREQxwweQYD\nVR0RBHIwcIIKZ2l0bGFiLmNvbYIPYXV0aC5naXRsYWIuY29tghRjdXN0b21lcnMu\nZ2l0bGFiLmNvbYIaZW1haWwuY3VzdG9tZXJzLmdpdGxhYi5jb22CD2dwcmQuZ2l0\nbGFiLmNvbYIOd3d3LmdpdGxhYi5jb20wDQYJKoZIhvcNAQELBQADggEBAD7lgx6z\ncZI+uLtr7fYWOZDtPChNy7YjAXVtDbrQ61D1lESUIZwyDF9/xCDMqMSe+It2+j+t\nT0PHkbz6zbJdUMQhQxW0RLMZUthPg66YLqRJuvBU7VdWHxhqjfFb9UZvxOzTGgmN\nMuzmdThtlhRacNCTxGO/AJfcAt13RbKyR30UtqHb883qAH6isQvYFsQmijXcJXiT\ntRbcJ1Dm/dI+57BCTYLp2WfBdg0Axla5QsApQ+ER5GZoY1m6H3+OWpX77IdCgXF+\nHMtKCn08QLVBjhLr3IkeKgrYJTR1IDmzRwGUuUVvn1iO9+W10GV02SMngdN4nFp3\nwoE3CsYogf1SfQM=\n-----END CERTIFICATE-----", ), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "https.0.server_name", serverName), resource.TestCheckResourceAttr("argocd_repository_certificate.simple", "https.0.cert_subtype", "rsa"), resource.TestCheckResourceAttrSet("argocd_repository_certificate.simple", "https.0.cert_info"), ), }, }, }) } func TestAccArgoCDRepositoryCertificatesSSH_Invalid(t *testing.T) { certSubType := acctest.RandomWithPrefix("cert") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificatesSSH( "", certSubType, "", ), // prior to Argo CD v3.1 this error message started with capitalized I ExpectError: regexp.MustCompile("(i|I)nvalid hostname in request"), }, { Config: testAccArgoCDRepositoryCertificatesSSH( "dummy_server", certSubType, "", ), ExpectError: regexp.MustCompile("invalid entry in known_hosts data"), }, }, }) } func TestAccArgoCDRepositoryCertificates_Empty(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificates_Empty(), ExpectError: regexp.MustCompile("one of `https,ssh` must be specified"), }, }, }) } func TestAccArgoCDRepositoryCertificatesSSH_Allow_Random_Subtype(t *testing.T) { certSubType := acctest.RandomWithPrefix("cert") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificatesSSH( "dummy_server", certSubType, "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=", ), }, }, }) } func TestAccArgoCDRepositoryCertificatesSSH_WithApplication(t *testing.T) { // Skip if we're not in an acceptance test environment if os.Getenv("TF_ACC") == "" { t.Skip("Acceptance tests skipped unless env 'TF_ACC' set") } appName := acctest.RandomWithPrefix("testacc") subtypesKeys, err := getSshKeysForHost(t.Context(), "private-git-repository") require.NoError(t, err) require.NotEmpty(t, subtypesKeys, "ssh-keyscan should return at least one key") resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificateCredentialsApplicationWithSSH(appName, subtypesKeys), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet( "argocd_application.simple", "metadata.0.uid", ), resource.TestCheckResourceAttr( "argocd_repository.private", "connection_state_status", "Successful", )), }, }, }) } func TestAccArgoCDRepositoryCertificatesSSH_CannotUpdateExisting(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificatesSSH( "github.com", "ssh-rsa", // github's "AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==", ), ExpectError: regexp.MustCompile("already (exist|exists,) and upsert was not specified"), }, }, }) } func TestAccArgoCDRepositoryCertificatesSSH_CannotUpdateExisting_MultipleAtOnce(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificateSSH_Duplicated( "github.com", "ssh-rsaaa", // github's "AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==", ), ExpectError: regexp.MustCompile("already (exist|exists,) and upsert was not specified"), }, }, }) } func TestAccArgoCDRepositoryCertificatesHttps_CannotUpdateExisting_MultipleAtOnce(t *testing.T) { host := "github.com" resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCertificateHttps_Duplicated( host, // github's "-----BEGIN CERTIFICATE-----\nMIIFajCCBPCgAwIBAgIQBRiaVOvox+kD4KsNklVF3jAKBggqhkjOPQQDAzBWMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTAwLgYDVQQDEydEaWdp\nQ2VydCBUTFMgSHlicmlkIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjIwMzE1MDAw\nMDAwWhcNMjMwMzE1MjM1OTU5WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs\naWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHVi\nLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAESrCTcYUh7GI/y3TARsjnANwnSjJLitVRgwgRI1JlxZ1kdZQQn5ltP3v7\nKTtYuDdUeEu3PRx3fpDdu2cjMlyA0aOCA44wggOKMB8GA1UdIwQYMBaAFAq8CCkX\njKU5bXoOzjPHLrPt+8N6MB0GA1UdDgQWBBR4qnLGcWloFLVZsZ6LbitAh0I7HjAl\nBgNVHREEHjAcggpnaXRodWIuY29tgg53d3cuZ2l0aHViLmNvbTAOBgNVHQ8BAf8E\nBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGbBgNVHR8EgZMw\ngZAwRqBEoEKGQGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5\nYnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5jcmwwRqBEoEKGQGh0dHA6Ly9jcmw0LmRp\nZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5YnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5j\ncmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3\ndy5kaWdpY2VydC5jb20vQ1BTMIGFBggrBgEFBQcBAQR5MHcwJAYIKwYBBQUHMAGG\nGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZDaHR0cDovL2Nh\nY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTSHlicmlkRUNDU0hBMzg0MjAy\nMENBMS0xLmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA\ndgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAX+Oi8SRAAAEAwBH\nMEUCIAR9cNnvYkZeKs9JElpeXwztYB2yLhtc8bB0rY2ke98nAiEAjiML8HZ7aeVE\nP/DkUltwIS4c73VVrG9JguoRrII7gWMAdwA1zxkbv7FsV78PrUxtQsu7ticgJlHq\nP+Eq76gDwzvWTAAAAX+Oi8R7AAAEAwBIMEYCIQDNckqvBhup7GpANMf0WPueytL8\nu/PBaIAObzNZeNMpOgIhAMjfEtE6AJ2fTjYCFh/BNVKk1mkTwBTavJlGmWomQyaB\nAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF/jovErAAABAMA\nRzBFAiEA9Uj5Ed/XjQpj/MxQRQjzG0UFQLmgWlc73nnt3CJ7vskCICqHfBKlDz7R\nEHdV5Vk8bLMBW1Q6S7Ga2SbFuoVXs6zFMAoGCCqGSM49BAMDA2gAMGUCMCiVhqft\n7L/stBmv1XqSRNfE/jG/AqKIbmjGTocNbuQ7kt1Cs7kRg+b3b3C9Ipu5FQIxAM7c\ntGKrYDGt0pH8iF6rzbp9Q4HQXMZXkNxg+brjWxnaOVGTDNwNH7048+s/hT9bUQ==\n-----END CERTIFICATE-----", ), ExpectError: regexp.MustCompile(fmt.Sprintf("https certificate for '%s' already exist.", host)), }, }, }) } func testAccArgoCDRepositoryCertificates_Empty() string { return ` resource "argocd_repository_certificate" "simple" { } ` } func testAccArgoCDRepositoryCertificatesSSH(serverName, cert_subtype, cert_data string) string { return fmt.Sprintf(` resource "argocd_repository_certificate" "simple" { ssh { server_name = "%s" cert_subtype = "%s" cert_data = <[^\s]+) (?P.+)$`) matches := re.FindAllStringSubmatch(string(output), 3) subTypesKeys := make([]string, 0) for _, match := range matches { subTypesKeys = append(subTypesKeys, match[1]) subTypesKeys = append(subTypesKeys, match[2]) } return subTypesKeys, nil } // TestAccArgoCDRepositoryCertificate_SSHConsistency tests consistency of SSH certificate fields func TestAccArgoCDRepositoryCertificate_SSHConsistency(t *testing.T) { serverName := acctest.RandomWithPrefix("ssh-test") config := testAccArgoCDRepositoryCertificatesSSH( serverName, "ssh-rsa", "AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==", ) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_repository_certificate.simple", "ssh.0.server_name", serverName, ), resource.TestCheckResourceAttr( "argocd_repository_certificate.simple", "ssh.0.cert_subtype", "ssh-rsa", ), resource.TestCheckResourceAttrSet( "argocd_repository_certificate.simple", "ssh.0.cert_info", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_repository_certificate.simple", "ssh.0.server_name", serverName, ), resource.TestCheckResourceAttr( "argocd_repository_certificate.simple", "ssh.0.cert_subtype", "ssh-rsa", ), resource.TestCheckResourceAttrSet( "argocd_repository_certificate.simple", "ssh.0.cert_info", ), ), }, }, }) } // TestAccArgoCDRepositoryCertificate_HTTPSConsistency tests consistency of HTTPS certificate fields func TestAccArgoCDRepositoryCertificate_HTTPSConsistency(t *testing.T) { serverName := acctest.RandomWithPrefix("https-test") certData := "-----BEGIN CERTIFICATE-----\nMIIFajCCBPCgAwIBAgIQBRiaVOvox+kD4KsNklVF3jAKBggqhkjOPQQDAzBWMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTAwLgYDVQQDEydEaWdp\nQ2VydCBUTFMgSHlicmlkIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjIwMzE1MDAw\nMDAwWhcNMjMwMzE1MjM1OTU5WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs\naWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMR2l0SHVi\nLCBJbmMuMRMwEQYDVQQDEwpnaXRodWIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAESrCTcYUh7GI/y3TARsjnANwnSjJLitVRgwgRI1JlxZ1kdZQQn5ltP3v7\nKTtYuDdUeEu3PRx3fpDdu2cjMlyA0aOCA44wggOKMB8GA1UdIwQYMBaAFAq8CCkX\njKU5bXoOzjPHLrPt+8N6MB0GA1UdDgQWBBR4qnLGcWloFLVZsZ6LbitAh0I7HjAl\nBgNVHREEHjAcggpnaXRodWIuY29tgg53d3cuZ2l0aHViLmNvbTAOBgNVHQ8BAf8E\nBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGbBgNVHR8EgZMw\ngZAwRqBEoEKGQGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5\nYnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5jcmwwRqBEoEKGQGh0dHA6Ly9jcmw0LmRp\nZ2ljZXJ0LmNvbS9EaWdpQ2VydFRMU0h5YnJpZEVDQ1NIQTM4NDIwMjBDQTEtMS5j\ncmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3\ndy5kaWdpY2VydC5jb20vQ1BTMIGFBggrBgEFBQcBAQR5MHcwJAYIKwYBBQUHMAGG\nGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZDaHR0cDovL2Nh\nY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTSHlicmlkRUNDU0hBMzg0MjAy\nMENBMS0xLmNydDAJBgNVHRMEAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA\ndgCt9776fP8QyIudPZwePhhqtGcpXc+xDCTKhYY069yCigAAAX+Oi8SRAAAEAwBH\nMEUCIAR9cNnvYkZeKs9JElpeXwztYB2yLhtc8bB0rY2ke98nAiEAjiML8HZ7aeVE\nP/DkUltwIS4c73VVrG9JguoRrII7gWMAdwA1zxkbv7FsV78PrUxtQsu7ticgJlHq\nP+Eq76gDwzvWTAAAAX+Oi8R7AAAEAwBIMEYCIQDNckqvBhup7GpANMf0WPueytL8\nu/PBaIAObzNZeNMpOgIhAMjfEtE6AJ2fTjYCFh/BNVKk1mkTwBTavJlGmWomQyaB\nAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF/jovErAAABAMA\nRzBFAiEA9Uj5Ed/XjQpj/MxQRQjzG0UFQLmgWlc73nnt3CJ7vskCICqHfBKlDz7R\nEHdV5Vk8bLMBW1Q6S7Ga2SbFuoVXs6zFMAoGCCqGSM49BAMDA2gAMGUCMCiVhqft\n7L/stBmv1XqSRNfE/jG/AqKIbmjGTocNbuQ7kt1Cs7kRg+b3b3C9Ipu5FQIxAM7c\ntGKrYDGt0pH8iF6rzbp9Q4HQXMZXkNxg+brjWxnaOVGTDNwNH7048+s/hT9bUQ==\n-----END CERTIFICATE-----" config := testAccArgoCDRepositoryCertificateHttps(serverName, certData) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_repository_certificate.simple", "https.0.server_name", serverName, ), resource.TestCheckResourceAttrWith( "argocd_repository_certificate.simple", "https.0.cert_data", func(value string) error { // Not yet sure why the impl is suffixing with newline. Adding a newline only makes the test fail, // since it'll add yet another newline. require.Contains(t, value, certData) return nil }, ), resource.TestCheckResourceAttr( "argocd_repository_certificate.simple", "https.0.cert_subtype", "ecdsa", ), resource.TestCheckResourceAttrSet( "argocd_repository_certificate.simple", "https.0.cert_info", ), ), }, { // Apply the same configuration again to test for consistency Config: config, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_repository_certificate.simple", "https.0.server_name", serverName, ), resource.TestCheckResourceAttrWith( "argocd_repository_certificate.simple", "https.0.cert_data", func(value string) error { // Not yet sure why the impl is suffixing with newline. Adding a newline only makes the test fail, // since it'll add yet another newline. require.Contains(t, value, certData) return nil }, ), resource.TestCheckResourceAttr( "argocd_repository_certificate.simple", "https.0.cert_subtype", "ecdsa", ), resource.TestCheckResourceAttrSet( "argocd_repository_certificate.simple", "https.0.cert_info", ), ), }, }, }) } ================================================ FILE: internal/provider/resource_repository_credentials.go ================================================ package provider import ( "context" "fmt" "strconv" "strings" "github.com/argoproj-labs/terraform-provider-argocd/internal/diagnostics" "github.com/argoproj-labs/terraform-provider-argocd/internal/sync" "github.com/argoproj/argo-cd/v3/pkg/apiclient/repocreds" "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" ) // Ensure provider defined types fully satisfy framework interfaces. var _ resource.Resource = &repositoryCredentialsResource{} var _ resource.ResourceWithImportState = &repositoryCredentialsResource{} func NewRepositoryCredentialsResource() resource.Resource { return &repositoryCredentialsResource{} } // repositoryCredentialsResource defines the resource implementation. type repositoryCredentialsResource struct { si *ServerInterface } func (r *repositoryCredentialsResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_repository_credentials" } func (r *repositoryCredentialsResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Manages [repository credentials](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#credentials) within ArgoCD.