Merge pull request #105 from robusta-dev/argo-action

argo app sync
robusta-dev · Nov 24, 2021 · 35b65e6 · 35b65e6
2 parents b897271 + f5dc507
commit 35b65e6
Show file tree

Hide file tree

Showing 5 changed files with 102 additions and 0 deletions.
diff --git a/docs/images/argo-app-sync.png b/docs/images/argo-app-sync.png
diff --git a/docs/user-guide/builtin-playbooks.rst b/docs/user-guide/builtin-playbooks.rst
@@ -117,6 +117,45 @@ git_change_audit
             ``git_key`` github deployment key on the audit repository, with *allow write access*. To set this up `generate a private/public key pair for GitHub <https://docs.github.com/en/developers/overview/managing-deploy-keys#setup-2>`_.
             Store the public key as the Github deployment key and the private key in the playbook configuration.
 
+argo_app_sync
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. admonition:: Playbook
+
+    .. tab-set::
+
+        .. tab-item:: Description
+
+            **What it does:** syncs an Argo CD application
+
+            **When it runs:** can be triggered by any event or manually
+
+            .. image:: /images/argo-app-sync.png
+               :width: 1200
+               :align: center
+
+        .. tab-item:: Configuration
+
+            .. code-block:: yaml
+
+              playbooks:
+                - name: "argo_app_sync"
+                  action_params:
+                    argo_url: "https://my-argo.server.com"
+                    argo_token: "ARGO TOKEN"
+                    argo_app_name: "my app name"
+
+            ``argo_url`` Argo CD server url
+
+            ``argo_token`` Argo CD authentication token
+
+            ``argo_app_name`` Argo CD application that needs syncing
+
+            Optional:
+            ``argo_verify_server_cert`` verify Argo CD server certificate. Defaults to True
+
+            ``rate_limit_seconds`` this playbook is rate limited. Defaults to 1800 seconds.
+
 restart_loop_reporter
 ^^^^^^^^^^^^^^^^^^^^^
 

diff --git a/playbooks/argo_cd.py b/playbooks/argo_cd.py
@@ -0,0 +1,37 @@
+from pydantic import SecretStr
+
+from robusta.api import *
+
+
+class ArgoBaseParams(BaseModel):
+    argo_url: str
+    argo_token: SecretStr
+    argo_verify_server_cert: bool = True
+
+
+class ArgoAppParams(ArgoBaseParams):
+    argo_app_name: str
+    rate_limit_seconds: int = 1800
+
+
+@action
+def argo_app_sync(event: ExecutionBaseEvent, params: ArgoAppParams):
+
+    if not RateLimiter.mark_and_test(
+        "argo_app_sync", params.argo_url + params.argo_app_name, params.rate_limit_seconds
+    ):
+        return
+
+    argo_client = ArgoCDClient(params.argo_url, params.argo_token.get_secret_value(), params.argo_verify_server_cert)
+    success = argo_client.sync_application(params.argo_app_name)
+
+    finding = Finding(
+        title="Argo CD application sync",
+        aggregation_key="argo_app_sync",
+        finding_type=FindingType.REPORT,
+        failure=False
+    )
+    finding.add_enrichment([
+        MarkdownBlock(f"Argo CD app sync for application: *{params.argo_app_name}* ended with *{'success' if success else 'failure'}*")
+    ])
+    event.add_finding(finding)
diff --git a/src/robusta/api/__init__.py b/src/robusta/api/__init__.py
@@ -25,6 +25,7 @@
 from ..integrations.grafana import *
 from ..integrations.scheduled.playbook_scheduler_manager_impl import *
 from ..integrations.git.git_repo import *
+from ..integrations.argocd.argocd_client import *
 from ..integrations.resource_analysis.kubernetes_node_analyzer import NodeAnalyzer
 from ..integrations.prometheus.utils import PrometheusDiscovery
 from ..core.persistency.in_memory import get_persistent_data

diff --git a/src/robusta/integrations/argocd/argocd_client.py b/src/robusta/integrations/argocd/argocd_client.py
@@ -0,0 +1,25 @@
+import logging
+
+import requests
+
+
+class ArgoCDClient:
+    SYNC_APP_PATTERN = "{0}/api/v1/applications/{1}/sync"
+
+    def __init__(self, url: str, token: str, verify_cert: bool = True):
+        self.url = url
+        self.token = token
+        self.verify_cert = verify_cert
+        self.headers = {
+            "Authorization": f"Bearer {self.token}",
+        }
+
+    def sync_application(self, application_name: str) -> bool:
+        sync_url = self.SYNC_APP_PATTERN.format(self.url, application_name)
+
+        argo_response = requests.post(sync_url, headers=self.headers, verify=self.verify_cert)
+        if argo_response.status_code != 200:
+            logging.error(f"Failed to sync application {application_name} on argo {self.url} {argo_response.reason}")
+            return False
+
+        return True