diff --git a/GNUmakefile b/GNUmakefile
index 6dce6db7..bb49dc06 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -62,6 +62,9 @@ lint:
@echo "==> Checking source code against linters..."
@GOGC=30 golangci-lint run ./$(PKG_NAME)
+generate:
+ go generate ./...
+
test-compile:
@if [ "$(TEST)" = "./..." ]; then \
echo "ERROR: Set TEST to a specific package. For example,"; \
diff --git a/README.md b/README.md
index 8b03b77d..6768907f 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,17 @@
[](https://github.com/oboukili/terraform-provider-argocd/actions/workflows/tests.yml)
+The [ArgoCD
+Provider](https://registry.terraform.io/providers/oboukili/argocd/latest/docs)
+provides lifecycle management of
+[ArgoCD](https://argo-cd.readthedocs.io/en/stable/) resources.
+
+**NB**: The provider is not concerned with the installation/configuration of
+ArgoCD itself. To make use of the provider, you will need to have an existing
+ArgoCD deployment and, the ArgoCD API server must be
+[accessible](https://argo-cd.readthedocs.io/en/stable/getting_started/#3-access-the-argo-cd-api-server)
+from where you are running Terraform.
+
---
## Compatibility promise
@@ -369,6 +380,16 @@ docker pull redis:6.2.4-alpine
docker pull alpine:3
```
+### Generating documentation
+
+This provider uses [terraform-plugin-docs](https://github.com/hashicorp/terraform-plugin-docs/)
+to generate documentation and store it in the `docs/` directory.
+Once a release is cut, the Terraform Registry will download the documentation from `docs/`
+and associate it with the release version. Read more about how this works on the
+[official page](https://www.terraform.io/registry/providers/docs).
+
+Use `make generate` to ensure the documentation is regenerated with any changes.
+
#### Troubleshooting during local development
* **"too many open files":** Running all acceptance tests in parallel (the default) may open a lot of files and sockets, therefore ensure your local workstation [open files/sockets limits are tuned accordingly](https://k6.io/docs/misc/fine-tuning-os).
@@ -380,4 +401,4 @@ docker pull alpine:3
* Thanks to [JetBrains](https://www.jetbrains.com/?from=terraform-provider-argocd) for providing a GoLand open source license to support the development of this provider.
* Thanks to [Keplr](https://www.welcometothejungle.com/fr/companies/keplr) for allowing me to contribute to this side-project of mine during paid work hours.
- 
+ 
\ No newline at end of file
diff --git a/argocd/provider.go b/argocd/provider.go
index 8cd536df..ab3ab546 100644
--- a/argocd/provider.go
+++ b/argocd/provider.go
@@ -40,11 +40,13 @@ func Provider() *schema.Provider {
Type: schema.TypeString,
Required: true,
DefaultFunc: schema.EnvDefaultFunc("ARGOCD_SERVER", nil),
+ Description: "ArgoCD server address with port. Can be set through the `ARGOCD_SERVER` environment variable.",
},
"auth_token": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARGOCD_AUTH_TOKEN", nil),
+ Description: "ArgoCD authentication token, takes precedence over `username`/`password`. Can be set through the `ARGOCD_AUTH_TOKEN` environment variable.",
ConflictsWith: []string{
"username",
"password",
@@ -56,6 +58,7 @@ func Provider() *schema.Provider {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARGOCD_AUTH_USERNAME", nil),
+ Description: "Authentication username. Can be set through the `ARGOCD_AUTH_USERNAME` environment variable.",
ConflictsWith: []string{
"auth_token",
"use_local_config",
@@ -71,6 +74,7 @@ func Provider() *schema.Provider {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARGOCD_AUTH_PASSWORD", nil),
+ Description: "Authentication password. Can be set through the `ARGOCD_AUTH_PASSWORD` environment variable.",
ConflictsWith: []string{
"auth_token",
"use_local_config",
@@ -83,38 +87,50 @@ func Provider() *schema.Provider {
},
},
"cert_file": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Additional root CA certificates file to add to the client TLS connection pool.",
},
"client_cert_file": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client certificate.",
},
"client_cert_key": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client certificate key.",
},
"plain_text": {
- Type: schema.TypeBool,
- Optional: true,
- Default: false,
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: false,
+ Description: "Whether to initiate an unencrypted connection to ArgoCD server.",
},
"context": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARGOCD_CONTEXT", nil),
+ Description: "Kubernetes context to load from an existing `.kube/config` file. Can be set through `ARGOCD_CONTEXT` environment variable.",
},
"user_agent": {
Type: schema.TypeString,
Optional: true,
},
"grpc_web": {
- Type: schema.TypeBool,
- Optional: true,
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Whether to use gRPC web proxy client. Useful if Argo CD server is behind proxy which does not support HTTP2.",
