Merge branch 'main' into user-flow-security-fix

Author: kartik-579

Dockerfile

@@ -17,7 +17,8 @@ RUN apt clean autoclean
 RUN apt autoremove -y && rm -rf /var/lib/apt/lists/*
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/devtron .
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/auth_model.conf .
-COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets/ /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets
+#COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets/ /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets
+COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/argocd-assets/ /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/scripts/devtron-reference-helm-charts scripts/devtron-reference-helm-charts
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/scripts/sql scripts/sql
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/scripts/casbin scripts/casbin

DockerfileEA

@@ -17,7 +17,8 @@ RUN apt autoremove -y && rm -rf /var/lib/apt/lists/*
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/auth_model.conf .
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/cmd/external-app/devtron-ea .
 
-COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets/ /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets
+#COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets/ /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets
+COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/argocd-assets/ /go/src/github.com/devtron-labs/devtron/vendor/github.com/argoproj/argo-cd/assets
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/scripts/devtron-reference-helm-charts scripts/devtron-reference-helm-charts
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/scripts/sql scripts/sql
 COPY --from=build-env  /go/src/github.com/devtron-labs/devtron/scripts/casbin scripts/casbin

api/argoApplication/ArgoApplicationRestHandler.go

@@ -20,6 +20,7 @@ import (
 	"errors"
 	"github.com/devtron-labs/devtron/api/restHandler/common"
 	"github.com/devtron-labs/devtron/pkg/argoApplication"
+	"github.com/devtron-labs/devtron/pkg/argoApplication/read"
 	"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
 	"go.uber.org/zap"
 	"net/http"
@@ -34,14 +35,16 @@ type ArgoApplicationRestHandler interface {
 
 type ArgoApplicationRestHandlerImpl struct {
 	argoApplicationService argoApplication.ArgoApplicationService
+	readService            read.ArgoApplicationReadService
 	logger                 *zap.SugaredLogger
 	enforcer               casbin.Enforcer
 }
 
 func NewArgoApplicationRestHandlerImpl(argoApplicationService argoApplication.ArgoApplicationService,
-	logger *zap.SugaredLogger, enforcer casbin.Enforcer) *ArgoApplicationRestHandlerImpl {
+	readService read.ArgoApplicationReadService, logger *zap.SugaredLogger, enforcer casbin.Enforcer) *ArgoApplicationRestHandlerImpl {
 	return &ArgoApplicationRestHandlerImpl{
 		argoApplicationService: argoApplicationService,
+		readService:            readService,
 		logger:                 logger,
 		enforcer:               enforcer,
 	}
@@ -101,9 +104,9 @@ func (handler *ArgoApplicationRestHandlerImpl) GetApplicationDetail(w http.Respo
 			return
 		}
 	}
-	resp, err := handler.argoApplicationService.GetAppDetail(resourceName, namespace, clusterId)
+	resp, err := handler.readService.GetAppDetail(resourceName, namespace, clusterId)
 	if err != nil {
-		handler.logger.Errorw("error in listing all argo applications", "err", err, "resourceName", resourceName, "clusterId", clusterId)
+		handler.logger.Errorw("error in getting argo application app detail", "err", err, "resourceName", resourceName, "clusterId", clusterId)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
 	}

api/argoApplication/wire_argoApplication.go

@@ -18,10 +18,14 @@ package argoApplication
 
 import (
 	"github.com/devtron-labs/devtron/pkg/argoApplication"
+	"github.com/devtron-labs/devtron/pkg/argoApplication/read"
 	"github.com/google/wire"
 )
 
 var ArgoApplicationWireSet = wire.NewSet(
+	read.NewArgoApplicationReadServiceImpl,
+	wire.Bind(new(read.ArgoApplicationReadService), new(*read.ArgoApplicationReadServiceImpl)),
+
 	argoApplication.NewArgoApplicationServiceImpl,
 	wire.Bind(new(argoApplication.ArgoApplicationService), new(*argoApplication.ArgoApplicationServiceImpl)),
 

