Merge pull request #298 from cloudogu/bug/multiTenant-namespaces

pmarkiewka · web-flow · commit 43642f7fa6f0 · 2025-08-21T23:30:27.000+02:00
fixing hardcoded namespaces for central Argocd, smaller fix for ArgocdApplication Generator
diff --git a/argocd/cluster-resources/argocd/misc.ftl.yaml b/argocd/cluster-resources/argocd/misc.ftl.yaml
@@ -4,7 +4,7 @@ apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
   name: <#if config.multiTenant.useDedicatedInstance>${namePrefix}misc<#else>misc</#if>
-  namespace: <#if config.multiTenant.useDedicatedInstance>argocd<#else>${namePrefix}argocd</#if>
+  namespace: <#if config.multiTenant.useDedicatedInstance>${config.multiTenant.centralArgocdNamespace}<#else>${namePrefix}argocd</#if>
 spec:
   project: <#if config.multiTenant.useDedicatedInstance>${tenantName}<#else>cluster-resources</#if>
   destination:
diff --git a/src/main/groovy/com/cloudogu/gitops/config/Config.groovy b/src/main/groovy/com/cloudogu/gitops/config/Config.groovy
@@ -484,6 +484,11 @@ class Config {
                 return new LinkedHashSet<>(dedicatedNamespaces + tenantNamespaces)
             }
         }
+
+        @JsonIgnore
+        String getTenantName(){
+            return namePrefix.replaceAll(/-$/, "")
+        }
     }
 
     static class ImagesSchema {
diff --git a/src/main/groovy/com/cloudogu/gitops/features/argocd/ArgoCD.groovy b/src/main/groovy/com/cloudogu/gitops/features/argocd/ArgoCD.groovy
@@ -246,7 +246,9 @@ class ArgoCD extends Feature {
                         'example-apps',
                         ScmmRepo.createSCMBaseUrl(config)+'argocd/example-apps',
                         namespace,
-                        'argocd/')
+                        namespace,
+                        'argocd/',
+                        config.application.getTenantName())
                         .generate(tenantBootstrapInitializationAction.repo, 'applications')
             }
         }
@@ -345,14 +347,14 @@ class ArgoCD extends Feature {
             // Append new namespaces to existing ones from the secret.
             // `kubectl patch` can't merge list subfields, so we read, decode, merge, and update the secret.
             // This ensures all centrally managed namespaces are preserved.
-            String base64Namespaces = k8sClient.getArgoCDNamespacesSecret('argocd-default-cluster-config', 'argocd')
+            String base64Namespaces = k8sClient.getArgoCDNamespacesSecret('argocd-default-cluster-config', config.multiTenant.centralArgocdNamespace)
             byte[] decodedBytes = Base64.decoder.decode(base64Namespaces)
             String decoded = new String(decodedBytes, "UTF-8")
             def decodedList = decoded?.split(',') as List ?: []
             def activeList = config.application.namespaces.activeNamespaces?.flatten() as List ?: []
             def merged = (decodedList + activeList).unique().join(',')
             log.debug("Updating Central Argocd 'argocd-default-cluster-config' secret")
-            k8sClient.patch('secret', 'argocd-default-cluster-config', 'argocd',
+            k8sClient.patch('secret', 'argocd-default-cluster-config', config.multiTenant.centralArgocdNamespace,
                     [stringData: ['namespaces': merged]])
         }
     }
@@ -446,19 +448,18 @@ class ArgoCD extends Feature {
         k8sClient.label('secret', repoTemplateSecretName, namespace,
                 new Tuple2(' argocd.argoproj.io/secret-type', 'repo-creds'))
 
-
         if (config.multiTenant.useDedicatedInstance) {
             log.debug('Creating central repo credential secret that is used by argocd to access repos in SCM-Manager')
             // Create secret imperatively here instead of values.yaml, because we don't want it to show in git repo
             def centralRepoTemplateSecretName = 'argocd-repo-creds-central-scmm'
 
-            k8sClient.createSecret('generic', centralRepoTemplateSecretName, "argocd",
+            k8sClient.createSecret('generic', centralRepoTemplateSecretName, config.multiTenant.centralArgocdNamespace,
                     new Tuple2('url', config.multiTenant.centralScmUrl),
                     new Tuple2('username', config.multiTenant.username),
                     new Tuple2('password', config.multiTenant.password)
             )
 
-            k8sClient.label('secret', centralRepoTemplateSecretName, "argocd",
+            k8sClient.label('secret', centralRepoTemplateSecretName, config.multiTenant.centralArgocdNamespace,
                     new Tuple2(' argocd.argoproj.io/secret-type', 'repo-creds'))
         }
     }
diff --git a/src/main/groovy/com/cloudogu/gitops/kubernetes/argocd/ArgoApplication.groovy b/src/main/groovy/com/cloudogu/gitops/kubernetes/argocd/ArgoApplication.groovy
@@ -1,6 +1,6 @@
 package com.cloudogu.gitops.kubernetes.argocd
 
-import com.cloudogu.gitops.config.Config
+
 import com.cloudogu.gitops.scmm.ScmmRepo
 import com.cloudogu.gitops.utils.TemplatingEngine
 import groovy.util.logging.Slf4j
@@ -14,28 +14,30 @@ class ArgoApplication {
 
