chore: copy argocd sync resources from openapi generated

Author: bbortt

.gitignore

@@ -224,4 +224,3 @@ dist
 
 # OpenAPI generator
 openapitools.json
-src/argo-cd

Cargo.toml

@@ -10,15 +10,17 @@ lazy_static = "1.5.0"
 log = "0.4.22"
 postgres = "0.19.7"
 rand = "0.9.0-alpha.1"
+reqwest = { version = "0.12.5", features = ["json"] }
 serde = { version = "1.0.203", features = ["derive"] }
+serde_json = "1.0.120"
 serde_yaml = "0.9.34+deprecated"
 tokio = { version = "1.38.0", features = ["macros", "rt"] }
 vaultrs = "0.7.2"
+url = "2.5.2"
 
 [dev-dependencies]
 assert_cmd = "2.0.14"
 predicates = "3.1.0"
-reqwest = { version = "0.12.5", features = ["json"] }
 serde_json = "1.0.120"
 testcontainers = { version = "0.20.0", features = ["blocking"] }
 testcontainers-modules = { version = "0.8.0", features = ["blocking", "hashicorp_vault", "k3s", "postgres"] }

DEVELOPMENT.md

@@ -54,10 +54,17 @@ npm ci --cache .npm
 
 6. Generate ArgoCD client sources:
 
-```shell
+This last step is only needed if either:
+
+- Argo-CD was upgraded or
+- You want to check the copied sources contained in [`src/argocd`](./src/argocd)
 
+```shell
+npm run openapi:generate:argocd
 ```
 
+Note that the output of the generator is available in [`target/argo-cd`](target/argo-cd).
+
 ## Environment Setup
 
 `propeller` requires the following components for development:

README.md

@@ -57,12 +57,15 @@ If you don't provide the argument, the tool will default to `config.yml` in the
 The configuration file is in YAML format and has the following structure:
 