api/helm-app/HelmAppRestHandler.go

@@ -25,9 +25,11 @@ import (
 	"github.com/devtron-labs/devtron/pkg/appStore/installedApp/service"
 	"github.com/devtron-labs/devtron/pkg/appStore/installedApp/service/EAMode"
 	"github.com/devtron-labs/devtron/pkg/argoApplication"
+	"github.com/devtron-labs/devtron/pkg/argoApplication/helper"
 	clientErrors "github.com/devtron-labs/devtron/pkg/errors"
 	"github.com/devtron-labs/devtron/pkg/fluxApplication"
 	bean2 "github.com/devtron-labs/devtron/pkg/k8s/application/bean"
+	"github.com/devtron-labs/devtron/pkg/pipeline"
 	"net/http"
 	"strconv"
 	"strings"
@@ -144,6 +146,11 @@ func (handler *HelmAppRestHandlerImpl) GetApplicationDetail(w http.ResponseWrite
 	//RBAC enforcer Ends
 	appdetail, err := handler.helmAppService.GetApplicationDetail(context.Background(), appIdentifier)
 	if err != nil {
+
+		if pipeline.CheckAppReleaseNotExist(err) {
+			common.WriteJsonResp(w, err, nil, http.StatusNotFound)
+			return
+		}
 		apiError := clientErrors.ConvertToApiError(err)
 		if apiError != nil {
 			err = apiError
@@ -226,7 +233,7 @@ func (handler *HelmAppRestHandlerImpl) handleFluxApplicationHibernate(r *http.Re
 	return handler.fluxApplication.HibernateFluxApplication(r.Context(), appIdentifier, hibernateRequest)
 }
 func (handler *HelmAppRestHandlerImpl) handleArgoApplicationHibernate(r *http.Request, token string, hibernateRequest *openapi.HibernateRequest) ([]*openapi.HibernateStatus, error) {
-	appIdentifier, err := argoApplication.DecodeExternalArgoAppId(*hibernateRequest.AppId)
+	appIdentifier, err := helper.DecodeExternalArgoAppId(*hibernateRequest.AppId)
 	if err != nil {
 		return nil, err
 	}
@@ -310,7 +317,7 @@ func (handler *HelmAppRestHandlerImpl) handleFluxApplicationUnHibernate(r *http.
 	return handler.fluxApplication.UnHibernateFluxApplication(r.Context(), appIdentifier, hibernateRequest)
 }
 func (handler *HelmAppRestHandlerImpl) handleArgoApplicationUnHibernate(r *http.Request, token string, hibernateRequest *openapi.HibernateRequest) ([]*openapi.HibernateStatus, error) {
-	appIdentifier, err := argoApplication.DecodeExternalArgoAppId(*hibernateRequest.AppId)
+	appIdentifier, err := helper.DecodeExternalArgoAppId(*hibernateRequest.AppId)
 	if err != nil {
 		return nil, err
 	}

api/helm-app/service/HelmAppService.go

@@ -86,7 +86,7 @@ type HelmAppService interface {
 	UpdateApplicationWithChartInfoWithExtraValues(ctx context.Context, appIdentifier *helmBean.AppIdentifier, chartRepository *gRPC.ChartRepository, extraValues map[string]interface{}, extraValuesYamlUrl string, useLatestChartVersion bool) (*openapi.UpdateReleaseResponse, error)
 	TemplateChart(ctx context.Context, templateChartRequest *openapi2.TemplateChartRequest) (*openapi2.TemplateChartResponse, error)
 	GetNotes(ctx context.Context, request *gRPC.InstallReleaseRequest) (string, error)
-	ValidateOCIRegistry(ctx context.Context, OCIRegistryRequest *gRPC.RegistryCredential) bool
+	ValidateOCIRegistry(ctx context.Context, OCIRegistryRequest *gRPC.RegistryCredential) (bool, error)
 	GetRevisionHistoryMaxValue(appType bean.SourceAppType) int32
 	GetResourceTreeForExternalResources(ctx context.Context, clusterId int, clusterConfig *gRPC.ClusterConfig, resources []*gRPC.ExternalResourceDetail) (*gRPC.ResourceTreeResponse, error)
 	CheckIfNsExistsForClusterIds(clusterIdToNsMap map[int]string) error
@@ -1022,13 +1022,13 @@ func (impl *HelmAppServiceImpl) GetNotes(ctx context.Context, request *gRPC.Inst
 	return notesTxt, err
 }
 
