sync with main

Author: jgawor

.github/PULL_REQUEST_TEMPLATE.md

@@ -8,7 +8,7 @@ Please make sure that your PR fulfills the following requirements:
 - [ ] Reviewed the guidelines for contributing to this repository
 - [ ] The commit message follows the [Conventional Commits Guidelines](https://www.conventionalcommits.org/en/v1.0.0/#summary).
 - [ ] Tests for the changes have been updated
-- [ ] Are you adding dependencies? If so, please run `go mod tidy -compat=1.21` to ensure only the minimum is pulled in.
+- [ ] Are you adding dependencies? If so, please run `go mod tidy -compat=1.22.7` to ensure only the minimum is pulled in.
 - [ ] Docs have been added / updated
 - [ ] Optional. My organization is added to USERS.md.
 

.github/workflows/pipeline.yml

@@ -42,7 +42,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.21
+          go-version: 1.22.7
 
       - name: Quality checks
         run: make quality

.github/workflows/release.yml

@@ -21,7 +21,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.21
+          go-version: 1.22.7
 
       - name: Install git-chglog
         run: go install github.com/git-chglog/git-chglog/cmd/git-chglog@latest
@@ -34,7 +34,7 @@ jobs:
             ${{ steps.tag.outputs.tag }}
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5
+        uses: goreleaser/goreleaser-action@v6
         with:
           distribution: goreleaser
           version: latest

Dockerfile

@@ -1,4 +1,4 @@
-FROM index.docker.io/golang:1.21
+FROM index.docker.io/golang:1.22.7
 
 ADD go.mod go.mod
 ADD go.sum go.sum

cmd/generate.go

@@ -21,6 +21,7 @@ func NewGenerateCommand() *cobra.Command {
 	const StdIn = "-"
 	var configPath, secretName string
 	var verboseOutput bool
+	var disableCache bool
 
 	var command = &cobra.Command{
 		Use:   "generate <path>",
@@ -63,6 +64,7 @@ func NewGenerateCommand() *cobra.Command {
 
 			v := viper.New()
 			viper.Set("verboseOutput", verboseOutput)
+			viper.Set("disableCache", disableCache)
 			cmdConfig, err := config.New(v, &config.Options{
 				SecretName: secretName,
 				ConfigPath: configPath,
@@ -116,5 +118,6 @@ func NewGenerateCommand() *cobra.Command {
 	command.Flags().StringVarP(&configPath, "config-path", "c", "", "path to a file containing Vault configuration (YAML, JSON, envfile) to use")
 	command.Flags().StringVarP(&secretName, "secret-name", "s", "", "name of a Kubernetes Secret in the argocd namespace containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD). The namespace can be overridden by using the format <namespace>:<name>")
 	command.Flags().BoolVar(&verboseOutput, "verbose-sensitive-output", false, "enable verbose mode for detailed info to help with debugging. Includes sensitive data (credentials), logged to stderr")
+	command.Flags().BoolVar(&disableCache, "disable-token-cache", false, "disable the automatic token cache feature that store tokens locally")
 	return command
 }

cmd/generate_test.go

@@ -2,12 +2,14 @@ package cmd
 
 import (
 	"bytes"
+	"fmt"
 	"io"
 	"os"
 	"strings"
 	"testing"
 
 	"github.com/argoproj-labs/argocd-vault-plugin/pkg/helpers"
+	"github.com/argoproj-labs/argocd-vault-plugin/pkg/utils"
 	"github.com/hashicorp/vault/api"
 	"github.com/hashicorp/vault/vault"
 )
@@ -250,6 +252,54 @@ func TestMain(t *testing.T) {
 		}
 	})
 
+	t.Run("will not create cache if disabled", func(t *testing.T) {
+
+		// Purging token cache before launching this test
+		err := utils.PurgeTokenCache()
+		if err != nil {
+			t.Fatalf("fail to purge tocken cache: %s", err.Error())
+		}
+
+		// Starting the generate command with the --disable-token-cache flag
+		args := []string{
+			"../fixtures/input/nonempty",
+			"--disable-token-cache",
+		}
+		cmd := NewGenerateCommand()
+
+		b := bytes.NewBufferString("")
+		e := bytes.NewBufferString("")
+		cmd.SetArgs(args)
+		cmd.SetOut(b)
+		cmd.SetErr(e)
+		cmd.Execute()
+		out, err := io.ReadAll(b) // Read buffer to bytes
+		if err != nil {
+			t.Fatal(err)
+		}
+		stderr, err := io.ReadAll(e) // Read buffer to bytes
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		buf, err := os.ReadFile("../fixtures/output/all.yaml")
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		// We first check that the command was successful to make sure it reached the token caching part
+		expected := string(buf)
+		if string(out) != expected {
+			t.Fatalf("expected %s\n\nbut got\n\n%s\nerr: %s", expected, string(out), string(stderr))
+		}
+
+		// No cache is expected
+		_, err = utils.ReadExistingToken(fmt.Sprintf("approle_%s", roleid))
+		if err == nil {
+			t.Fatalf("expected no cache but found one")
+		}
+	})
+
 	os.Unsetenv("AVP_TYPE")
 	os.Unsetenv("VAULT_ADDR")
 	os.Unsetenv("AVP_AUTH_TYPE")