 ```yaml
+argo_cd:
+  application: 'sut'
+  base_url: 'http://localhost'
 postgres:
   host: 'localhost' # Replace with your database host
   port: 5432 # Replace with your database port
   database: 'demo' # Replace with your database
 vault:
-  address: 'http://localhost:8200' # Replace with your Vault address
+  base_url: 'http://localhost:8200' # Replace with your Vault address
   path: 'path/to/my/secret' # Replace with the desired path in Vault
 ```
 

dev/config.yml

@@ -1,7 +1,10 @@
+argo_cd:
+  application: 'sut'
+  base_url: 'http://localhost'
 postgres:
   host: 'localhost'
   port: 5432
   database: 'demo'
 vault:
-  address: 'http://localhost:8200'
+  base_url: 'http://localhost:8200'
   path: 'path/to/my/secret'

package.json

@@ -14,7 +14,7 @@
   "license": "Apache-2.0",
   "author": "PostFinance AG",
   "scripts": {
-    "openapi:generate:argocd": "openapi-generator-cli generate -i argo-cd/assets/swagger.json -g rust -o src/argo-cd",
+    "openapi:generate:argocd": "openapi-generator-cli generate -i argo-cd/assets/swagger.json -g rust -o target/argo-cd",
     "prepare": "husky",
     "prettier": "prettier \"{,.github/workflows/,dev/}*.{md,js,json,yml}\"",
     "prettier:check": "npm run prettier -- --check",

src/argo_cd.rs

@@ -0,0 +1,58 @@
+use reqwest::Client;
+use tokio::runtime::{Builder, Runtime};
+
+use crate::config::{ArgoConfig, Config};
+
+pub(crate) struct ArgoCD {
+    argo_config: ArgoConfig,
+    client: Client,
+    rt: Runtime,
+}
+
+impl ArgoCD {
+    pub(crate) fn init(config: &Config) -> ArgoCD {
+        ArgoCD {
+            argo_config: config.argo_cd.clone(),
+            client: Client::new(),
+            rt: Builder::new_current_thread()
+                .enable_all()
+                .build()
+                .expect("Failed to build ArgoCD connection"),
+        }
+    }
+
+    pub(crate) fn sync(&mut self) {
+        let local_var_uri_str = format!(
+            "{}/api/v1/applications/{name}/sync",
+            self.argo_config.base_url,
+            name = urlencode(self.argo_config.application.as_str())
+        );
+        let mut local_var_req_builder = self
+            .client
+            .request(reqwest::Method::POST, local_var_uri_str.as_str());
+
+        local_var_req_builder = local_var_req_builder.json("&body"); // TODO
+
+        let local_var_req = local_var_req_builder
+            .build()
+            .expect("Failed to build ArgoCD sync request");
+        let local_var_resp = self
+            .rt
+            .block_on(self.client.execute(local_var_req))
+            .expect("Failed to sync ArgoCD");
+
+        let local_var_status = local_var_resp.status();
+        let local_var_content = self
+            .rt
+            .block_on(local_var_resp.text())
+            .unwrap_or_else(|_| panic!("Failed to sync ArgoCD"));
+
+        if !local_var_status.is_client_error() && !local_var_status.is_server_error() {
+            panic!("Failed to sync ArgoCD: {local_var_content}")
+        }
+    }
+}
+
+pub fn urlencode<T: AsRef<str>>(s: T) -> String {
+    ::url::form_urlencoded::byte_serialize(s.as_ref().as_bytes()).collect()
+}

src/config.rs

@@ -4,13 +4,20 @@ use std::{fs::File, io::Read, path::PathBuf};
 
 #[derive(Deserialize, Debug)]
 pub(crate) struct Config {
+    pub(crate) argo_cd: ArgoConfig,
     pub(crate) postgres: PostgresConfig,
     pub(crate) vault: VaultConfig,
 }
 
+#[derive(Clone, Deserialize, Debug)]
+pub(crate) struct ArgoConfig {
+    pub(crate) application: String,
+    pub(crate) base_url: String,
+}
+
 #[derive(Clone, Deserialize, Debug)]
 pub(crate) struct VaultConfig {
-    pub(crate) address: String,
+    pub(crate) base_url: String,
     pub(crate) path: String,
 }
 

src/main.rs

@@ -1,13 +1,13 @@
 use clap::Parser;
 use env_logger::{Env, DEFAULT_WRITE_STYLE_ENV};
 
-use config::Config;
-
+use crate::argo_cd::ArgoCD;
 use crate::cli::{CliArgs, Command};
-use crate::config::read_config;
+use crate::config::{read_config, Config};
 use crate::vault::Vault;
 use crate::workflow::rotate_secrets_using_switch_method;
 
+mod argo_cd;
 mod cli;
 mod config;
 mod database;
@@ -28,8 +28,9 @@ fn main() {
         }
         Command::Rotate(rotate_args) => {
             let config: Config = read_config(rotate_args.base.config_path.clone());
+            let mut argo_cd: ArgoCD = ArgoCD::init(&config);
             let mut vault: Vault = Vault::connect(&config);
-            rotate_secrets_using_switch_method(&rotate_args, &config, &mut vault)
+            rotate_secrets_using_switch_method(&rotate_args, &config, &mut argo_cd, &mut vault)
         }
     }
 }

src/vault.rs

@@ -89,7 +89,7 @@ fn get_vault_client(config: &Config) -> VaultClient {
 
