build(deps): bump argocd-operator version (#1124)

* build(deps): bump argocd-operator version

Signed-off-by: Jayendra Parsai <jparsai@redhat.com>

* fix: change log level

Signed-off-by: Jayendra Parsai <jparsai@redhat.com>

---------

Signed-off-by: Jayendra Parsai <jparsai@redhat.com>

Author: jparsai

build/redis/haproxy.cfg.tpl

@@ -24,7 +24,7 @@ backend check_if_redis_is_master_0
 {{- else}}
     tcp-check connect ssl
 {{- end}}
-    tcp-check send "AUTH replace-with-redis-auth"\r\n
+    tcp-check send "AUTH __REPLACE_DEFAULT_AUTH__"\r\n
     tcp-check expect string +OK
     tcp-check send PING\r\n
     tcp-check expect string +PONG
@@ -50,7 +50,7 @@ backend check_if_redis_is_master_1
 {{- else}}
     tcp-check connect ssl
 {{- end}}
-    tcp-check send "AUTH replace-with-redis-auth"\r\n
+    tcp-check send "AUTH __REPLACE_DEFAULT_AUTH__"\r\n
     tcp-check expect string +OK
     tcp-check send PING\r\n
     tcp-check expect string +PONG
@@ -76,7 +76,7 @@ backend check_if_redis_is_master_2
 {{- else}}
     tcp-check connect ssl
 {{- end}}
-    tcp-check send "AUTH replace-with-redis-auth"\r\n
+    tcp-check send "AUTH __REPLACE_DEFAULT_AUTH__"\r\n
     tcp-check expect string +OK
     tcp-check send PING\r\n
     tcp-check expect string +PONG
@@ -108,7 +108,7 @@ backend bk_redis_master
 {{- else}}
     tcp-check connect ssl
 {{- end}}
-    tcp-check send "AUTH replace-with-redis-auth"\r\n
+    tcp-check send "AUTH __REPLACE_DEFAULT_AUTH__"\r\n
     tcp-check expect string +OK
     tcp-check send PING\r\n
     tcp-check expect string +PONG

build/redis/haproxy_init.sh.tpl

@@ -33,6 +33,12 @@ if [ -z "$ANNOUNCE_IP2" ]; then
 fi
 sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF"
 
-auth=$(cat /redis-initial-pass/admin.password)
-sed -i "s/replace-with-redis-auth/$auth/" "$HAPROXY_CONF"
+AUTH="$(cat /app/config/redis-auth/auth)"
+if [ -z "${AUTH}" ]; then
+    echo "Error: Redis password not mounted correctly"
+    exit 1
+fi
+echo "Setting redis auth values.."
+ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
+sed -i "s/__REPLACE_DEFAULT_AUTH__/${ESCAPED_AUTH}/" "$HAPROXY_CONF"
 

build/redis/init.sh.tpl

@@ -132,10 +132,15 @@ setup_defaults() {
 
 redis_ping() {
 set +e
+    AUTH="$(cat /app/config/redis-auth/auth)"
+    if [ -z "$AUTH" ]; then
+        echo "Error: Redis password not mounted correctly"
+        exit 1
+    fi
     if [ "$REDIS_PORT" -eq 0 ]; then
-        redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}"  --tls --cacert /app/config/redis/tls/tls.crt ping
+        env REDISCLI_AUTH="${AUTH}" redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /app/config/redis/tls/tls.crt ping
     else
-        redis-cli -h "${MASTER}"  -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping
+        env REDISCLI_AUTH="${AUTH}" redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping
     fi
 set -e
 }
@@ -170,7 +175,7 @@ find_master() {
         if [ "$SENTINEL_PORT" -eq 0 ]; then
             echo "  on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
             echo "  $(date).."
-            if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}"   --tls --cacert /app/config/redis/tls/tls.crt sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+            if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /app/config/redis/tls/tls.crt sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
                 echo "  $(date) Failover returned with 'NOGOODSLAVE'"
                 echo "Setting defaults for this pod.."
                 setup_defaults
@@ -179,7 +184,7 @@ find_master() {
         else
             echo "  on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
             echo "  $(date).."
-            if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}"  sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+            if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE'; then
                 echo "  $(date) Failover returned with 'NOGOODSLAVE'"
                 echo "Setting defaults for this pod.."
                 setup_defaults
@@ -252,16 +257,19 @@ else
     setup_defaults
 fi
 