+ },
+ "grpc_web_root_path": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Use the gRPC web proxy client and set the web root, e.g. `argo-cd`. Useful if the Argo CD server is behind a proxy at a non-root path.",
},
"use_local_config": {
- Type: schema.TypeBool,
- Optional: true,
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: "Use the authentication settings found in the local config file. Useful when you have previously logged in using SSO. Conflicts with `auth_token`, `username` and `password`.",
ConflictsWith: []string{
"username",
"password",
@@ -125,16 +141,13 @@ func Provider() *schema.Provider {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARGOCD_CONFIG_PATH", nil),
+ Description: "Override the default config path of `$HOME/.config/argocd/config`. Only relevant when `use_local_config`. Can be set through the `ARGOCD_CONFIG_PATH` environment variable.",
ConflictsWith: []string{
"username",
"password",
"auth_token",
},
},
- "grpc_web_root_path": {
- Type: schema.TypeString,
- Optional: true,
- },
"port_forward": {
Type: schema.TypeBool,
Optional: true,
@@ -144,14 +157,16 @@ func Provider() *schema.Provider {
Optional: true,
},
"headers": {
- Type: schema.TypeSet,
- Optional: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: "Additional headers to add to each request to the ArgoCD server.",
+ Elem: &schema.Schema{Type: schema.TypeString},
},
"insecure": {
Type: schema.TypeBool,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("ARGOCD_INSECURE", false),
+ Description: "Whether to skip TLS server certificate. Can be set through the `ARGOCD_INSECURE` environment variable.",
},
"kubernetes": {
Type: schema.TypeList,
@@ -341,61 +356,62 @@ func kubernetesResource() *schema.Resource {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_HOST", ""),
- Description: "The hostname (in form of URI) of Kubernetes master.",
+ Description: "The hostname (in form of URI) of the Kubernetes API. Can be sourced from `KUBE_HOST`.",
},
"username": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_USER", ""),
- Description: "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
+ Description: "The username to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_USER`.",
},
"password": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_PASSWORD", ""),
- Description: "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.",
+ Description: "The password to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_PASSWORD`.",
},
"insecure": {
Type: schema.TypeBool,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_INSECURE", false),
- Description: "Whether server should be accessed without verifying the TLS certificate.",
+ Description: "Whether server should be accessed without verifying the TLS certificate. Can be sourced from `KUBE_INSECURE`.",
},
"client_certificate": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_CERT_DATA", ""),
- Description: "PEM-encoded client certificate for TLS authentication.",
+ Description: "PEM-encoded client certificate for TLS authentication. Can be sourced from `KUBE_CLIENT_CERT_DATA`.",
},
"client_key": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLIENT_KEY_DATA", ""),
- Description: "PEM-encoded client certificate key for TLS authentication.",
+ Description: "PEM-encoded client certificate key for TLS authentication. Can be sourced from `KUBE_CLIENT_KEY_DATA`.",
},
"cluster_ca_certificate": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CLUSTER_CA_CERT_DATA", ""),
- Description: "PEM-encoded root certificates bundle for TLS authentication.",
+ Description: "PEM-encoded root certificates bundle for TLS authentication. Can be sourced from `KUBE_CLUSTER_CA_CERT_DATA`.",
},
"config_paths": {
Type: schema.TypeList,
Elem: &schema.Schema{Type: schema.TypeString},
Optional: true,
- Description: "A list of paths to kube config files. Can be set with KUBE_CONFIG_PATHS environment variable.",
+ Description: "A list of paths to the kube config files. Can be sourced from `KUBE_CONFIG_PATHS`.",
},
"config_path": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CONFIG_PATH", nil),
- Description: "Path to the kube config file. Can be set with KUBE_CONFIG_PATH.",
+ Description: "Path to the kube config file. Can be sourced from `KUBE_CONFIG_PATH`.",
ConflictsWith: []string{"kubernetes.0.config_paths"},
},
"config_context": {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_CTX", ""),
+ Description: "Context to choose from the config file. Can be sourced from `KUBE_CTX`.",
},
"config_context_auth_info": {
Type: schema.TypeString,
@@ -413,35 +429,39 @@ func kubernetesResource() *schema.Resource {
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("KUBE_TOKEN", ""),
- Description: "Token to authenticate an service account",
