fix: argocd login won't crash when .data is repopulated in argocd-sec…

…ret (argoproj-labs#710)
rishabh625 · Jul 20, 2022 · 2bafed8 · 2bafed8
1 parent 2895d8f
commit 2bafed8
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 4 deletions.
diff --git a/controllers/argocd/secret.go b/controllers/argocd/secret.go
@@ -293,6 +293,18 @@ func (r *ReconcileArgoCD) reconcileClusterSecrets(cr *argoprojv1a1.ArgoCD) error
 func (r *ReconcileArgoCD) reconcileExistingArgoSecret(secret *corev1.Secret, clusterSecret *corev1.Secret, tlsSecret *corev1.Secret) error {
 	changed := false
 
+	if secret.Data == nil {
+		secret.Data = make(map[string][]byte)
+	}
+
+	if secret.Data[common.ArgoCDKeyServerSecretKey] == nil {
+		sessionKey, err := generateArgoServerSessionKey()
+		if err != nil {
+			return err
+		}
+		secret.Data[common.ArgoCDKeyServerSecretKey] = sessionKey
+	}
+
 	if hasArgoAdminPasswordChanged(secret, clusterSecret) {
 		pwBytes, ok := clusterSecret.Data[common.ArgoCDKeyAdminPassword]
 		if ok {
@@ -301,10 +313,6 @@ func (r *ReconcileArgoCD) reconcileExistingArgoSecret(secret *corev1.Secret, clu
 				return err
 			}
 
-			if secret.Data == nil {
-				secret.Data = make(map[string][]byte)
-			}
-
 			secret.Data[common.ArgoCDKeyAdminPassword] = []byte(hashedPassword)
 			secret.Data[common.ArgoCDKeyAdminPasswordMTime] = nowBytes()
 			changed = true

diff --git a/controllers/argocd/secret_test.go b/controllers/argocd/secret_test.go
@@ -19,6 +19,7 @@ import (
 
 	"github.com/argoproj-labs/argocd-operator/api/v1alpha1"
 	argoprojv1alpha1 "github.com/argoproj-labs/argocd-operator/api/v1alpha1"
+	"github.com/argoproj-labs/argocd-operator/common"
 	"github.com/argoproj-labs/argocd-operator/controllers/argoutil"
 )
 
@@ -207,6 +208,45 @@ func Test_ReconcileArgoCD_ReconcileRepoTLSSecret(t *testing.T) {
 
 }
 
+func Test_ReconcileArgoCD_ReconcileExistingArgoSecret(t *testing.T) {
+	argocd := &v1alpha1.ArgoCD{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "argocd",
+			Namespace: "argocd-operator",
+		},
+	}
+
+	clusterSecret := argoutil.NewSecretWithSuffix(argocd, "cluster")
+	clusterSecret.Data = map[string][]byte{common.ArgoCDKeyAdminPassword: []byte("something")}
+	tlsSecret := argoutil.NewSecretWithSuffix(argocd, "tls")
+	r := makeTestReconciler(t, argocd)
+	r.Client.Create(context.TODO(), clusterSecret)
+	r.Client.Create(context.TODO(), tlsSecret)
+	err := r.reconcileArgoSecret(argocd)
+
+	assert.NoError(t, err)
+
+	testSecret := &corev1.Secret{}
+	secretErr := r.Client.Get(context.TODO(), types.NamespacedName{Name: "argocd-secret", Namespace: "argocd-operator"}, testSecret)
+	assert.NoError(t, secretErr)
+
+	// if you remove the secret.Data it should come back, including the secretKey
+	testSecret.Data = nil
+	r.Client.Update(context.TODO(), testSecret)
+
+	_ = r.reconcileExistingArgoSecret(testSecret, clusterSecret, tlsSecret)
+	_ = r.Client.Get(context.TODO(), types.NamespacedName{Name: "argocd-secret", Namespace: "argocd-operator"}, testSecret)
+
+	if testSecret.Data == nil {
+		t.Errorf("Expected data for data.server but got nothing")
+	}
+
+	if testSecret.Data[common.ArgoCDKeyServerSecretKey] == nil {
+		t.Errorf("Expected data for data.server.secretKey but got nothing")
+	}
+
+}
+
 func Test_ReconcileArgoCD_ReconcileRedisTLSSecret(t *testing.T) {
 	argocd := &v1alpha1.ArgoCD{
 		ObjectMeta: metav1.ObjectMeta{