-func (impl *HelmAppServiceImpl) ValidateOCIRegistry(ctx context.Context, OCIRegistryRequest *gRPC.RegistryCredential) bool {
+func (impl *HelmAppServiceImpl) ValidateOCIRegistry(ctx context.Context, OCIRegistryRequest *gRPC.RegistryCredential) (bool, error) {
 	response, err := impl.helmAppClient.ValidateOCIRegistry(ctx, OCIRegistryRequest)
 	if err != nil {
 		impl.logger.Errorw("error in fetching chart", "err", err)
-		return false
+		return false, err
 	}
-	return response.IsLoggedIn
+	return response.IsLoggedIn, nil
 }
 
 func (impl *HelmAppServiceImpl) DecodeAppId(appId string) (*helmBean.AppIdentifier, error) {

api/k8s/application/k8sApplicationRestHandler.go

@@ -33,7 +33,8 @@ import (
 	client "github.com/devtron-labs/devtron/api/helm-app/service"
 	"github.com/devtron-labs/devtron/api/restHandler/common"
 	util2 "github.com/devtron-labs/devtron/internal/util"
-	"github.com/devtron-labs/devtron/pkg/argoApplication"
+	"github.com/devtron-labs/devtron/pkg/argoApplication/helper"
+	"github.com/devtron-labs/devtron/pkg/argoApplication/read"
 	"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
 	"github.com/devtron-labs/devtron/pkg/auth/user"
 	"github.com/devtron-labs/devtron/pkg/cluster"
@@ -81,39 +82,39 @@ type K8sApplicationRestHandler interface {
 }
 
 type K8sApplicationRestHandlerImpl struct {
-	logger                 *zap.SugaredLogger
-	k8sApplicationService  application2.K8sApplicationService
-	pump                   connector.Pump
-	terminalSessionHandler terminal.TerminalSessionHandler
-	enforcer               casbin.Enforcer
-	validator              *validator.Validate
-	enforcerUtil           rbac.EnforcerUtil
-	enforcerUtilHelm       rbac.EnforcerUtilHelm
-	helmAppService         client.HelmAppService
-	userService            user.UserService
-	k8sCommonService       k8s.K8sCommonService
-	terminalEnvVariables   *util.TerminalEnvVariables
-	fluxAppService         fluxApplication.FluxApplicationService
-	argoApplication        argoApplication.ArgoApplicationService
+	logger                     *zap.SugaredLogger
+	k8sApplicationService      application2.K8sApplicationService
+	pump                       connector.Pump
+	terminalSessionHandler     terminal.TerminalSessionHandler
+	enforcer                   casbin.Enforcer
+	validator                  *validator.Validate
+	enforcerUtil               rbac.EnforcerUtil
+	enforcerUtilHelm           rbac.EnforcerUtilHelm
+	helmAppService             client.HelmAppService
+	userService                user.UserService
+	k8sCommonService           k8s.K8sCommonService
+	terminalEnvVariables       *util.TerminalEnvVariables
+	fluxAppService             fluxApplication.FluxApplicationService
+	argoApplicationReadService read.ArgoApplicationReadService
 }
 