\n\n" + "**Note**: due to restrictions in the ArgoCD API the provider is unable to track drift in this resource to fields other than `username`. I.e. the " + "provider is unable to detect changes to repository credentials that are made outside of Terraform (e.g. manual updates to the underlying Kubernetes " + "Secrets).", Attributes: repositoryCredentialsSchemaAttributes(), } } func (r *repositoryCredentialsResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { // Prevent panic if the provider has not been configured. if req.ProviderData == nil { return } si, ok := req.ProviderData.(*ServerInterface) if !ok { resp.Diagnostics.AddError( "Unexpected Provider Data Type", fmt.Sprintf("Expected *ServerInterface, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } r.si = si } func (r *repositoryCredentialsResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var data repositoryCredentialsModel // Read Terraform configuration data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Convert to API model creds, err := data.toAPIModel() if err != nil { resp.Diagnostics.AddError("Failed to convert repository credentials model", err.Error()) return } // Create repository credentials sync.RepositoryCredentialsMutex.Lock() createdCreds, err := r.si.RepoCredsClient.CreateRepositoryCredentials( ctx, &repocreds.RepoCredsCreateRequest{ Creds: creds, Upsert: false, }, ) sync.RepositoryCredentialsMutex.Unlock() if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("create", "repository credentials", creds.URL, err)...) return } // Set the ID from the created credentials data.ID = types.StringValue(createdCreds.URL) // Update the model with the created credentials data result := data // Start with the original data to preserve all fields result.ID = types.StringValue(createdCreds.URL) result.URL = types.StringValue(createdCreds.URL) // Handle Type - preserve planned value if API doesn't return it // ArgoCD API doesn't reliably return type field, so we trust the planned value if createdCreds.Type != "" { result.Type = types.StringValue(createdCreds.Type) } else if result.Type.IsUnknown() || result.Type.IsNull() { result.Type = types.StringValue("git") } // Otherwise keep the planned value (API accepted it without error) // Only update fields that are returned by the API if createdCreds.Username != "" { result.Username = types.StringValue(createdCreds.Username) } // Handle EnableOCI - preserve planned value if API doesn't return it // ArgoCD API doesn't reliably return enableOCI field, so we trust the planned value // Only overwrite if API explicitly returns true if createdCreds.EnableOCI { result.EnableOCI = types.BoolValue(true) } // Otherwise keep the planned value (API accepted it without error) if createdCreds.UseAzureWorkloadIdentity { result.UseAzureWorkloadIdentity = types.BoolValue(true) } // Update computed fields if available if createdCreds.TLSClientCertData != "" { result.TLSClientCertData = types.StringValue(createdCreds.TLSClientCertData) } if createdCreds.GitHubAppEnterpriseBaseURL != "" { result.GitHubAppEnterpriseBaseURL = types.StringValue(createdCreds.GitHubAppEnterpriseBaseURL) } // GitHub App ID conversion if createdCreds.GithubAppId > 0 { result.GitHubAppID = types.StringValue(strconv.FormatInt(createdCreds.GithubAppId, 10)) } // GitHub App Installation ID conversion if createdCreds.GithubAppInstallationId > 0 { result.GitHubAppInstallationID = types.StringValue(strconv.FormatInt(createdCreds.GithubAppInstallationId, 10)) } // Save data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, result)...) tflog.Trace(ctx, fmt.Sprintf("created repository credentials %s", result.ID.ValueString())) } func (r *repositoryCredentialsResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var data repositoryCredentialsModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Read repository credentials from API creds, diags := r.readRepositoryCredentials(ctx, data.ID.ValueString()) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } // If credentials were not found, remove from state if creds == nil { resp.State.RemoveResource(ctx) return } // Update the model with the read credentials data result := data // Start with the original data to preserve all fields result.ID = types.StringValue(creds.URL) result.URL = types.StringValue(creds.URL) // Handle Type - preserve prior state value if API doesn't return it // ArgoCD API doesn't reliably return type field, so we trust the prior state value if creds.Type != "" { result.Type = types.StringValue(creds.Type) } else if result.Type.IsUnknown() || result.Type.IsNull() { result.Type = types.StringValue("git") } // Otherwise keep the existing value (API accepted it without error) // Only update fields that are returned by the API if creds.Username != "" { result.Username = types.StringValue(creds.Username) } // Handle EnableOCI - preserve prior state value if API doesn't return it // ArgoCD API doesn't reliably return enableOCI field, so we trust the prior state value // Only overwrite if API explicitly returns true if creds.EnableOCI { result.EnableOCI = types.BoolValue(true) } else if result.EnableOCI.IsNull() || result.EnableOCI.IsUnknown() { // For import or initial read, set to default value if API returns false result.EnableOCI = types.BoolValue(false) } // Otherwise keep the prior state value (API accepted it without error) if creds.UseAzureWorkloadIdentity { result.UseAzureWorkloadIdentity = types.BoolValue(true) } else if result.UseAzureWorkloadIdentity.IsNull() || result.UseAzureWorkloadIdentity.IsUnknown() { // For import or initial read, set to default value if API returns false result.UseAzureWorkloadIdentity = types.BoolValue(false) } // Update computed fields if available if creds.TLSClientCertData != "" { result.TLSClientCertData = types.StringValue(creds.TLSClientCertData) } if creds.GitHubAppEnterpriseBaseURL != "" { result.GitHubAppEnterpriseBaseURL = types.StringValue(creds.GitHubAppEnterpriseBaseURL) } // GitHub App ID conversion if creds.GithubAppId > 0 { result.GitHubAppID = types.StringValue(strconv.FormatInt(creds.GithubAppId, 10)) } // GitHub App Installation ID conversion if creds.GithubAppInstallationId > 0 { result.GitHubAppInstallationID = types.StringValue(strconv.FormatInt(creds.GithubAppInstallationId, 10)) } // Save updated data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, result)...) } func (r *repositoryCredentialsResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var data repositoryCredentialsModel // Read Terraform plan data into the model resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Convert to API model creds, err := data.toAPIModel() if err != nil { resp.Diagnostics.AddError("Failed to convert repository credentials model", err.Error()) return } // Update repository credentials sync.RepositoryCredentialsMutex.Lock() updatedCreds, err := r.si.RepoCredsClient.UpdateRepositoryCredentials( ctx, &repocreds.RepoCredsUpdateRequest{Creds: creds}, ) sync.RepositoryCredentialsMutex.Unlock() if err != nil { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("update", "repository credentials", creds.URL, err)...) return } // Set the ID from the updated credentials data.ID = types.StringValue(updatedCreds.URL) // Update the model with the updated credentials data result := data // Start with the original data to preserve all fields result.ID = types.StringValue(updatedCreds.URL) result.URL = types.StringValue(updatedCreds.URL) // Handle Type - preserve planned value if API doesn't return it // ArgoCD API doesn't reliably return type field, so we trust the planned value if updatedCreds.Type != "" { result.Type = types.StringValue(updatedCreds.Type) } else if result.Type.IsUnknown() || result.Type.IsNull() { result.Type = types.StringValue("git") } // Otherwise keep the planned value (API accepted it without error) // Only update fields that are returned by the API if updatedCreds.Username != "" { result.Username = types.StringValue(updatedCreds.Username) } // Handle EnableOCI - preserve planned value if API doesn't return it // ArgoCD API doesn't reliably return enableOCI field, so we trust the planned value // Only overwrite if API explicitly returns true if updatedCreds.EnableOCI { result.EnableOCI = types.BoolValue(true) } // Otherwise keep the planned value (API accepted it without error) if updatedCreds.UseAzureWorkloadIdentity { result.UseAzureWorkloadIdentity = types.BoolValue(true) } // Update computed fields if available if updatedCreds.TLSClientCertData != "" { result.TLSClientCertData = types.StringValue(updatedCreds.TLSClientCertData) } if updatedCreds.GitHubAppEnterpriseBaseURL != "" { result.GitHubAppEnterpriseBaseURL = types.StringValue(updatedCreds.GitHubAppEnterpriseBaseURL) } // GitHub App ID conversion if updatedCreds.GithubAppId > 0 { result.GitHubAppID = types.StringValue(strconv.FormatInt(updatedCreds.GithubAppId, 10)) } // GitHub App Installation ID conversion if updatedCreds.GithubAppInstallationId > 0 { result.GitHubAppInstallationID = types.StringValue(strconv.FormatInt(updatedCreds.GithubAppInstallationId, 10)) } // Save updated data into Terraform state resp.Diagnostics.Append(resp.State.Set(ctx, result)...) tflog.Trace(ctx, fmt.Sprintf("updated repository credentials %s", result.ID.ValueString())) } func (r *repositoryCredentialsResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var data repositoryCredentialsModel // Read Terraform prior state data into the model resp.Diagnostics.Append(req.State.Get(ctx, &data)...) // Initialize API clients resp.Diagnostics.Append(r.si.InitClients(ctx)...) // Check for errors before proceeding if resp.Diagnostics.HasError() { return } // Delete repository credentials sync.RepositoryCredentialsMutex.Lock() _, err := r.si.RepoCredsClient.DeleteRepositoryCredentials( ctx, &repocreds.RepoCredsDeleteRequest{Url: data.ID.ValueString()}, ) sync.RepositoryCredentialsMutex.Unlock() if err != nil { if !strings.Contains(err.Error(), "NotFound") { resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("delete", "repository credentials", data.ID.ValueString(), err)...) return } } tflog.Trace(ctx, fmt.Sprintf("deleted repository credentials %s", data.ID.ValueString())) } func (r *repositoryCredentialsResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) } func (r *repositoryCredentialsResource) readRepositoryCredentials(ctx context.Context, url string) (*v1alpha1.RepoCreds, diag.Diagnostics) { var diags diag.Diagnostics sync.RepositoryCredentialsMutex.RLock() defer sync.RepositoryCredentialsMutex.RUnlock() credsList, err := r.si.RepoCredsClient.ListRepositoryCredentials(ctx, &repocreds.RepoCredsQuery{ Url: url, }) if err != nil { diags.Append(diagnostics.ArgoCDAPIError("read", "repository credentials", url, err)...) return nil, diags } if credsList == nil || len(credsList.Items) == 0 { // Repository credentials have been deleted out-of-band return nil, diags } // Find the specific credentials by URL for _, creds := range credsList.Items { if creds.URL == url { return &creds, diags } } // Credentials not found return nil, diags } ================================================ FILE: internal/provider/resource_repository_credentials_test.go ================================================ package provider import ( "crypto/rand" "crypto/rsa" "crypto/x509" "encoding/pem" "fmt" "regexp" "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/stretchr/testify/assert" ) func TestAccArgoCDRepositoryCredentials(t *testing.T) { sshPrivateKey, err := generateSSHPrivateKey() assert.NoError(t, err) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCredentialsSimple( "https://github.com/argoproj-labs/terraform-provider-argocd", ), }, { Config: testAccArgoCDRepositoryCredentialsSSH( "https://private-git-repository.argocd.svc.cluster.local/project-1.git", "git", sshPrivateKey, ), Check: resource.TestCheckResourceAttr( "argocd_repository_credentials.simple", "username", "git", ), }, { ResourceName: "argocd_repository_credentials.simple", ImportState: true, ImportStateVerify: true, ImportStateVerifyIgnore: []string{"ssh_private_key"}, }, }, }) // Run coexistence test separately with multiplexed provider resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCredentialsRepositoryCoexistence(), Check: testCheckMultipleResourceAttr( "argocd_repository.private", "connection_state_status", "Successful", 10, ), }, }, }) } func TestAccArgoCDRepositoryCredentials_UseAzureWorkloadIdentity(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCredentialsUseAzureWorkloadIdentity("https://github.com/argoproj-labs/terraform-provider-argocd"), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("argocd_repository_credentials.azurewi", "use_azure_workload_identity", "true"), ), }, { Config: testAccArgoCDRepositoryCredentialsUseAzureWorkloadIdentity("https://github.com/argoproj-labs/terraform-provider-argocd"), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("argocd_repository_credentials.azurewi", "use_azure_workload_identity", "true"), ), }, }, }) } func testAccArgoCDRepositoryCredentialsUseAzureWorkloadIdentity(repoUrl string) string { return fmt.Sprintf(` resource "argocd_repository_credentials" "azurewi" { url = "%s" use_azure_workload_identity = true } `, repoUrl) } func TestAccArgoCDRepositoryCredentials_GitHubApp(t *testing.T) { sshPrivateKey, err := generateSSHPrivateKey() assert.NoError(t, err) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ { Config: testAccArgoCDRepositoryCredentialsGitHubApp( "https://private-git-repository.argocd.svc.cluster.local/project-1.git", "123456", "987654321", "https://ghe.example.com/api/v3", sshPrivateKey, ), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr( "argocd_repository_credentials.githubapp", "githubapp_id", "123456", ), resource.TestCheckResourceAttr( "argocd_repository_credentials.githubapp", "githubapp_installation_id", "987654321", ), resource.TestCheckResourceAttr( "argocd_repository_credentials.githubapp", "githubapp_enterprise_base_url", "https://ghe.example.com/api/v3", ), ), }, }, }) } func testAccArgoCDRepositoryCredentialsSimple(repoUrl string) string { return fmt.Sprintf(` resource "argocd_repository_credentials" "simple" { url = "%s" } `, repoUrl) } func testAccArgoCDRepositoryCredentialsSSH(repoUrl, username, sshPrivateKey string) string { return fmt.Sprintf(` resource "argocd_repository_credentials" "simple" { url = "%s" username = "%s" ssh_private_key = <= 1) switch semverOperator { case semverEquals: case semverGreater: inc := v.IncMajor() v = &inc assert.NoError(t, err) case semverLess: v, err = semver.NewVersion( fmt.Sprintf("%d.%d.%d", v.Major()-1, v.Minor(), v.Patch(), )) assert.NoError(t, err) default: t.Error("unsupported semver test semverOperator") } vm := &version.VersionMessage{ Version: v.String(), } return &ServerInterface{ ServerVersion: v, ServerVersionMessage: vm, } } func TestServerInterface_isFeatureSupported(t *testing.T) { t.Parallel() type args struct { feature features.Feature } tests := []struct { name string si *ServerInterface args args want bool }{ { name: "featureExecLogsPolicy-2.7.2", si: serverInterfaceTestData(t, "2.7.2", semverEquals), args: args{feature: features.ExecLogsPolicy}, want: true, }, { name: "featureExecLogsPolicy-2.7.2+", si: serverInterfaceTestData(t, "2.7.2", semverGreater), args: args{feature: features.ExecLogsPolicy}, want: true, }, { name: "featureExecLogsPolicy-2.7.2-", si: serverInterfaceTestData(t, "2.7.2", semverLess), args: args{feature: features.ExecLogsPolicy}, want: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { t.Parallel() got := tt.si.IsFeatureSupported(tt.args.feature) if got != tt.want { t.Errorf("isFeatureSupported() got = %v, want %v, version %s", got, tt.want, tt.si.ServerVersion.String(), ) } }) } } ================================================ FILE: internal/sync/mutex.go ================================================ package sync import "sync" // GPGKeysMutex is used to handle concurrent access to ArgoCD GPG keys which are // stored in the `argocd-gpg-keys-cm` ConfigMap resource var GPGKeysMutex = &sync.RWMutex{} // RepositoryMutex is used to handle concurrent access to ArgoCD repositories var RepositoryMutex = &sync.RWMutex{} // CertificateMutex is used to handle concurrent access to ArgoCD repository certificates var CertificateMutex = &sync.RWMutex{} // RepositoryCredentialsMutex is used to handle concurrent access to ArgoCD repository credentials var RepositoryCredentialsMutex = &sync.RWMutex{} // tokenMutexProjectMap is used to handle concurrent access to ArgoCD project tokens per project var tokenMutexProjectMap = make(map[string]*sync.RWMutex) // tokenMutexProjectMapMutex protects access to TokenMutexProjectMap itself var tokenMutexProjectMapMutex = &sync.Mutex{} // GetProjectMutex safely gets or creates a mutex for a project func GetProjectMutex(projectName string) *sync.RWMutex { tokenMutexProjectMapMutex.Lock() defer tokenMutexProjectMapMutex.Unlock() if mutex, exists := tokenMutexProjectMap[projectName]; exists { return mutex } tokenMutexProjectMap[projectName] = &sync.RWMutex{} return tokenMutexProjectMap[projectName] } ================================================ FILE: internal/testhelpers/suite.go ================================================ package testhelpers import ( "context" "fmt" "os" "sync" "testing" "time" ) var ( GlobalTestEnv *K3sTestEnvironment testEnvOnce sync.Once ) // TestMain is a helper function to be used in test files' TestMain functions func TestMain(m *testing.M) { envDefaultValue("ARGOCD_AUTH_USERNAME", "admin") envDefaultValue("ARGOCD_AUTH_PASSWORD", "acceptancetesting") envDefaultValue("ARGOCD_SERVER", "127.0.0.1:8080") envDefaultValue("ARGOCD_INSECURE", "true") envDefaultValue("USE_TESTCONTAINERS", "true") envDefaultValue("K3S_VERSION", "v1.34.3-k3s3") envDefaultValue("ARGOCD_VERSION", "v3.3.0") if os.Getenv("USE_TESTCONTAINERS") == "true" { os.Exit(runTestSuite(m)) } else { os.Exit(m.Run()) } } func envDefaultValue(envvar, defaultValue string) { if v := os.Getenv(envvar); v == "" { fmt.Printf("environment variable %s not set; using %s as default value\n", envvar, defaultValue) _ = os.Setenv(envvar, defaultValue) } } const ( // DefaultTestTimeout is the default timeout for test setup DefaultTestTimeout = 15 * time.Minute ) func runTestSuite(m *testing.M) int { ctx, cancel := context.WithTimeout(context.Background(), DefaultTestTimeout) defer cancel() // Setup the test environment once var setupErr error testEnvOnce.Do(func() { argoCDVersion := os.Getenv("ARGOCD_VERSION") k3sVersion := os.Getenv("K3S_VERSION") GlobalTestEnv, setupErr = SetupK3sWithArgoCD(ctx, argoCDVersion, k3sVersion) if setupErr != nil { return } // Set environment variables for tests; currently only ARGOCD_SERVER is used (since we're port-forwarding the k8s // service) but can be extended with more env vars if needed envVars := GlobalTestEnv.GetEnvironmentVariables() for key, value := range envVars { os.Setenv(key, value) } }) if setupErr != nil { panic("Failed to setup test environment: " + setupErr.Error()) } // Run tests code := m.Run() // Cleanup if GlobalTestEnv != nil { GlobalTestEnv.Cleanup(ctx) } return code } ================================================ FILE: internal/testhelpers/testcontainers.go ================================================ package testhelpers import ( "context" "errors" "fmt" "io" "log" "os" "os/exec" "path/filepath" "strings" "github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go/modules/k3s" "github.com/testcontainers/testcontainers-go/wait" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" ) const ( // DefaultFileMode represents standard file permissions (0o644) DefaultFileMode = 0o644 ) // K3sTestEnvironment represents a test environment with K3s and ArgoCD type K3sTestEnvironment struct { K3sContainer *k3s.K3sContainer ArgoCDURL string RESTConfig *rest.Config } // SetupK3sWithArgoCD sets up a K3s cluster with ArgoCD using testcontainers func SetupK3sWithArgoCD(ctx context.Context, argoCDVersion, k3sVersion string) (*K3sTestEnvironment, error) { log.Println("Setting up K3s test environment...") k3sContainer, err := k3s.Run(ctx, fmt.Sprintf("rancher/k3s:%s", k3sVersion), testcontainers.WithWaitStrategy(wait.ForLog("k3s is up and running")), testcontainers.WithExposedPorts("30124/tcp", "30123/tcp"), ) if err != nil { return nil, fmt.Errorf("failed to start K3s container: %w", err) } config, err := k3sContainer.GetKubeConfig(ctx) if err != nil { return nil, fmt.Errorf("failed to get kubeconfig: %w", err) } restConfig, err := clientcmd.RESTConfigFromKubeConfig(config) if err != nil { return nil, fmt.Errorf("failed to get rest config: %w", err) } env := &K3sTestEnvironment{K3sContainer: k3sContainer, RESTConfig: restConfig} // Pull and preload Argo CD image in k3s to reduce waiting time during the `waitForArgoCD` step. argoCDImage := fmt.Sprintf("quay.io/argoproj/argocd:%s", argoCDVersion) log.Printf("Pre-pulling Argo CD image %s...\n", argoCDImage) // First, pull the image to ensure it exists locally _, err = testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{ ContainerRequest: testcontainers.ContainerRequest{Image: argoCDImage}, Started: false, // Don't start the container, just pull the image }) if err != nil { return nil, fmt.Errorf("failed to pull Argo CD image: %w", err) } // Now load the image into k3s err = k3sContainer.LoadImages(ctx, argoCDImage) if err != nil { return nil, fmt.Errorf("failed to preload Argo CD image: %w", err) } if err := env.installArgoCD(ctx, argoCDVersion); err != nil { env.Cleanup(ctx) return nil, fmt.Errorf("failed to install ArgoCD: %w", err) } log.Println("Waiting for ArgoCD to be ready...") if err := env.waitForArgoCD(ctx); err != nil { env.Cleanup(ctx) return nil, fmt.Errorf("failed to wait for ArgoCD: %w", err) } log.Println("ArgoCD ready!") return env, nil } // installArgoCD installs ArgoCD in the K3s cluster using kustomize func (env *K3sTestEnvironment) installArgoCD(ctx context.Context, version string) error { rootDir, err := env.projectRoot() if err != nil { return fmt.Errorf("failed to find project root: %w", err) } kustomizeDir := filepath.Join(rootDir, "manifests", "overlays", version) log.Printf("Running 'kustomize build %s'\n", kustomizeDir) kustomizedManifests, err := env.runKustomizeBuild(kustomizeDir) if err != nil { return fmt.Errorf("failed to run kustomize build for version %s: %w", version, err) } log.Println("Applying manifests...") if err = env.applyManifestsToContainer(ctx, kustomizedManifests, "/tmp/argocd-kustomized.yaml"); err != nil { return fmt.Errorf("failed to copy kustomized manifests to container: %w", err) } testDataDir := filepath.Join(rootDir, "manifests/testdata") if _, err = os.Stat(testDataDir); os.IsNotExist(err) { return nil // No test data to install } if err = env.K3sContainer.CopyFileToContainer(ctx, testDataDir, "/tmp/testdata", DefaultFileMode); err != nil { return fmt.Errorf("failed to copy testdata to container: %w", err) } if _, err = env.ExecInK3s(ctx, "kubectl", "apply", "-f", "/tmp/testdata"); err != nil { return err } return nil } func (env *K3sTestEnvironment) applyManifestsToContainer(ctx context.Context, manifests []byte, containerFilePath string) error { // Copy manifests to container if err := env.K3sContainer.CopyToContainer(ctx, manifests, containerFilePath, DefaultFileMode); err != nil { return fmt.Errorf("failed to copy kustomized manifests to container: %w", err) } // Apply manifests if _, err := env.ExecInK3s(ctx, "kubectl", "apply", "-f", containerFilePath, "--server-side", "--force-conflicts"); err != nil { return err } return nil } // projectRoot gets the project root directory by checking `go env GOMOD` func (env *K3sTestEnvironment) projectRoot() (string, error) { cmd := exec.Command("go", "env", "GOMOD") output, err := cmd.Output() if err != nil { return "", fmt.Errorf("failed to find project root: %w", err) } return filepath.Dir(string(output)), nil } // runKustomizeBuild runs kustomize build on the temporary directory func (env *K3sTestEnvironment) runKustomizeBuild(dir string) ([]byte, error) { cmd := exec.Command("kustomize", "build", dir) output, err := cmd.Output() if err != nil { var exitErr *exec.ExitError if errors.As(err, &exitErr) { return nil, fmt.Errorf("kustomize build failed: %s", string(exitErr.Stderr)) } return nil, fmt.Errorf("failed to run kustomize: %w", err) } return output, nil } func (env *K3sTestEnvironment) ExecInK3s(ctx context.Context, args ...string) ([]byte, error) { concat := strings.Join(args, " ") exitCode, reader, err := env.K3sContainer.Exec(ctx, args) if err != nil { return []byte{}, fmt.Errorf("failed to exec '%s': %w", concat, err) } output, err := io.ReadAll(reader) if err != nil { return []byte{}, fmt.Errorf("failed to read kubectl output: %w", err) } if exitCode != 0 { return output, fmt.Errorf("'%s' failed with exit code %d: %s", concat, exitCode, string(output)) } return output, nil } // waitForArgoCD waits for ArgoCD components to be ready func (env *K3sTestEnvironment) waitForArgoCD(ctx context.Context) error { // Wait for CRDs to be established crds := []string{ "applications.argoproj.io", "applicationsets.argoproj.io", "appprojects.argoproj.io", } for _, crd := range crds { if _, err := env.ExecInK3s(ctx, "kubectl", "wait", "--for=condition=Established", fmt.Sprintf("crd/%s", crd), "--timeout=60s"); err != nil { return err } } // Wait for deployments to be ready deployments := []string{"argocd-server", "argocd-repo-server", "argocd-redis", "private-git-repository"} timeout := "60s" for _, deployment := range deployments { if _, err := env.ExecInK3s(ctx, "kubectl", "wait", "--for=condition=available", fmt.Sprintf("deployment/%s", deployment), "-n", "argocd", "--timeout="+timeout); err != nil { return fmt.Errorf("failed to wait for deployment %s: %w", deployment, err) } } localPort, err := env.K3sContainer.MappedPort(ctx, "30123") if err != nil { return fmt.Errorf("failed to setup port forward: %w", err) } env.ArgoCDURL = fmt.Sprintf("127.0.0.1:%s", localPort.Port()) return nil } // GetEnvironmentVariables returns the environment variables needed for tests func (env *K3sTestEnvironment) GetEnvironmentVariables() map[string]string { return map[string]string{"ARGOCD_SERVER": env.ArgoCDURL} } // Cleanup cleans up the test environment func (env *K3sTestEnvironment) Cleanup(ctx context.Context) { // Terminate container if env.K3sContainer != nil { if err := env.K3sContainer.Terminate(ctx); err != nil { fmt.Printf("Warning: failed to terminate container: %v\n", err) } } } ================================================ FILE: internal/types/pgp_public_key.go ================================================ package types import ( "context" "fmt" "strings" "github.com/ProtonMail/gopenpgp/v3/crypto" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/attr/xattr" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-framework/types/basetypes" "github.com/hashicorp/terraform-plugin-go/tftypes" ) type pgpPublicKeyType uint8 const ( PGPPublicKeyType pgpPublicKeyType = iota ) var ( _ xattr.TypeWithValidate = PGPPublicKeyType _ basetypes.StringTypable = PGPPublicKeyType _ basetypes.StringValuable = PGPPublicKey{} _ basetypes.StringValuableWithSemanticEquals = PGPPublicKey{} ) // TerraformType returns the tftypes.Type that should be used to represent this // framework type. func (t pgpPublicKeyType) TerraformType(_ context.Context) tftypes.Type { return tftypes.String } // ValueFromString returns a StringValuable type given a StringValue. func (t pgpPublicKeyType) ValueFromString(_ context.Context, in types.String) (basetypes.StringValuable, diag.Diagnostics) { if in.IsUnknown() { return PGPPublicKeyUnknown(), nil } if in.IsNull() { return PGPPublicKeyNull(), nil } return PGPPublicKey{ state: attr.ValueStateKnown, value: in.ValueString(), }, nil } // ValueFromTerraform returns a Value given a tftypes.Value. This is meant to // convert the tftypes.Value into a more convenient Go type for the provider to // consume the data with. func (t pgpPublicKeyType) ValueFromTerraform(_ context.Context, in tftypes.Value) (attr.Value, error) { if !in.IsKnown() { return PGPPublicKeyUnknown(), nil } if in.IsNull() { return PGPPublicKeyNull(), nil } var s string err := in.As(&s) if err != nil { return nil, err } return PGPPublicKey{ state: attr.ValueStateKnown, value: s, }, nil } // ValueType returns the Value type. func (t pgpPublicKeyType) ValueType(context.Context) attr.Value { return PGPPublicKey{} } // Equal returns true if `o` is also a PGPPublicKeyType. func (t pgpPublicKeyType) Equal(o attr.Type) bool { _, ok := o.(pgpPublicKeyType) return ok } // ApplyTerraform5AttributePathStep applies the given AttributePathStep to the // type. func (t pgpPublicKeyType) ApplyTerraform5AttributePathStep(step tftypes.AttributePathStep) (interface{}, error) { return nil, fmt.Errorf("cannot apply AttributePathStep %T to %s", step, t.String()) } // String returns a human-friendly description of the PGPPublicKeyType. func (t pgpPublicKeyType) String() string { return "types.PGPPublicKeyType" } // Validate implements type validation. func (t pgpPublicKeyType) Validate(ctx context.Context, in tftypes.Value, path path.Path) diag.Diagnostics { var diags diag.Diagnostics if !in.Type().Is(tftypes.String) { diags.AddAttributeError( path, "PGPPublicKey Type Validation Error", "An unexpected error was encountered trying to validate an attribute value. This is always an error in the provider. Please report the following to the provider developer:\n\n"+ fmt.Sprintf("Expected String value, received %T with value: %v", in, in), ) return diags } if !in.IsKnown() || in.IsNull() { return diags } var value string err := in.As(&value) if err != nil { diags.AddAttributeError( path, "PGPPublicKey Type Validation Error", "An unexpected error was encountered trying to validate an attribute value. This is always an error in the provider. Please report the following to the provider developer:\n\n"+ fmt.Sprintf("Error: %s", err), ) return diags } _, err = crypto.NewKeyFromArmored(value) if err != nil { diags.AddAttributeError( path, "Invalid PGP Public Key", err.Error()) return diags } return diags } func (t pgpPublicKeyType) Description() string { return `PGP Public key in ASCII-armor base64 encoded format.` } func PGPPublicKeyNull() PGPPublicKey { return PGPPublicKey{ state: attr.ValueStateNull, } } func PGPPublicKeyUnknown() PGPPublicKey { return PGPPublicKey{ state: attr.ValueStateUnknown, } } func PGPPublicKeyValue(value string) PGPPublicKey { return PGPPublicKey{ state: attr.ValueStateKnown, value: value, } } type PGPPublicKey struct { // state represents whether the value is null, unknown, or known. The // zero-value is null. state attr.ValueState // value contains the original string representation. value string } // Type returns a PGPPublicKeyType. func (k PGPPublicKey) Type(_ context.Context) attr.Type { return PGPPublicKeyType } // ToStringValue should convert the value type to a String. func (k PGPPublicKey) ToStringValue(ctx context.Context) (types.String, diag.Diagnostics) { switch k.state { case attr.ValueStateKnown: return types.StringValue(k.value), nil case attr.ValueStateNull: return types.StringNull(), nil case attr.ValueStateUnknown: return types.StringUnknown(), nil default: return types.StringUnknown(), diag.Diagnostics{ diag.NewErrorDiagnostic(fmt.Sprintf("unhandled PGPPublicKey state in ToStringValue: %s", k.state), ""), } } } // ToTerraformValue returns the data contained in the *String as a string. If // Unknown is true, it returns a tftypes.UnknownValue. If Null is true, it // returns nil. func (k PGPPublicKey) ToTerraformValue(ctx context.Context) (tftypes.Value, error) { t := PGPPublicKeyType.TerraformType(ctx) switch k.state { case attr.ValueStateKnown: if err := tftypes.ValidateValue(t, k.value); err != nil { return tftypes.NewValue(t, tftypes.UnknownValue), err } return tftypes.NewValue(t, k.value), nil case attr.ValueStateNull: return tftypes.NewValue(t, nil), nil case attr.ValueStateUnknown: return tftypes.NewValue(t, tftypes.UnknownValue), nil default: return tftypes.NewValue(t, tftypes.UnknownValue), fmt.Errorf("unhandled PGPPublicKey state in ToTerraformValue: %s", k.state) } } // Equal returns true if `other` is a *PGPPublicKey and has the same value as `d`. func (k PGPPublicKey) Equal(other attr.Value) bool { o, ok := other.(PGPPublicKey) if !ok { return false } if k.state != o.state { return false } if k.state != attr.ValueStateKnown { return true } return k.value == o.value } // IsNull returns true if the Value is not set, or is explicitly set to null. func (k PGPPublicKey) IsNull() bool { return k.state == attr.ValueStateNull } // IsUnknown returns true if the Value is not yet known. func (k PGPPublicKey) IsUnknown() bool { return k.state == attr.ValueStateUnknown } // String returns a summary representation of either the underlying Value, // or UnknownValueString (``) when IsUnknown() returns true, // or NullValueString (``) when IsNull() return true. // // This is an intentionally lossy representation, that are best suited for // logging and error reporting, as they are not protected by // compatibility guarantees within the framework. func (k PGPPublicKey) String() string { if k.IsUnknown() { return attr.UnknownValueString } if k.IsNull() { return attr.NullValueString } return k.value } // ValuePGPPublicKey returns the known string value. If PGPPublicKey is null or unknown, returns "". func (k PGPPublicKey) ValuePGPPublicKey() string { return k.value } // StringSemanticEquals should return true if the given value is // semantically equal to the current value. This logic is used to prevent // Terraform data consistency errors and resource drift where a value change // may have inconsequential differences, such as spacing character removal // in JSON formatted strings. // // Only known values are compared with this method as changing a value's // state implicitly represents a different value. func (k PGPPublicKey) StringSemanticEquals(ctx context.Context, other basetypes.StringValuable) (bool, diag.Diagnostics) { return strings.TrimSpace(k.value) == strings.TrimSpace(other.String()), nil } ================================================ FILE: internal/utils/utils.go ================================================ package utils import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-framework/types/basetypes" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func OptionalInt64(value *int64) basetypes.Int64Value { if value == nil { return types.Int64Null() } return types.Int64Value(*value) } func OptionalString(value *string) basetypes.StringValue { if value == nil { return types.StringNull() } return types.StringValue(*value) } func OptionalTimeString(value *metav1.Time) basetypes.StringValue { if value == nil { return types.StringNull() } return types.StringValue(value.String()) } // MapMap will return a new map where each element has been mapped (transformed). // The number of elements returned will always be the same as the input. // // Be careful when using this with maps of pointers. If you modify the input // value it will affect the original slice. Be sure to return a new allocated // object or deep copy the existing one. // // Based on pie.Map (which only works on slices) at https://github.com/elliotchance/pie/blob/a9ee294da00683bd3f44e8b35bc1deb1dad8fbda/v2/map.go#L3-L20 func MapMap[T comparable, U any, V any](ss map[T]U, fn func(U) V) map[T]V { if ss == nil { return nil } ss2 := make(map[T]V) for k, v := range ss { ss2[k] = fn(v) } return ss2 } ================================================ FILE: internal/validators/duration.go ================================================ package validators import ( "context" "fmt" "time" "github.com/hashicorp/terraform-plugin-framework/schema/validator" ) // DurationValidator returns a validator which ensures that any configured // attribute value is a valid duration string. func DurationValidator() validator.String { return durationValidator{} } type durationValidator