     String name
     String namespace
+    String destinationNamespace
     String path
     String repoUrl
     String project
 
     private final TemplatingEngine templater = new TemplatingEngine()
 
-    ArgoApplication(String name, String repoUrl, String namespace, String path, String project = 'default') {
+    ArgoApplication(String name, String repoUrl, String namespace, String destinationNamespace, String path, String project = 'default') {
         this.name = name
+        this.namespace = namespace
+        this.destinationNamespace = destinationNamespace
         this.project = project
         this.repoUrl = repoUrl
-        this.namespace = namespace
         this.path = path
     }
 
     Map<String, Object> toTemplateParams() {
         return [
-                name      : name,
-                namespace : namespace,
-                project   : project,
-                path      : path,
-                namePrefix: new Config().application.namePrefix,
-                repoUrl   : repoUrl
+                name                : this.name,
+                namespace           : this.namespace,
+                project             : this.project,
+                path                : this.path,
+                destinationNamespace: this.destinationNamespace,
+                repoUrl             : this.repoUrl
         ]
     }
 
diff --git a/src/test/groovy/com/cloudogu/gitops/config/schema/ConfigTest.groovy b/src/test/groovy/com/cloudogu/gitops/config/schema/ConfigTest.groovy
@@ -52,4 +52,10 @@ registry:
         assertThat(actualValues.application.namePrefix).isEqualTo(expectedValues.application.namePrefix)
         assertThat(actualValues.registry.internalPort).isEqualTo(expectedValues.registry.internalPort)
     }
-}
+
+    @Test
+    void 'getting Tenantname from Config'(){
+        testConfig.application.namePrefix='testprefix-'
+        assertThat(testConfig.application.getTenantName()).isEqualTo("testprefix")
+    }
+}
diff --git a/src/test/groovy/com/cloudogu/gitops/kubernetes/rbac/ArgocdApplicationTest.groovy b/src/test/groovy/com/cloudogu/gitops/kubernetes/rbac/ArgocdApplicationTest.groovy
@@ -0,0 +1,58 @@
+package com.cloudogu.gitops.kubernetes.rbac
+
+import com.cloudogu.gitops.config.Config
+import com.cloudogu.gitops.kubernetes.argocd.ArgoApplication
+import com.cloudogu.gitops.scmm.ScmmRepo
+import com.cloudogu.gitops.utils.FileSystemUtils
+import groovy.yaml.YamlSlurper
+import org.junit.jupiter.api.Test
+
+import static org.assertj.core.api.Assertions.assertThat
+
+class ArgocdApplicationTest {
+
+
+    Config config = Config.fromMap([
+            scmm       : [
+                    username: 'user',
+                    password: 'pass',
+                    protocol: 'http',
+                    host    : 'localhost',
+                    provider: 'scm-manager',
+                    rootPath: 'scm'
+            ],
+            application: [
+                    namePrefix: '',
+                    insecure  : false,
+                    gitName   : 'Test User',
+                    gitEmail  : 'test@example.com'
+            ]
+    ])
+
+
+    @Test
+    void 'simple ArgoCD Application with common values'() {
+
+        ScmmRepo repo = new ScmmRepo(config, "my-repo", new FileSystemUtils())
+
+        new ArgoApplication(
+                'example-apps',
+                'testurl.com/argocd/example-apps',
+                'testprefix-argocd',
+                'testnamespace',
+                'argocd/')
+                .generate(repo, 'testsubfolder/test')
+
+
+        File file = new File(repo.getAbsoluteLocalRepoTmpDir(), "testsubfolder/test/argocd-application-example-apps-testprefix-argocd.yaml")
+        assertThat(file).exists()
+        Map yaml = new YamlSlurper().parse(file) as Map
+
+        assertThat(yaml["metadata"]["name"]).isEqualTo('example-apps')
+        assertThat(yaml["metadata"]["namespace"]).isEqualTo('testprefix-argocd')
+        assertThat(yaml["spec"]["destination"]["namespace"]).isEqualTo('testnamespace')
+
+        assertThat(yaml["spec"]["source"]["path"]).isEqualTo('argocd/')
+        assertThat(yaml["spec"]["source"]["repoURL"]).isEqualTo('testurl.com/argocd/example-apps')
+    }
+}
diff --git a/templates/kubernetes/argocd/application.ftl.yaml b/templates/kubernetes/argocd/application.ftl.yaml
@@ -9,8 +9,8 @@ metadata:
 spec:
   destination:
     server: https://kubernetes.default.svc
-    namespace: ${namePrefix}argocd
-  project: default
+    namespace: ${destinationNamespace}
+  project: ${project}
   source:
     path: ${path}
     repoURL: ${repoUrl}

Original file line number	Diff line number	Diff line change
`@@ -484,6 +484,11 @@ class Config {`
`484`	`484`	`return new LinkedHashSet<>(dedicatedNamespaces + tenantNamespaces)`
`485`	`485`	`}`
`486`	`486`	`}`
	`487`	`+`
	`488`	`+ @JsonIgnore`
	`489`	`+ String getTenantName(){`
	`490`	`+ return namePrefix.replaceAll(/-$/, "")`
	`491`	`+ }`
`487`	`492`	`}`
`488`	`493`
`489`	`494`	`static class ImagesSchema {`