-func NewK8sApplicationRestHandlerImpl(logger *zap.SugaredLogger, k8sApplicationService application2.K8sApplicationService, pump connector.Pump, terminalSessionHandler terminal.TerminalSessionHandler, enforcer casbin.Enforcer, enforcerUtilHelm rbac.EnforcerUtilHelm, enforcerUtil rbac.EnforcerUtil, helmAppService client.HelmAppService, userService user.UserService, k8sCommonService k8s.K8sCommonService, validator *validator.Validate, envVariables *util.EnvironmentVariables, fluxAppService fluxApplication.FluxApplicationService, argoApplication argoApplication.ArgoApplicationService,
+func NewK8sApplicationRestHandlerImpl(logger *zap.SugaredLogger, k8sApplicationService application2.K8sApplicationService, pump connector.Pump, terminalSessionHandler terminal.TerminalSessionHandler, enforcer casbin.Enforcer, enforcerUtilHelm rbac.EnforcerUtilHelm, enforcerUtil rbac.EnforcerUtil, helmAppService client.HelmAppService, userService user.UserService, k8sCommonService k8s.K8sCommonService, validator *validator.Validate, envVariables *util.EnvironmentVariables, fluxAppService fluxApplication.FluxApplicationService, argoApplicationReadService read.ArgoApplicationReadService,
 ) *K8sApplicationRestHandlerImpl {
 	return &K8sApplicationRestHandlerImpl{
-		logger:                 logger,
-		k8sApplicationService:  k8sApplicationService,
-		pump:                   pump,
-		terminalSessionHandler: terminalSessionHandler,
-		enforcer:               enforcer,
-		validator:              validator,
-		enforcerUtilHelm:       enforcerUtilHelm,
-		enforcerUtil:           enforcerUtil,
-		helmAppService:         helmAppService,
-		userService:            userService,
-		k8sCommonService:       k8sCommonService,
-		terminalEnvVariables:   envVariables.TerminalEnvVariables,
-		fluxAppService:         fluxAppService,
-		argoApplication:        argoApplication,
+		logger:                     logger,
+		k8sApplicationService:      k8sApplicationService,
+		pump:                       pump,
+		terminalSessionHandler:     terminalSessionHandler,
+		enforcer:                   enforcer,
+		validator:                  validator,
+		enforcerUtilHelm:           enforcerUtilHelm,
+		enforcerUtil:               enforcerUtil,
+		helmAppService:             helmAppService,
+		userService:                userService,
+		k8sCommonService:           k8sCommonService,
+		terminalEnvVariables:       envVariables.TerminalEnvVariables,
+		fluxAppService:             fluxAppService,
+		argoApplicationReadService: argoApplicationReadService,
 	}
 }
 
@@ -289,7 +290,7 @@ func (handler *K8sApplicationRestHandlerImpl) GetHostUrlsByBatch(w http.Response
 		resourceTreeResponse = appDetail.ResourceTreeResponse
 
 	} else if appType == bean2.ArgoAppType {
-		appIdentifier, err := argoApplication.DecodeExternalArgoAppId(appIdString)
+		appIdentifier, err := helper.DecodeExternalArgoAppId(appIdString)
 		if err != nil {
 			common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 			return
@@ -301,7 +302,7 @@ func (handler *K8sApplicationRestHandlerImpl) GetHostUrlsByBatch(w http.Response
 		}
 		//RBAC enforcer Ends
 
