From 210f26ae8343fd9d49d2a753e6879d218b5e49b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Nov=C3=A1k?= Date: Fri, 17 May 2024 21:41:23 +0200 Subject: [PATCH] fix(reposerver): fix OCI repository matching (#17955) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Novák --- USERS.md | 1 + reposerver/repository/repository.go | 4 +++- reposerver/repository/repository_test.go | 17 +++++++++++++++-- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/USERS.md b/USERS.md index 14cb981665f08..32f665c6e9bb1 100644 --- a/USERS.md +++ b/USERS.md @@ -44,6 +44,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [BMW Group](https://www.bmwgroup.com/) 1. [Boozt](https://www.booztgroup.com/) 1. [Boticario](https://www.boticario.com.br/) +1. [Broker Consulting, a.s.](https://www.bcas.cz/en/) 1. [Bulder Bank](https://bulderbank.no) 1. [CAM](https://cam-inc.co.jp) 1. [Camptocamp](https://camptocamp.com) diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 1527c4b372c27..3fc1070feb1b2 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -1000,7 +1000,9 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC // finally if repo is OCI and no credentials found, use the first OCI credential matching by hostname // see https://github.com/argoproj/argo-cd/issues/14636 for _, cred := range repositories { - if depURL, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && depURL.Host == cred.Repo { + // if the repo is OCI, don't match the repository URL exactly, but only as a dependent repository prefix just like in the getRepoCredential function + // see https://github.com/argoproj/argo-cd/issues/12436 + if _, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && strings.HasPrefix(dep.Repo, cred.Repo) { repo.Username = cred.Username repo.Password = cred.Password break diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index edd40c630569e..a90d7da41062e 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -3036,9 +3036,9 @@ func Test_populateHelmAppDetails_values_symlinks(t *testing.T) { }) } -func TestGetHelmRepos_OCIDependencies(t *testing.T) { +func TestGetHelmRepos_OCIDependenciesWithHelmRepo(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{ + q := apiclient.ManifestRequest{Repos: []*argoappv1.Repository{}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{ {URL: "example.com", Username: "test", Password: "test", EnableOCI: true}, }} @@ -3051,6 +3051,19 @@ func TestGetHelmRepos_OCIDependencies(t *testing.T) { assert.Equal(t, helmRepos[0].Repo, "example.com/myrepo") } +func TestGetHelmRepos_OCIDependenciesWithRepo(t *testing.T) { + src := argoappv1.ApplicationSource{Path: "."} + q := apiclient.ManifestRequest{Repos: []*argoappv1.Repository{{Repo: "example.com", Username: "test", Password: "test", EnableOCI: true}}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{}} + + helmRepos, err := getHelmRepos("./testdata/oci-dependencies", q.Repos, q.HelmRepoCreds) + assert.Nil(t, err) + + assert.Equal(t, len(helmRepos), 1) + assert.Equal(t, helmRepos[0].Username, "test") + assert.Equal(t, helmRepos[0].EnableOci, true) + assert.Equal(t, helmRepos[0].Repo, "example.com/myrepo") +} + func TestGetHelmRepo_NamedRepos(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Repos: []*argoappv1.Repository{{