+ Description: "Token to authenticate an service account. Can be sourced from `KUBE_TOKEN`.",
},
"exec": {
- Type: schema.TypeList,
- Optional: true,
- MaxItems: 1,
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Configuration block to use an [exec-based credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"api_version": {
- Type: schema.TypeString,
- Required: true,
+ Type: schema.TypeString,
+ Required: true,
+ Description: "API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`.",
},
"command": {
- Type: schema.TypeString,
- Required: true,
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Command to execute.",
},
"env": {
- Type: schema.TypeMap,
- Optional: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeMap,
+ Optional: true,
+ Description: "List of arguments to pass when executing the plugin.",
+ Elem: &schema.Schema{Type: schema.TypeString},
},
"args": {
- Type: schema.TypeList,
- Optional: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Map of environment variables to set when executing the plugin.",
+ Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
- Description: "",
},
},
}
diff --git a/argocd/resource_argocd_cluster.go b/argocd/resource_argocd_cluster.go
index bb7a2589..4684f6e9 100644
--- a/argocd/resource_argocd_cluster.go
+++ b/argocd/resource_argocd_cluster.go
@@ -12,6 +12,7 @@ import (
func resourceArgoCDCluster() *schema.Resource {
return &schema.Resource{
+ Description: "Manages [cluster credentials](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters) within ArgoCD.",
CreateContext: resourceArgoCDClusterCreate,
ReadContext: resourceArgoCDClusterRead,
UpdateContext: resourceArgoCDClusterUpdate,
diff --git a/argocd/resource_argocd_project.go b/argocd/resource_argocd_project.go
index dad6937a..86d97344 100644
--- a/argocd/resource_argocd_project.go
+++ b/argocd/resource_argocd_project.go
@@ -15,6 +15,7 @@ import (
func resourceArgoCDProject() *schema.Resource {
return &schema.Resource{
+ Description: "Manages [projects](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/) within ArgoCD.",
CreateContext: resourceArgoCDProjectCreate,
ReadContext: resourceArgoCDProjectRead,
UpdateContext: resourceArgoCDProjectUpdate,
diff --git a/argocd/resource_argocd_project_token.go b/argocd/resource_argocd_project_token.go
index 6ccb19fa..db14f09f 100644
--- a/argocd/resource_argocd_project_token.go
+++ b/argocd/resource_argocd_project_token.go
@@ -17,6 +17,7 @@ import (
func resourceArgoCDProjectToken() *schema.Resource {
return &schema.Resource{
+ Description: "Manages ArgoCD project role JWT tokens. See [Project Roles](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-roles) for more info.",
CreateContext: resourceArgoCDProjectTokenCreate,
ReadContext: resourceArgoCDProjectTokenRead,
UpdateContext: resourceArgoCDProjectTokenUpdate,
@@ -24,46 +25,54 @@ func resourceArgoCDProjectToken() *schema.Resource {
Schema: map[string]*schema.Schema{
"project": {
- Type: schema.TypeString,
- Required: true,
- ForceNew: true,
+ Type: schema.TypeString,
+ Description: "The project associated with the token.",
+ Required: true,
+ ForceNew: true,
},
"role": {
- Type: schema.TypeString,
- Required: true,
- ForceNew: true,
+ Type: schema.TypeString,
+ Description: "The name of the role in the project associated with the token.",
+ Required: true,
+ ForceNew: true,
},
"expires_in": {
Type: schema.TypeString,
+ Description: "Duration before the token will expire. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. E.g. `12h`, `7d`. Default: No expiration.",
Optional: true,
ForceNew: true,
ValidateFunc: validateDuration,
},
"renew_before": {
Type: schema.TypeString,
+ Description: "Duration to control token silent regeneration, valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. If `expires_in` is set, Terraform will regenerate the token if `expires_in - renew_before < currentDate`.",
Optional: true,
ValidateFunc: validateDuration,
RequiredWith: []string{"expires_in"},
},
"description": {
- Type: schema.TypeString,
- Optional: true,
- ForceNew: true,
+ Type: schema.TypeString,
+ Description: "Description of the token.",
+ Optional: true,
+ ForceNew: true,
},
"jwt": {
- Type: schema.TypeString,
- Computed: true,
- Sensitive: true,
+ Type: schema.TypeString,
+ Description: "The raw JWT.",
+ Computed: true,
+ Sensitive: true,
},
"issued_at": {
- Type: schema.TypeString,
- Computed: true,
- ForceNew: true,
+ Type: schema.TypeString,
+ Description: "Unix timestamp at which the token was issued.",
+ Computed: true,
+ ForceNew: true,
},
"expires_at": {
- Type: schema.TypeString,
- Computed: true,
- ForceNew: true,
+ Type: schema.TypeString,
+ Description: "If `expires_in` is set, Unix timestamp upon which the token will expire.",
+ Computed: true,
+ ForceNew: true,
},
},
}
diff --git a/argocd/resource_argocd_repository.go b/argocd/resource_argocd_repository.go