-		appDetail, err := handler.argoApplication.GetAppDetail(appIdentifier.AppName, appIdentifier.Namespace, appIdentifier.ClusterId)
+		appDetail, err := handler.argoApplicationReadService.GetAppDetail(appIdentifier.AppName, appIdentifier.Namespace, appIdentifier.ClusterId)
 		if err != nil {
 			apiError := clientErrors.ConvertToApiError(err)
 			if apiError != nil {
@@ -721,12 +722,12 @@ func (handler *K8sApplicationRestHandlerImpl) requestValidationAndRBAC(w http.Re
 		}
 		//RBAC enforcer ends here
 	} else if request.AppType == bean2.ArgoAppType && request.ExternalArgoApplicationName != "" {
-		appIdentifier, err := argoApplication.DecodeExternalArgoAppId(request.AppId)
+		appIdentifier, err := helper.DecodeExternalArgoAppId(request.AppId)
 		if err != nil {
 			handler.logger.Errorw(bean2.AppIdDecodingError, "err", err, "appIdentifier", request.AppIdentifier)
 			common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		}
-		valid, err := handler.k8sApplicationService.ValidateArgoResourceRequest(r.Context(), appIdentifier, request.K8sRequest)
+		valid, err := handler.argoApplicationReadService.ValidateArgoResourceRequest(r.Context(), appIdentifier, request.K8sRequest)
 		if err != nil || !valid {
 			handler.logger.Errorw("error in validating resource request", "err", err)
 			common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
@@ -1145,14 +1146,14 @@ func (handler *K8sApplicationRestHandlerImpl) verifyRbacForAppRequests(token str
 	envObject := ""
 	switch request.AppType {
 	case bean2.ArgoAppType:
-		argoAppIdentifier, err := argoApplication.DecodeExternalArgoAppId(request.AppId)
+		argoAppIdentifier, err := helper.DecodeExternalArgoAppId(request.AppId)
 		if err != nil {
 			handler.logger.Errorw("error in decoding appId", "err", err, "appId", request.AppId)
 			return false, err
 		}
 		request.ClusterId = argoAppIdentifier.ClusterId
 		request.ExternalArgoApplicationName = argoAppIdentifier.AppName
-		valid, err := handler.k8sApplicationService.ValidateArgoResourceRequest(r.Context(), argoAppIdentifier, request.K8sRequest)
+		valid, err := handler.argoApplicationReadService.ValidateArgoResourceRequest(r.Context(), argoAppIdentifier, request.K8sRequest)
 		if err != nil || !valid {
 			handler.logger.Errorw("error in validating resource request", "err", err)
 			return false, err

api/restHandler/DockerRegRestHandler.go

@@ -24,7 +24,6 @@ import (
 
 	"github.com/devtron-labs/devtron/api/restHandler/common"
 	repository "github.com/devtron-labs/devtron/internal/sql/repository/dockerRegistry"
-	"github.com/devtron-labs/devtron/internal/util"
 	chartProviderService "github.com/devtron-labs/devtron/pkg/appStore/chartProvider"
 	"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
 	"github.com/devtron-labs/devtron/pkg/auth/user"
@@ -233,13 +232,8 @@ func (impl DockerRegRestHandlerImpl) SaveDockerRegistryConfig(w http.ResponseWri
 	//RBAC enforcer Ends
 
 	// valid registry credentials from kubelink
-	if isValid := impl.dockerRegistryConfig.ValidateRegistryCredentials(&bean); !isValid {
-		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err, "payload", bean)
-		err = &util.ApiError{
-			HttpStatusCode:  http.StatusBadRequest,
-			InternalMessage: "Invalid authentication credentials. Please verify.",
-			UserMessage:     "Invalid authentication credentials. Please verify.",
-		}
+	if err = impl.dockerRegistryConfig.ValidateRegistryCredentials(&bean); err != nil {
+		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
@@ -349,13 +343,8 @@ func (impl DockerRegRestHandlerImpl) ValidateDockerRegistryConfig(w http.Respons
 		bean.Cert = existingStore.Cert
 	}
 	// valid registry credentials from kubelink
-	if isValid := impl.dockerRegistryConfig.ValidateRegistryCredentials(&bean); !isValid {
-		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err, "payload", bean)
-		err = &util.ApiError{
-			HttpStatusCode:  http.StatusBadRequest,
-			InternalMessage: "Invalid authentication credentials. Please verify.",
-			UserMessage:     "Invalid authentication credentials. Please verify.",
-		}
+	if err = impl.dockerRegistryConfig.ValidateRegistryCredentials(&bean); err != nil {
+		impl.logger.Errorw("registry credentials validation err, SaveDockerRegistryConfig", "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}