struct{} func (v durationValidator) Description(ctx context.Context) string { return "value must be a valid duration string" } func (v durationValidator) MarkdownDescription(ctx context.Context) string { return "value must be a valid duration string" } func (v durationValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() if _, err := time.ParseDuration(value); err != nil { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Duration", fmt.Sprintf("cannot parse duration '%s': %s", value, err.Error()), ) } } ================================================ FILE: internal/validators/enable_oci.go ================================================ package validators import ( "context" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/schema/validator" ) var _ validator.Bool = enableOCIValidator{} type enableOCIValidator struct{} func (v enableOCIValidator) Description(_ context.Context) string { return "enable_oci can only be set to true when type is 'helm'" } func (v enableOCIValidator) MarkdownDescription(ctx context.Context) string { return v.Description(ctx) } func (v enableOCIValidator) ValidateBool(ctx context.Context, req validator.BoolRequest, resp *validator.BoolResponse) { // If the value is null or unknown, no validation needed if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } // Only validate if enable_oci is true if !req.ConfigValue.ValueBool() { return } // Get the type attribute value var typeValue attr.Value diags := req.Config.GetAttribute(ctx, path.Root("type"), &typeValue) resp.Diagnostics.Append(diags...) if resp.Diagnostics.HasError() { return } // If type is unknown, we can't validate yet (will be validated during apply) if typeValue.IsUnknown() { return } // If type is null, it will default to "git", which is invalid for enable_oci=true if typeValue.IsNull() { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Configuration", "enable_oci can only be set to true when type is 'helm'", ) return } // Check if type is "helm" typeStr, ok := typeValue.(interface{ ValueString() string }) if !ok { // This shouldn't happen, but handle it gracefully resp.Diagnostics.AddAttributeError( req.Path, "Invalid Configuration", "Unable to validate enable_oci: type attribute has unexpected type", ) return } if typeStr.ValueString() != "helm" { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Configuration", "enable_oci can only be set to true when type is 'helm', but type is '"+typeStr.ValueString()+"'", ) } } // EnableOCIRequiresHelmType returns a validator that ensures enable_oci is only true when type is "helm" func EnableOCIRequiresHelmType() validator.Bool { return enableOCIValidator{} } ================================================ FILE: internal/validators/is_dns_subdomain.go ================================================ package validators import ( "context" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "k8s.io/apimachinery/pkg/api/validation" ) var _ validator.String = (*isDNSSubdomainValidator)(nil) type isDNSSubdomainValidator struct{} func IsDNSSubdomain() isDNSSubdomainValidator { return isDNSSubdomainValidator{} } // Description returns a plain text description of the validator's behavior, suitable for a practitioner to understand its impact. func (v isDNSSubdomainValidator) Description(ctx context.Context) string { return "ensures that attribute is a valid DNS subdomain" } // MarkdownDescription returns a markdown formatted description of the validator's behavior, suitable for a practitioner to understand its impact. func (v isDNSSubdomainValidator) MarkdownDescription(ctx context.Context) string { return v.Description(ctx) } // Validate runs the main validation logic of the validator, reading configuration data out of `req` and updating `resp` with diagnostics. func (v isDNSSubdomainValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { // If the value is unknown or null, there is nothing to validate. if req.ConfigValue.IsUnknown() || req.ConfigValue.IsNull() { return } errors := validation.NameIsDNSSubdomain(req.ConfigValue.ValueString(), false) for _, err := range errors { resp.Diagnostics.AddAttributeError( req.Path, "Invalid DNS subdomain", err) } } ================================================ FILE: internal/validators/metadata_annotations.go ================================================ package validators import ( "context" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "k8s.io/apimachinery/pkg/util/validation" ) var _ validator.Map = (*metadataAnnotationsValidator)(nil) type metadataAnnotationsValidator struct{} func MetadataAnnotations() metadataAnnotationsValidator { return metadataAnnotationsValidator{} } // Description returns a plain text description of the validator's behavior, suitable for a practitioner to understand its impact. func (v metadataAnnotationsValidator) Description(ctx context.Context) string { return "ensures that all keys in the supplied map are valid qualified names" } // MarkdownDescription returns a markdown formatted description of the validator's behavior, suitable for a practitioner to understand its impact. func (v metadataAnnotationsValidator) MarkdownDescription(ctx context.Context) string { return v.Description(ctx) } // Validate runs the main validation logic of the validator, reading configuration data out of `req` and updating `resp` with diagnostics. func (v metadataAnnotationsValidator) ValidateMap(ctx context.Context, req validator.MapRequest, resp *validator.MapResponse) { // If the value is unknown or null, there is nothing to validate. if req.ConfigValue.IsUnknown() || req.ConfigValue.IsNull() { return } // Only keys need validation for annotations, so iterate over Elements() // directly to avoid converting unknown element values to Go strings. for k := range req.ConfigValue.Elements() { errors := validation.IsQualifiedName(k) for _, err := range errors { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Annotation Key: not a valid qualified name", err) } } } ================================================ FILE: internal/validators/metadata_annotations_test.go ================================================ package validators import ( "context" "testing" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/stretchr/testify/assert" ) func TestMetadataAnnotationsValidator(t *testing.T) { t.Parallel() tests := map[string]struct { val types.Map expectError bool }{ "null map": { val: types.MapNull(types.StringType), }, "unknown map": { val: types.MapUnknown(types.StringType), }, "valid annotation key": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringValue("myapp"), }), }, "multiple valid keys": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringValue("myapp"), "this.is.a.valid.key/stuff": types.StringValue("value"), }), }, "unknown element value": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringUnknown(), }), }, "mixed known and unknown values": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringValue("myapp"), "app.kubernetes.io/version": types.StringUnknown(), }), }, "invalid annotation key": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "-invalid": types.StringValue("value"), }), expectError: true, }, "uppercase annotation key rejected": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "App.Kubernetes.IO/Name": types.StringValue("myapp"), }), expectError: true, }, } for name, test := range tests { t.Run(name, func(t *testing.T) { t.Parallel() req := validator.MapRequest{ Path: path.Root("annotations"), ConfigValue: test.val, } resp := validator.MapResponse{} MetadataAnnotations().ValidateMap(context.Background(), req, &resp) assert.Equal(t, test.expectError, resp.Diagnostics.HasError()) }) } } ================================================ FILE: internal/validators/metadata_labels.go ================================================ package validators import ( "context" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "k8s.io/apimachinery/pkg/util/validation" ) var _ validator.Map = (*metadataLabelsValidator)(nil) type metadataLabelsValidator struct{} func MetadataLabels() metadataLabelsValidator { return metadataLabelsValidator{} } // Description returns a plain text description of the validator's behavior, suitable for a practitioner to understand its impact. func (v metadataLabelsValidator) Description(ctx context.Context) string { return "ensures that all keys in the supplied map are valid qualified names and that the values are valid label values" } // MarkdownDescription returns a markdown formatted description of the validator's behavior, suitable for a practitioner to understand its impact. func (v metadataLabelsValidator) MarkdownDescription(ctx context.Context) string { return v.Description(ctx) } // Validate runs the main validation logic of the validator, reading configuration data out of `req` and updating `resp` with diagnostics. func (v metadataLabelsValidator) ValidateMap(ctx context.Context, req validator.MapRequest, resp *validator.MapResponse) { // If the value is unknown or null, there is nothing to validate. if req.ConfigValue.IsUnknown() || req.ConfigValue.IsNull() { return } // Iterate over Elements() directly to handle maps containing unknown // element values (e.g. computed attributes from other resources). for k, val := range req.ConfigValue.Elements() { for _, err := range validation.IsQualifiedName(k) { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Label Key: not a valid qualified name", err) } // Skip value validation if the value is unknown or null. sv, ok := val.(types.String) if !ok || sv.IsUnknown() || sv.IsNull() { continue } for _, err := range validation.IsValidLabelValue(sv.ValueString()) { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Label Value", err) } } } ================================================ FILE: internal/validators/metadata_labels_test.go ================================================ package validators import ( "context" "testing" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/stretchr/testify/assert" ) func TestMetadataLabelsValidator(t *testing.T) { t.Parallel() tests := map[string]struct { val types.Map expectError bool }{ "null map": { val: types.MapNull(types.StringType), }, "unknown map": { val: types.MapUnknown(types.StringType), }, "valid label": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringValue("myapp"), }), }, "valid label with empty value": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringValue(""), }), }, "multiple valid labels": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringValue("myapp"), "app.kubernetes.io/version": types.StringValue("v1"), }), }, "unknown element value": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringUnknown(), }), }, "mixed known and unknown values": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringValue("myapp"), "app.kubernetes.io/version": types.StringUnknown(), }), }, "null element value": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringNull(), }), }, "invalid label key": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "-invalid": types.StringValue("value"), }), expectError: true, }, "uppercase label key rejected": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "App.Kubernetes.IO/Name": types.StringValue("myapp"), }), expectError: true, }, "invalid label value": { val: types.MapValueMust(types.StringType, map[string]attr.Value{ "app.kubernetes.io/name": types.StringValue("invalid value with spaces"), }), expectError: true, }, } for name, test := range tests { t.Run(name, func(t *testing.T) { t.Parallel() req := validator.MapRequest{ Path: path.Root("labels"), ConfigValue: test.val, } resp := validator.MapResponse{} MetadataLabels().ValidateMap(context.Background(), req, &resp) assert.Equal(t, test.expectError, resp.Diagnostics.HasError()) }) } } ================================================ FILE: internal/validators/positive_integer.go ================================================ package validators import ( "context" "strconv" "github.com/hashicorp/terraform-plugin-framework/schema/validator" ) var _ validator.String = positiveIntegerValidator{} type positiveIntegerValidator struct{} func (v positiveIntegerValidator) Description(_ context.Context) string { return "value must be a positive integer" } func (v positiveIntegerValidator) MarkdownDescription(ctx context.Context) string { return v.Description(ctx) } func (v positiveIntegerValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() if value == "" { return } i, err := strconv.ParseInt(value, 10, 64) if err != nil { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Integer", "The provided value is not a valid integer: "+err.Error(), ) return } if i <= 0 { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Positive Integer", "The provided value must be a positive integer (greater than 0)", ) return } } func PositiveInteger() validator.String { return positiveIntegerValidator{} } ================================================ FILE: internal/validators/project_validators.go ================================================ package validators import ( "context" "fmt" "regexp" "time" argocdtime "github.com/argoproj/pkg/v2/time" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/robfig/cron/v3" ) // GroupNameValidator returns a validator which ensures that any configured // attribute value is a valid group name (no commas, newlines, carriage returns, or tabs). func GroupNameValidator() validator.String { return groupNameValidator{} } type groupNameValidator struct{} func (v groupNameValidator) Description(ctx context.Context) string { return "value must be a valid group name" } func (v groupNameValidator) MarkdownDescription(ctx context.Context) string { return "value must be a valid group name" } func (v groupNameValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() invalidChars := regexp.MustCompile("[,\n\r\t]") if invalidChars.MatchString(value) { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Group Name", fmt.Sprintf("Group '%s' contains invalid characters (comma, newline, carriage return, or tab)", value), ) } } // RoleNameValidator returns a validator which ensures that any configured // attribute value is a valid role name. func RoleNameValidator() validator.String { return roleNameValidator{} } type roleNameValidator struct{} func (v roleNameValidator) Description(ctx context.Context) string { return "value must be a valid role name" } func (v roleNameValidator) MarkdownDescription(ctx context.Context) string { return "value must be a valid role name" } func (v roleNameValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() roleNameRegexp := regexp.MustCompile(`^[a-zA-Z0-9]([-_a-zA-Z0-9]*[a-zA-Z0-9])?$`) if !roleNameRegexp.MatchString(value) { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Role Name", fmt.Sprintf("Invalid role name '%s'. Must consist of alphanumeric characters, '-' or '_', and must start and end with an alphanumeric character", value), ) } } // SyncWindowKindValidator returns a validator which ensures that any configured // attribute value is either "allow" or "deny". func SyncWindowKindValidator() validator.String { return syncWindowKindValidator{} } type syncWindowKindValidator struct{} func (v syncWindowKindValidator) Description(ctx context.Context) string { return "value must be either 'allow' or 'deny'" } func (v syncWindowKindValidator) MarkdownDescription(ctx context.Context) string { return "value must be either 'allow' or 'deny'" } func (v syncWindowKindValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() if value != "allow" && value != "deny" { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Sync Window Kind", fmt.Sprintf("Kind '%s' mismatch: can only be allow or deny", value), ) } } // SyncWindowScheduleValidator returns a validator which ensures that any configured // attribute value is a valid cron schedule. func SyncWindowScheduleValidator() validator.String { return syncWindowScheduleValidator{} } type syncWindowScheduleValidator struct{} func (v syncWindowScheduleValidator) Description(ctx context.Context) string { return "value must be a valid cron schedule" } func (v syncWindowScheduleValidator) MarkdownDescription(ctx context.Context) string { return "value must be a valid cron schedule" } func (v syncWindowScheduleValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() specParser := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow) if _, err := specParser.Parse(value); err != nil { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Cron Schedule", fmt.Sprintf("cannot parse schedule '%s': %s", value, err.Error()), ) } } // SyncWindowDurationValidator returns a validator which ensures that any configured // attribute value is a valid ArgoCD duration. func SyncWindowDurationValidator() validator.String { return syncWindowDurationValidator{} } type syncWindowDurationValidator struct{} func (v syncWindowDurationValidator) Description(ctx context.Context) string { return "value must be a valid ArgoCD duration" } func (v syncWindowDurationValidator) MarkdownDescription(ctx context.Context) string { return "value must be a valid ArgoCD duration" } func (v syncWindowDurationValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() if _, err := argocdtime.ParseDuration(value); err != nil { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Duration", fmt.Sprintf("cannot parse duration '%s': %s", value, err.Error()), ) } } // SyncWindowTimezoneValidator returns a validator which ensures that any configured // attribute value is a valid timezone. func SyncWindowTimezoneValidator() validator.String { return syncWindowTimezoneValidator{} } type syncWindowTimezoneValidator struct{} func (v syncWindowTimezoneValidator) Description(ctx context.Context) string { return "value must be a valid timezone" } func (v syncWindowTimezoneValidator) MarkdownDescription(ctx context.Context) string { return "value must be a valid timezone" } func (v syncWindowTimezoneValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() if _, err := time.LoadLocation(value); err != nil { resp.Diagnostics.AddAttributeError( req.Path, "Invalid Timezone", fmt.Sprintf("cannot parse timezone '%s': %s", value, err.Error()), ) } } ================================================ FILE: internal/validators/repository_certificate.go ================================================ package validators import ( "context" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/types" ) var _ resource.ConfigValidator = repositoryCertificateValidator{} type repositoryCertificateValidator struct{} func (v repositoryCertificateValidator) Description(_ context.Context) string { return "one of `https,ssh` must be specified" } func (v repositoryCertificateValidator) MarkdownDescription(ctx context.Context) string { return v.Description(ctx) } func (v repositoryCertificateValidator) ValidateResource(ctx context.Context, req resource.ValidateConfigRequest, resp *resource.ValidateConfigResponse) { var ssh types.List var https types.List resp.Diagnostics.Append(req.Config.GetAttribute(ctx, path.Root("ssh"), &ssh)...) resp.Diagnostics.Append(req.Config.GetAttribute(ctx, path.Root("https"), &https)...) if resp.Diagnostics.HasError() { return } sshConfigured := !ssh.IsNull() && len(ssh.Elements()) > 0 httpsConfigured := !https.IsNull() && len(https.Elements()) > 0 // Validate that each list contains at most one element if sshConfigured && len(ssh.Elements()) > 1 { resp.Diagnostics.AddError( "Too many SSH certificates", "Only one SSH certificate can be specified", ) return } if httpsConfigured && len(https.Elements()) > 1 { resp.Diagnostics.AddError( "Too many HTTPS certificates", "Only one HTTPS certificate can be specified", ) return } if !sshConfigured && !httpsConfigured { resp.Diagnostics.AddError( "Missing required configuration", "one of `https,ssh` must be specified", ) return } if sshConfigured && httpsConfigured { resp.Diagnostics.AddError( "Conflicting configuration", "only one of `https,ssh` can be specified", ) return } } func RepositoryCertificate() resource.ConfigValidator { return repositoryCertificateValidator{} } ================================================ FILE: internal/validators/ssh_private_key.go ================================================ package validators import ( "context" "crypto/x509" "encoding/pem" "strings" "github.com/hashicorp/terraform-plugin-framework/schema/validator" ) var _ validator.String = sshPrivateKeyValidator{} type sshPrivateKeyValidator struct{} func (v sshPrivateKeyValidator) Description(_ context.Context) string { return "value must be a valid SSH private key in PEM format" } func (v sshPrivateKeyValidator) MarkdownDescription(ctx context.Context) string { return v.Description(ctx) } func (v sshPrivateKeyValidator) ValidateString(ctx context.Context, req validator.StringRequest, resp *validator.StringResponse) { if req.ConfigValue.IsNull() || req.ConfigValue.IsUnknown() { return } value := req.ConfigValue.ValueString() if value == "" { return } // Check if it's a valid PEM block block, _ := pem.Decode([]byte(value)) if block == nil { resp.Diagnostics.AddAttributeError( req.Path, "Invalid SSH Private Key", "The provided value is not a valid PEM-encoded private key", ) return } // Check if it's a recognized private key type validTypes := []string{ "RSA PRIVATE KEY", "PRIVATE KEY", "EC PRIVATE KEY", "DSA PRIVATE KEY", "OPENSSH PRIVATE KEY", } isValidType := false for _, validType := range validTypes { if strings.EqualFold(block.Type, validType) { isValidType = true break } } if !isValidType { resp.Diagnostics.AddAttributeError( req.Path, "Invalid SSH Private Key Type", "The provided PEM block is not a recognized private key type", ) return } // Additional validation for PKCS#8 and PKCS#1 formats if strings.EqualFold(block.Type, "PRIVATE KEY") { // PKCS#8 format _, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { resp.Diagnostics.AddAttributeError( req.Path, "Invalid PKCS#8 Private Key", "The provided PKCS#8 private key is invalid: "+err.Error(), ) return } } else if strings.EqualFold(block.Type, "RSA PRIVATE KEY") { // PKCS#1 format _, err := x509.ParsePKCS1PrivateKey(block.Bytes) if err != nil { resp.Diagnostics.AddAttributeError( req.Path, "Invalid PKCS#1 Private Key", "The provided PKCS#1 private key is invalid: "+err.Error(), ) return } } } func SSHPrivateKey() validator.String { return sshPrivateKeyValidator{} } ================================================ FILE: kind-config.yml ================================================ --- apiVersion: kind.x-k8s.io/v1alpha4 kind: Cluster name: argocd nodes: - role: control-plane image: kindest/node:v1.34.3 extraPortMappings: - containerPort: 30123 hostPort: 8080 listenAddress: "127.0.0.1" protocol: TCP ================================================ FILE: main.go ================================================ package main import ( "context" "flag" "log" "github.com/hashicorp/terraform-plugin-framework/providerserver" "github.com/hashicorp/terraform-plugin-go/tfprotov6" "github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server" "github.com/hashicorp/terraform-plugin-mux/tf5to6server" "github.com/hashicorp/terraform-plugin-mux/tf6muxserver" "github.com/argoproj-labs/terraform-provider-argocd/argocd" "github.com/argoproj-labs/terraform-provider-argocd/internal/provider" ) // Run "go generate" to format example terraform files and generate the docs for the registry/website // If you do not have terraform installed, you can remove the formatting command, but its suggested to // ensure the documentation is formatted properly. //go:generate terraform fmt -recursive ./examples/ // Run the docs generation tool, check its repository for more information on how it works and how docs // can be customized. //go:generate go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs var ( // these will be set by the goreleaser configuration // to appropriate values for the compiled binary. version string = "dev" // goreleaser can pass other information to the main package, such as the specific commit // https://goreleaser.com/cookbooks/using-main.version/ ) func main() { ctx := context.Background() var debug bool flag.BoolVar(&debug, "debug", false, "set to true to run the provider with support for debuggers like