     let vault_client: VaultClient = VaultClient::new(
         VaultClientSettingsBuilder::default()
-            .address(config.vault.address.clone())
+            .address(config.vault.base_url.clone())
             .token(vault_token)
             .build()
             .unwrap(),
@@ -110,15 +110,15 @@ mod tests {
         let config = Config {
             postgres: mock_postgres_config(),
             vault: VaultConfig {
-                address: "http://localhost:8200".to_string(),
+                base_url: "http://localhost:8200".to_string(),
                 path: "path/to/my/secret".to_string(),
             },
         };
         env::set_var(VAULT_TOKEN, "test_token"); // Mock environment variable
 
         let vault = Vault::connect(&config);
 
-        assert_eq!(vault.vault_config.address, config.vault.address);
+        assert_eq!(vault.vault_config.base_url, config.vault.base_url);
         assert_eq!(vault.vault_config.path, config.vault.path);
     }
 
@@ -128,7 +128,7 @@ mod tests {
         let config = Config {
             postgres: mock_postgres_config(),
             vault: VaultConfig {
-                address: "http://localhost:8200".to_string(),
+                base_url: "http://localhost:8200".to_string(),
                 path: "path/to/my/secret".to_string(),
             },
         };
@@ -142,7 +142,7 @@ mod tests {
         let config = Config {
             postgres: mock_postgres_config(),
             vault: VaultConfig {
-                address: "http://localhost:8200".to_string(),
+                base_url: "http://localhost:8200".to_string(),
                 path: "path/to/my/secret".to_string(),
             },
         };
@@ -152,7 +152,7 @@ mod tests {
 
         assert_eq!(
             vault_client.settings().address.to_string(),
-            config.vault.address + "/"
+            config.vault.base_url + "/"
         );
     }
 

src/workflow.rs

@@ -1,5 +1,6 @@
 use log::{debug, trace};
 
+use crate::argo_cd::ArgoCD;
 use crate::cli::RotateArgs;
 use crate::config::Config;
 use crate::database::PostgresClient;
@@ -9,16 +10,19 @@ use crate::vault::{Vault, VaultStructure};
 pub(crate) fn rotate_secrets_using_switch_method(
     rotate_args: &RotateArgs,
     config: &Config,
+    argo_cd: &mut ArgoCD,
     vault: &mut Vault,
 ) {
     let db: PostgresClient = PostgresClient::init(config);
 
     debug!("Starting 'switch' workflow");
 
-    let vault_path = config.vault.clone().path;
-    let mut secret: VaultStructure = vault
-        .read_secret()
-        .unwrap_or_else(|_| panic!("Failed to read path '{vault_path}' - did you init Vault?"));
+    let mut secret: VaultStructure = vault.read_secret().unwrap_or_else(|_| {
+        panic!(
+            "Failed to read path '{}' - did you init Vault?",
+            config.vault.clone().path
+        )
+    });
 
     if secret.postgresql_active_user != secret.postgresql_user_1
         && secret.postgresql_active_user != secret.postgresql_user_2
@@ -37,7 +41,7 @@ pub(crate) fn rotate_secrets_using_switch_method(
 
     debug!("Active and passive users switched and synchronized into Vault");
 
-    // TODO: Trigger ArgoCD Sync
+    argo_cd.sync();
 
     let new_password: String = generate_random_password(rotate_args.password_length);
 

tests/init_vault.rs

@@ -34,7 +34,7 @@ postgres:
   port: 5432
   database: 'demo'
 vault:
-  address: 'http://{vault_host}:{vault_port}'
+  base_url: 'http://{vault_host}:{vault_port}'
   path: 'init/vault/new/path'
 "
             )

tests/resources/config/missing_postgresql.yml

@@ -1,3 +1,3 @@
 vault:
-  address: 'http://localhost:1234'
+  base_url: 'http://localhost:1234'
   path: 'config/missing/postgresql'

tests/resources/init_vault/invalid_url.yml

@@ -3,5 +3,5 @@ postgres:
   port: 5432
   database: 'demo'
 vault:
-  address: 'http://localhost:1234'
+  base_url: 'http://localhost:1234'
   path: 'init/vault/invalid/url'

tests/rotate.rs

@@ -77,7 +77,7 @@ postgres:
   port: {postgres_port}
   database: 'demo'
 vault:
-  address: 'http://{vault_host}:{vault_port}'
+  base_url: 'http://{vault_host}:{vault_port}'
   path: 'rotate/secrets'
                 "
             )
@@ -176,7 +176,7 @@ postgres:
   port: {postgres_port}
   database: 'demo'
 vault:
-  address: 'http://{vault_host}:{vault_port}'
+  base_url: 'http://{vault_host}:{vault_port}'
   path: 'rotate/invalid/initialized/secret'
                 "
             )
@@ -217,7 +217,7 @@ postgres:
   port: {postgres_port}
   database: 'demo'
 vault:
-  address: 'http://{vault_host}:{vault_port}'
+  base_url: 'http://{vault_host}:{vault_port}'
   path: 'rotate/non/existing/path'
                 "
             )