-if [ "${AUTH:-}" ]; then
-    echo "Setting redis auth values.."
-    ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
-    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
+AUTH="$(cat /app/config/redis-auth/auth)"
+if [ -z "${AUTH}" ]; then
+    echo "Error: Redis password not mounted correctly"
+    exit 1
 fi
+echo "Setting redis auth values.."
+ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
+sed -i "s/__REPLACE_DEFAULT_AUTH__/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
 
 if [ "${SENTINELAUTH:-}" ]; then
     echo "Setting sentinel auth values"
     ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
-    sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
+    sed -i "s/__REPLACE_DEFAULT_SENTINEL_AUTH__/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
 fi
 
 echo "$(date) Ready..."

build/redis/redis.conf.tpl

@@ -20,7 +20,4 @@ rdbcompression yes
 repl-diskless-sync yes
 save ""
 protected-mode no
-requirepass replace-default-auth
-masterauth replace-default-auth
-
-
+aclfile /app/config/redis-auth/users.acl

build/redis/redis_liveness.sh.tpl

@@ -1,6 +1,10 @@
+redis_pwd="$(cat /app/config/redis-auth/auth)"
+if [ -z "$redis_pwd" ]; then
+    echo "Error: Redis password not mounted correctly"
+    exit 1
+fi
 response=$(
-  redis-cli \
-    -a "${AUTH}" --no-auth-warning \
+  env REDISCLI_AUTH="${redis_pwd}" redis-cli \
     -h localhost \
     -p 6379 \
 {{- if eq .UseTLS "true"}}

build/redis/redis_readiness.sh.tpl

@@ -1,6 +1,10 @@
+redis_pwd="$(cat /app/config/redis-auth/auth)"
+if [ -z "$redis_pwd" ]; then
+    echo "Error: Redis password not mounted correctly"
+    exit 1
+fi
 response=$(
-  redis-cli \
-    -a "${AUTH}" --no-auth-warning \
+  env REDISCLI_AUTH="${redis_pwd}" redis-cli \
     -h localhost \
     -p 6379 \
 {{- if eq .UseTLS "true"}}
@@ -9,7 +13,7 @@ response=$(
 {{- end}}
     ping
 )
-if [ "$response" != "PONG" ] ; then
+if [ "$response" != "PONG" ]; then
   echo "$response"
   exit 1
 fi

build/redis/sentinel.conf.tpl

@@ -15,4 +15,4 @@ bind 0.0.0.0
     sentinel failover-timeout argocd 180000
     maxclients 10000
     sentinel parallel-syncs argocd 5
-    sentinel auth-pass argocd replace-default-auth
+    sentinel auth-pass argocd __REPLACE_DEFAULT_AUTH__

cmd/main.go

@@ -258,13 +258,11 @@ func main() {
 	argocdprovisioner.Register(openshift.ReconcilerHook, openshift.BuilderHook)
 
 	if err = (&argocdprovisioner.ReconcileArgoCD{
-		Client:        client,
-		Scheme:        mgr.GetScheme(),
-		LabelSelector: labelSelectorFlag,
-		K8sClient:     k8sClient,
-		LocalUsers: &argocdprovisioner.LocalUsersInfo{
-			TokenRenewalTimers: map[string]*argocdprovisioner.TokenRenewalTimer{},
-		},
+		Client:            client,
+		Scheme:            mgr.GetScheme(),
+		LabelSelector:     labelSelectorFlag,
+		K8sClient:         k8sClient,
+		LocalUsers:        argocdprovisioner.NewLocalUsersInfo(),
 		FipsConfigChecker: argoutil.NewLinuxFipsConfigChecker(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Argo CD")