delve") flag.Parse() upgradedSdkServer, err := tf5to6server.UpgradeServer( ctx, argocd.Provider().GRPCProvider, ) if err != nil { log.Fatal(err) } providers := []func() tfprotov6.ProviderServer{ providerserver.NewProtocol6(provider.New(version)), func() tfprotov6.ProviderServer { return upgradedSdkServer }, } muxServer, err := tf6muxserver.NewMuxServer(ctx, providers...) if err != nil { log.Fatal(err) } var serveOpts []tf6server.ServeOpt if debug { serveOpts = append(serveOpts, tf6server.WithManagedDebug()) } err = tf6server.Serve( "registry.terraform.io/argoproj-labs/argocd", muxServer.ProviderServer, serveOpts..., ) if err != nil { log.Fatal(err) } } ================================================ FILE: manifests/install/cluster-rbac.yml ================================================ # The below RBAC will allow the argocd-server to deploy Application resources to any namespace, not just to argocd apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: argocd-server-cluster-role rules: - verbs: - create - get - list - watch - update - delete - patch apiGroups: - argoproj.io resources: - applications - applicationsets --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argocd-server-cluster-role subjects: - kind: ServiceAccount name: argocd-server namespace: argocd roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: argocd-server-cluster-role ================================================ FILE: manifests/install/git-private-repository.yml ================================================ --- apiVersion: v1 kind: Secret metadata: name: git-authorized-ssh-keys namespace: argocd type: Opaque stringData: sshUsername: git sshPublicKey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ7pXHSBsqooIjTAimV+ArkkGMIM7duG1Texl8uh5Rm test@argocd" sshPrivateKey: | -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZgAAAJB9cNEifXDR IgAAAAtzc2gtZWQyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZg AAAEAJeUrObjoTbGO1Sq4TXHl/j4RJ5aKMC1OemWuHmLK7XYZ7pXHSBsqooIjTAimV+Ark kGMIM7duG1Texl8uh5RmAAAAC3Rlc3RAYXJnb2NkAQI= -----END OPENSSH PRIVATE KEY----- --- apiVersion: v1 kind: ConfigMap metadata: name: git-private-repository-contents namespace: argocd data: configmap.yml: | apiVersion: v1 kind: Configmap metadata: name: testdata namespace: default data: foo: bar --- apiVersion: apps/v1 kind: Deployment metadata: name: private-git-repository namespace: argocd spec: selector: matchLabels: app.kubernetes.io/name: private-git-repository template: metadata: labels: app.kubernetes.io/name: private-git-repository spec: volumes: - name: repo-contents configMap: optional: false name: git-private-repository-contents containers: - name: private-git-repository image: alpine:3 volumeMounts: - mountPath: /mnt/testdata name: repo-contents readOnly: true ports: - containerPort: 22 protocol: TCP name: sshd readinessProbe: tcpSocket: port: 22 command: - sh - -c args: - 'apk add --no-cache --update git sudo openssh && adduser git -D && echo "git:2S8RrPQgxGdAv3Wp2ALKsWQLT5WLj66R3JxuJU35dCemwqLVfd"|chpasswd && sudo -u git sh -c " cd && mkdir .ssh && chmod 700 .ssh && echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ7pXHSBsqooIjTAimV+ArkkGMIM7duG1Texl8uh5Rm test@argocd > .ssh/authorized_keys && chmod 600 .ssh/authorized_keys && for P in \$(seq 1 10);do mkdir project-\${P}.git && cd project-\${P}.git && git config --global user.email \"test@argocd\" && git config --global user.name \"acctest\" && git config --global init.defaultBranch \"master\" && git init && cp /mnt/testdata/configmap.yml . && git add . && git commit -m init-\${P} && cd ..; done" && ssh-keygen -A && /usr/sbin/sshd -p 22 -D' --- apiVersion: v1 kind: Service metadata: name: private-git-repository namespace: argocd spec: type: ClusterIP selector: app.kubernetes.io/name: private-git-repository ports: - port: 22 targetPort: sshd name: sshd protocol: TCP ================================================ FILE: manifests/install/kustomization.yml ================================================ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yml - git-private-repository.yml - proxy-service.yml - cluster-rbac.yml ================================================ FILE: manifests/install/namespace.yml ================================================ --- apiVersion: v1 kind: Namespace metadata: name: argocd ================================================ FILE: manifests/install/proxy-service.yml ================================================ --- # Access to argocd service port without the need to proxy through kubectl proxy apiVersion: v1 kind: Service metadata: name: argocd-server-proxy spec: type: NodePort ports: - name: http port: 80 protocol: TCP nodePort: 30124 targetPort: 8080 - name: https port: 443 protocol: TCP nodePort: 30123 targetPort: 8080 selector: app.kubernetes.io/name: argocd-server ================================================ FILE: manifests/install/ssh-identity.key ================================================ -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZgAAAJB9cNEifXDR IgAAAAtzc2gtZWQyNTUxOQAAACCGe6Vx0gbKqKCI0wIplfgK5JBjCDO3bhtU3sZfLoeUZg AAAEAJeUrObjoTbGO1Sq4TXHl/j4RJ5aKMC1OemWuHmLK7XYZ7pXHSBsqooIjTAimV+Ark kGMIM7duG1Texl8uh5RmAAAAC3Rlc3RAYXJnb2NkAQI= -----END OPENSSH PRIVATE KEY----- ================================================ FILE: manifests/local-dev/.gitignore ================================================ .terraform* terraform.tfstate* crash.log *-config ================================================ FILE: manifests/local-dev/account-token.tf ================================================ resource "argocd_account_token" "admin" { renew_after = "30s" } resource "argocd_account_token" "test" { account = "test" expires_in = "1m" renew_before = "45s" } ================================================ FILE: manifests/local-dev/application-set.tf ================================================ resource "argocd_application_set" "clusters" { metadata { name = "clusters" } spec { generator { clusters {} } template { metadata { name = "appset-clusters-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd/" target_revision = "HEAD" chart = "test/e2e/testdata/guestbook" } destination { server = "{{server}}" namespace = "default" } } } } } resource "argocd_application_set" "cluster_decision_resource" { metadata { name = "cluster-decision-resource" } spec { generator { cluster_decision_resource { config_map_ref = "my-configmap" name = "quak" label_selector { match_labels = { duck = "spotted" } match_expressions { key = "duck" operator = "In" values = [ "spotted", "canvasback" ] } } } } template { metadata { name = "appset-cdr-{{name}}" } spec { source { repo_url = "https://github.com/argoproj/argo-cd/" target_revision = "HEAD" path = "test/e2e/testdata/guestbook" } destination { server = "{{server}}" namespace = "default" } } } } } resource "argocd_application_set" "git" { metadata { name = "git" } spec { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" # directory { # path = "applicationset/examples/git-generator-directory/excludes/cluster-addons/*" # } # directory { # exclude = true # path = "applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook" # } file { path = "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" } } } template { metadata { name = "appset-git-{{path.basename}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "{{path}}" } destination { server = "https://kubernetes.default.svc" namespace = "{{path.basename}}" } } } } } resource "argocd_application_set" "list" { metadata { name = "list" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://kubernetes.default.svc" }, { cluster = argocd_cluster.kind_secondary.name url = argocd_cluster.kind_secondary.server } ] template { metadata {} spec { project = "default" source { target_revision = "HEAD" repo_url = "https://github.com/argoproj/argo-cd.git" # New path value is generated here: path = "applicationset/examples/template-override/{{cluster}}-override" } destination {} } } } } template { metadata { name = "appset-list-{{cluster}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } } resource "argocd_application_set" "matrix" { metadata { name = "matrix" } spec { generator { matrix { generator { matrix { generator { list { elements = [ { cluster = "in-cluster" url = "https://kubernetes.default.svc" } ] } } generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" file { path = "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json" } } } } } generator { clusters {} } } } template { metadata { name = "appset-matrix-{{name}}" } spec { project = "default" source { repo_url = "https://kubernetes-sigs.github.io/descheduler" chart = "descheduler" target_revision = "0.33.0" helm { release_name = "testing" parameter { name = "image.tag" value = "6.2.5" } parameter { name = "architecture" value = "standalone" } } } destination { server = "{{server}}" namespace = "default" } } } } } # List Generator with elements_yaml resource "argocd_application_set" "list_elements_yaml" { metadata { name = "list-elements-yaml" } spec { generator { list { elements_yaml = <<-EOT - cluster: engineering-dev url: https://kubernetes.default.svc environment: development - cluster: engineering-prod url: https://kubernetes.default.svc environment: production foo: bar EOT } } template { metadata { name = "{{cluster}}-guestbook" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" target_revision = "HEAD" path = "applicationset/examples/list-generator/guestbook/{{cluster}}" } destination { server = "{{url}}" namespace = "guestbook" } } } } } # List Generator with dynamic elements_yaml using Go templating resource "argocd_application_set" "list_elements_yaml_dynamic" { metadata { name = "list-elements-yaml-dynamic" } spec { go_template = true go_template_options = ["missingkey=error"] generator { matrix { generator { git { repo_url = "https://github.com/argoproj/argo-cd.git" revision = "HEAD" file { path = "applicationset/examples/list-generator/list-elementsYaml-example.yaml" } } } generator { list { elements_yaml = <<-EOT {{ .key.components | toJson }} EOT } } } } template { metadata { name = "{{.name}}" } spec { project = "default" sync_policy { automated { self_heal = true } sync_options = ["CreateNamespace=true"] } source { chart = "{{.chart}}" repo_url = "{{.repoUrl}}" target_revision = "{{.version}}" helm { release_name = "{{.releaseName}}" } } destination { server = "https://kubernetes.default.svc" namespace = "{{.namespace}}" } } } } } resource "argocd_application_set" "merge" { metadata { name = "merge" } spec { generator { merge { merge_keys = [ "server" ] generator { clusters { values = { kafka = true redis = false } } } generator { clusters { selector { match_labels = { use-kafka = "false" } } values = { kafka = "false" } } } generator { list { elements = [ { server = "https://2.4.6.8" "values.redis" = "true" }, ] } } } } template { metadata { name = "appset-merge-{{name}}" } spec { project = "default" source { repo_url = "https://github.com/argoproj/argo-cd.git" path = "app" target_revision = "HEAD" helm { parameter { name = "kafka" value = "{{values.kafka}}" } parameter { name = "redis" value = "{{values.redis}}" } } } destination { server = "{{server}}" namespace = "default" } } } } } resource "argocd_application_set" "pull_request_github" { metadata { name = "pull-request-github" } spec { generator { pull_request { github { api = "https://git.example.com/" owner = "myorg" repo = "myrepository" app_secret_name = "github-app-repo-creds" token_ref { secret_name = "github-token" key = "token" } labels = [ "preview" ] } } } template { metadata { name = "appset-opull-request-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } resource "argocd_application_set" "pull_request_azure_devops" { metadata { name = "pull-request-azure-devops" } spec { generator { pull_request { azure_devops { organization = "myorg" project = "myproject" repo = "myrepo" api = "https://dev.azure.com/" token_ref { secret_name = "pat-token" key = "token" } labels = [ "preview" ] } } } template { metadata { name = "appset-opull-request-{{branch}}-{{number}}" } spec { project = "default" source { repo_url = "https://github.com/myorg/myrepo.git" path = "kubernetes/" target_revision = "{{head_sha}}" helm { parameter { name = "image.tag" value = "pull-{{head_sha}}" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } resource "argocd_application_set" "scm_provider" { metadata { name = "scm-provider" } spec { generator { scm_provider { github { all_branches = true api = "https://git.example.com/" app_secret_name = "gh-app-repo-creds" organization = "myorg" token_ref { secret_name = "github-token" key = "token" } } } } template { metadata { name = "appset-scm-provider-{{repository}}" } spec { project = "default" source { repo_url = "{{url}}" path = "kubernetes/" target_revision = "{{branch}}" } destination { server = "https://kubernetes.default.svc" namespace = "default" } } } } } resource "argocd_application_set" "progressive_sync" { metadata { name = "progressive-sync" } spec { generator { list { elements = [ { cluster = "engineering-dev" url = "https://1.2.3.4" env = "env-dev" }, { cluster = "engineering-qa" url = "https://2.4.6.8" env = "env-qa" }, { cluster = "engineering-prod" url = "https://9.8.7.6/" env = "env-prod" } ] } } strategy { type = "RollingSync" rolling_sync { step { match_expressions { key = "envLabel" operator = "In" values = [ "env-dev" ] } # max_update = "100%" # if undefined, all applications matched are updated together (default is 100%) } step { match_expressions { key = "envLabel" operator = "In" values = [ "env-qa" ] } max_update = "0" } step { match_expressions { key = "envLabel" operator = "In" values = [ "env-prod" ] } max_update = "10%" } } } go_template = true template { metadata { name = "appset-progressive-sync-{{.cluster}}" labels = { envLabel = "{{.env}}" } } spec { project = "default" source { repo_url = "https://github.com/infra-team/cluster-deployments.git" path = "guestbook/{{.cluster}}" target_revision = "HEAD" } destination { server = "{{.url}}" namespace = "guestbook" } } } } } ================================================ FILE: manifests/local-dev/application.tf ================================================ resource "argocd_application" "foo" { metadata { name = "foo" namespace = "argocd" labels = { acceptance = "true" } annotations = { "this.is.a.really.long.nested.key" = "yes, really!" } } spec { project = argocd_project.foo.metadata[0].name source { repo_url = "https://kubernetes-sigs.github.io/descheduler" chart = "descheduler" target_revision = "0.33.0" helm { release_name = "testing" parameter { name = "image.tag" value = "6.2.5" } parameter { name = "architecture" value = "standalone" } } } destination { server = "https://kubernetes.default.svc" namespace = "default" } sync_policy { automated { prune = true self_heal = true allow_empty = false } sync_options = [ "PrunePropagationPolicy=foreground", "ApplyOutOfSyncOnly=true" ] retry { limit = 5 backoff { duration = "3m" factor = "2" max_duration = "30m" } } } } # wait = true } ================================================ FILE: manifests/local-dev/cluster.tf ================================================ resource "kind_cluster" "secondary" { name = "secondary" node_image = "kindest/node:v1.24.7" } resource "argocd_cluster" "kind_secondary" { name = "kind-secondary" server = kind_cluster.secondary.endpoint config { tls_client_config { ca_data = kind_cluster.secondary.cluster_ca_certificate // insecure = true } } } ================================================ FILE: manifests/local-dev/data.tf ================================================ # Uncomment below to see full data source for application `foo` (needs to have # been applied first). # # data "argocd_application" "foo" { # metadata = { # name = "foo" # } # } # # output "application_foo" { # value = data.argocd_application.foo # } ================================================ FILE: manifests/local-dev/gpg-key.tf ================================================ resource "argocd_gpg_key" "this" { public_key = < ./staging/src/k8s.io/.*|k8s.io/\1|p' )) for MOD in "${MODS[@]}"; do echo "Updating $MOD..." >&2 V=$( go mod download -json "${MOD}@kubernetes-${VERSION}" | sed -n 's|.*"Version": "\(.*\)".*|\1|p' ) go mod edit "-replace=${MOD}=${MOD}@${V}" done go get "k8s.io/kubernetes@v${VERSION}" go mod tidy ================================================ FILE: templates/index.md.tmpl ================================================ --- page_title: "Provider: ArgoCD" description: |- The ArgoCD provider provides lifecycle management of ArgoCD resources. --- {{/* This template serves as a starting point for documentation generation, and can be customized with hardcoded values and/or doc gen templates. For example, the {{ .SchemaMarkdown }} template can be used to replace manual schema documentation if descriptions of schema attributes are added in the provider source code. */ -}} # ArgoCD Provider The ArgoCD Provider provides lifecycle management of [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) resources. **NB**: The provider is not concerned with the installation/configuration of ArgoCD itself. To make use of the provider, you will need to have an existing ArgoCD installation. The correct provider configuration largely depends on whether or not your ArgoCD API server is exposed or not. If your ArgoCD API server is exposed, then: - use `server_addr` along with a `username`/`password` or `auth_token`. - use `use_local_config` if you have (pre)authenticated via the ArgoCD CLI (E.g. via SSO using `argocd login --sso`. If you have not exposed your ArgoCD API server or have not deployed the API server ([ArgoCD core](https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#core)), see below for options. **Note**: in both these cases, you need sufficient access to the Kubernetes API to perform any actions. - use `port_forward_with_namespace` and optionally `kubernetes` configuration (to temporarily expose the ArgoCD API server using port forwarding) along with a `username`/`password` or `auth_token`. - if you use port-forwarding and your argo-cd-server is running on plain HTTP you need to add the flag `plain_text = true` to the provider configuration as well - use `core` to run a local ArgoCD API server that communicates directly with the Kubernetes API. **NB**: When using `core`, take note of the warning in the docs below. If you are struggling to determine the correct configuration for the provider or the provider is behaving strangely and failing to connect for whatever reason, then we would suggest that you first figure out what combination of parameters work to log in using the ArgoCD CLI (`argocd login`) and then set the provider configuration to match what you used in the CLI. See also the ArgoCD [Getting Started](https://argo-cd.readthedocs.io/en/stable/getting_started/#3-access-the-argo-cd-api-server) docs. ## Example Usage {{tffile "examples/provider/provider.tf"}}
{{- .SchemaMarkdown | trimspace -}} ================================================ FILE: terraform-registry-manifest.json ================================================ { "version": 1, "metadata": { "protocol_versions": ["6.0"] } } ================================================ FILE: tools/go.mod ================================================ module tools go 1.24.0 require github.com/hashicorp/terraform-plugin-docs v0.24.0 require ( github.com/BurntSushi/toml v1.2.1 // indirect github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.2.0 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/ProtonMail/go-crypto v1.1.6 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/armon/go-radix v1.0.0 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect github.com/cloudflare/circl v1.6.1 // indirect github.com/fatih/color v1.16.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/cli v1.1.7 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/hc-install v0.9.2 // indirect github.com/hashicorp/terraform-exec v0.24.0 // indirect github.com/hashicorp/terraform-json v0.27.2 // indirect github.com/huandu/xstrings v1.3.3 // indirect github.com/imdario/mergo v0.3.15 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/posener/complete v1.2.3 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/shopspring/decimal v1.3.1 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/yuin/goldmark v1.7.7 // indirect github.com/yuin/goldmark-meta v1.1.0 // indirect github.com/zclconf/go-cty v1.17.0 // indirect go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect golang.org/x/crypto v0.38.0 // indirect golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect golang.org/x/mod v0.28.0 // indirect golang.org/x/sys v0.36.0 // indirect golang.org/x/text v0.30.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) ================================================ FILE: tools/go.sum ================================================ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/Kunde21/markdownfmt/v3 v3.1.0 h1:KiZu9LKs+wFFBQKhrZJrFZwtLnCCWJahL+S+E/3VnM0= github.com/Kunde21/markdownfmt/v3 v3.1.0/go.mod h1:tPXN1RTyOzJwhfHoon9wUr4HGYmWgVxSQN6VBJDkrVc= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw= github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE= github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM= github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git/v5 v5.14.0 h1:/MD3lCrGjCen5WfEAzKg00MJJffKhC8gzS80ycmCi60= github.com/go-git/go-git/v5 v5.14.0/go.mod h1:Z5Xhoia5PcWA3NF8vRLURn9E5FRhSl7dGj9ItW3Wk5k= github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/cli v1.1.7 h1:/fZJ+hNdwfTSfsxMBa9WWMlfjUZbX8/LnUxgAd7lCVU= github.com/hashicorp/cli v1.1.7/go.mod h1:e6Mfpga9OCT1vqzFuoGZiiF/KaG9CbUfO5s3ghU3YgU= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/hc-install v0.9.2 h1:v80EtNX4fCVHqzL9Lg/2xkp62bbvQMnvPQ0G+OmtO24= github.com/hashicorp/hc-install v0.9.2/go.mod h1:XUqBQNnuT4RsxoxiM9ZaUk0NX8hi2h+Lb6/c0OZnC/I= github.com/hashicorp/terraform-exec v0.24.0 h1:mL0xlk9H5g2bn0pPF6JQZk5YlByqSqrO5VoaNtAf8OE= github.com/hashicorp/terraform-exec v0.24.0/go.mod h1:lluc/rDYfAhYdslLJQg3J0oDqo88oGQAdHR+wDqFvo4= github.com/hashicorp/terraform-json v0.27.2 h1:BwGuzM6iUPqf9JYM/Z4AF1OJ5VVJEEzoKST/tRDBJKU= github.com/hashicorp/terraform-json v0.27.2/go.mod h1:GzPLJ1PLdUG5xL6xn1OXWIjteQRT2CNT9o/6A9mi9hE= github.com/hashicorp/terraform-plugin-docs v0.24.0 h1:YNZYd+8cpYclQyXbl1EEngbld8w7/LPOm99GD5nikIU= github.com/hashicorp/terraform-plugin-docs v0.24.0/go.mod h1:YLg+7LEwVmRuJc0EuCw0SPLxuQXw5mW8iJ5ml/kvi+o= github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8= github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark v1.7.7 h1:5m9rrB1sW3JUMToKFQfb+FGt1U7r57IHu5GrYrG2nqU= github.com/yuin/goldmark v1.7.7/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= github.com/yuin/goldmark-meta v1.1.0 h1:pWw+JLHGZe8Rk0EGsMVssiNb/AaPMHfSRszZeUeiOUc= github.com/yuin/goldmark-meta v1.1.0/go.mod h1:U4spWENafuA7Zyg+Lj5RqK/MF+ovMYtBvXi1lBb2VP0= github.com/zclconf/go-cty v1.17.0 h1:seZvECve6XX4tmnvRzWtJNHdscMtYEx5R7bnnVyd/d0= github.com/zclconf/go-cty v1.17.0/go.mod h1:wqFzcImaLTI6A5HfsRwB0nj5n0MRZFwmey8YoFPPs3U= go.abhg.dev/goldmark/frontmatter v0.2.0 h1:P8kPG0YkL12+aYk2yU3xHv4tcXzeVnN+gU0tJ5JnxRw= go.abhg.dev/goldmark/frontmatter v0.2.0/go.mod h1:XqrEkZuM57djk7zrlRUB02x8I5J0px76YjkOzhB4YlU= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8= golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df h1:UA2aFVmmsIlefxMk29Dp2juaUSth8Pyn3Tq5Y5mJGME= golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= ================================================ FILE: tools/tools.go ================================================ //go:build generate package tools import ( _ "github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs" ) // Format Terraform code for use in documentation. // If you do not have Terraform installed, you can remove the formatting command, but it is suggested // to ensure the documentation is formatted properly. //go:generate terraform fmt -recursive ../examples/ // Generate documentation. //go:generate go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs generate --provider-dir .. -provider-name terraform-provider-argocd