[Integration][ArgoCD] - Option to bypass SSL cert validation when con…

…necting to ArgoCD (#1083)

# Description

What - Added option to bypass SSL cert validation when making
connections to ArgoCD server.

Why - Some customers want to try the integration against their local
argocd instance before rolling it out to their main server. On local
clusters such as docker desktop or minikube, they are unable to see
entities ingested because of SSL verification checks. They get this
error

`Exception: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
self-signed certificate (_ssl.c:1006)
`
How - Added a customer httpx client and set `verify=False` when
`allow_insecure=true` filter is passed to the integration

## Type of change

Please leave one option from the following and delete the rest:

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] New Integration (non-breaking change which adds a new integration)
- [ ] Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] Non-breaking change (fix of existing functionality that will not
change current behavior)
- [ ] Documentation (added/updated documentation)

<h4> All tests should be run against the port production
environment(using a testing org). </h4>

### Core testing checklist

- [ ] Integration able to create all default resources from scratch
- [ ] Resync finishes successfully
- [ ] Resync able to create entities
- [ ] Resync able to update entities
- [ ] Resync able to detect and delete entities
- [ ] Scheduled resync able to abort existing resync and start a new one
- [ ] Tested with at least 2 integrations from scratch
- [ ] Tested with Kafka and Polling event listeners
- [ ] Tested deletion of entities that don't pass the selector


### Integration testing checklist

- [ ] Integration able to create all default resources from scratch
- [ ] Resync able to create entities
- [ ] Resync able to update entities
- [ ] Resync able to detect and delete entities
- [ ] Resync finishes successfully
- [ ] If new resource kind is added or updated in the integration, add
example raw data, mapping and expected result to the `examples` folder
in the integration directory.
- [ ] If resource kind is updated, run the integration with the example
data and check if the expected result is achieved
- [ ] If new resource kind is added or updated, validate that
live-events for that resource are working as expected
- [ ] Docs PR link [here](#)

### Preflight checklist

- [ ] Handled rate limiting
- [ ] Handled pagination
- [ ] Implemented the code in async
- [ ] Support Multi account

## Screenshots

Include screenshots from your environment showing how the resources of
the integration will look.

## API Documentation

Provide links to the API documentation used for this integration.

---------

Co-authored-by: Tom Tankilevitch <[email protected]>

integrations/argocd/.port/spec.yaml

@@ -28,3 +28,8 @@ configurations:
     required: false
     description: Whether to ignore server errors when fetching data from ArgoCD. If set to true, the exporter will continue to fetch data and ingest entities in Port without failing the resync event even if the ArgoCD server returns an error. If set to false, the exporter will stop fetching data and fail the resync event when the ArgoCD server returns an error. Default is false.
     default: false
+  - name: allowInsecure
+    type: boolean
+    required: false
+    description: Whether to allow insecure connections to the ArgoCD server. If set to true, the exporter will allow insecure connections to the ArgoCD server. If set to false, the exporter will only allow secure connections to the ArgoCD server. Default is false.
+    default: false

integrations/argocd/CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- towncrier release notes start -->
 
+## 0.1.95 (2024-10-18)
+
+
+### Improvements
+
+- Added support for optional insecure connections to Argocd with SSL verification disabled when allow_insecure is set to True (0.1.95)
+
+
 ## 0.1.94 (2024-10-14)
 
 

integrations/argocd/client.py

@@ -23,12 +23,23 @@ class ResourceKindsWithSpecialHandling(StrEnum):
 
 
 class ArgocdClient:
-    def __init__(self, token: str, server_url: str, ignore_server_error: bool):
+    def __init__(
+        self,
+        token: str,
+        server_url: str,
+        ignore_server_error: bool,
+        allow_insecure: bool,
+    ):
         self.token = token
         self.api_url = f"{server_url}/api/v1"
         self.ignore_server_error = ignore_server_error
+        self.allow_insecure = allow_insecure
         self.api_auth_header = {"Authorization": f"Bearer {self.token}"}
-        self.http_client = http_async_client
+        if self.allow_insecure:
+            # This is not recommended for production use
+            self.http_client = httpx.AsyncClient(verify=False)
+        else:
+            self.http_client = http_async_client
         self.http_client.headers.update(self.api_auth_header)
 
     async def _send_api_request(

integrations/argocd/main.py

@@ -10,6 +10,7 @@ def init_client() -> ArgocdClient:
         ocean.integration_config["token"],
         ocean.integration_config["server_url"],
         ocean.integration_config["ignore_server_error"],
+        ocean.integration_config["allow_insecure"],
     )
 
 

integrations/argocd/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "argocd"
-version = "0.1.94"
+version = "0.1.95"
 description = "Argo CD integration powered by Ocean"
 authors = ["Isaac Coffie <[email protected]>"]