index 55b67bfd..27077765 100644
--- a/argocd/resource_argocd_repository.go
+++ b/argocd/resource_argocd_repository.go
@@ -15,6 +15,7 @@ import (
func resourceArgoCDRepository() *schema.Resource {
return &schema.Resource{
+ Description: "Manages [repositories](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) within ArgoCD.",
CreateContext: resourceArgoCDRepositoryCreate,
ReadContext: resourceArgoCDRepositoryRead,
UpdateContext: resourceArgoCDRepositoryUpdate,
diff --git a/argocd/resource_argocd_repository_certificate.go b/argocd/resource_argocd_repository_certificate.go
index 754f5fb0..755571aa 100644
--- a/argocd/resource_argocd_repository_certificate.go
+++ b/argocd/resource_argocd_repository_certificate.go
@@ -13,6 +13,7 @@ import (
func resourceArgoCDRepositoryCertificates() *schema.Resource {
return &schema.Resource{
+ Description: "Manages [custom TLS certificates](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#self-signed-untrusted-tls-certificates) used by ArgoCD for connecting Git repositories.",
CreateContext: resourceArgoCDRepositoryCertificatesCreate,
ReadContext: resourceArgoCDRepositoryCertificatesRead,
DeleteContext: resourceArgoCDRepositoryCertificatesDelete,
diff --git a/argocd/resource_argocd_repository_credentials.go b/argocd/resource_argocd_repository_credentials.go
index 6ebf611d..3ac0f882 100644
--- a/argocd/resource_argocd_repository_credentials.go
+++ b/argocd/resource_argocd_repository_credentials.go
@@ -13,6 +13,7 @@ import (
func resourceArgoCDRepositoryCredentials() *schema.Resource {
return &schema.Resource{
+ Description: "Manages [repository credentials](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#credentials) within ArgoCD.",
CreateContext: resourceArgoCDRepositoryCredentialsCreate,
ReadContext: resourceArgoCDRepositoryCredentialsRead,
UpdateContext: resourceArgoCDRepositoryCredentialsUpdate,
diff --git a/argocd/schema_application.go b/argocd/schema_application.go
index 9fdd59c5..060a8afa 100644
--- a/argocd/schema_application.go
+++ b/argocd/schema_application.go
@@ -794,7 +794,7 @@ func applicationSpecSchemaV2() *schema.Schema {
Type: schema.TypeList,
MinItems: 1,
MaxItems: 1,
- Description: "ArgoCD App application resource specs. Required attributes: destination, source.",
+ Description: "The application specification.",
Required: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
diff --git a/argocd/schema_cluster.go b/argocd/schema_cluster.go
index 371decba..4bc36f7f 100644
--- a/argocd/schema_cluster.go
+++ b/argocd/schema_cluster.go
@@ -8,7 +8,7 @@ func clusterSchema() map[string]*schema.Schema {
return map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
- Description: "Name of the cluster. If omitted, will use the server address",
+ Description: "Name of the cluster. If omitted, will use the server address.",
Optional: true,
DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
if k == "name" {
@@ -24,27 +24,28 @@ func clusterSchema() map[string]*schema.Schema {
},
"server": {
Type: schema.TypeString,
- Description: "Server is the API server URL of the Kubernetes cluster",
+ Description: "Server is the API server URL of the Kubernetes cluster.",
Optional: true,
},
"shard": {
Type: schema.TypeString,
- Description: "Shard contains optional shard number. Calculated on the fly by the application controller if not specified.",
+ Description: "Optional shard number. Calculated on the fly by the application controller if not specified.",
Optional: true,
},
"namespaces": {
Type: schema.TypeList,
- Description: "Holds list of namespaces which are accessible in that cluster. Cluster level resources would be ignored if namespace list is not empty.",
+ Description: "List of namespaces which are accessible in that cluster. Cluster level resources would be ignored if namespace list is not empty.",
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"config": {
- Type: schema.TypeList,
- Required: true,
- MinItems: 1,
- MaxItems: 1,
+ Type: schema.TypeList,
+ Description: "Cluster information for connecting to a cluster.",
+ Required: true,
+ MinItems: 1,
+ MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"aws_auth_config": {
@@ -53,20 +54,21 @@ func clusterSchema() map[string]*schema.Schema {
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cluster_name": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "AWS cluster name.",
+ Optional: true,
},
"role_arn": {
Type: schema.TypeString,
Optional: true,
- Description: "RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain",
+ Description: "IAM role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.",
},
},
},
},
"bearer_token": {
Type: schema.TypeString,
- Description: "Server requires Bearer authentication. This client will not attempt to use refresh tokens for an OAuth2 flow.",
+ Description: "Server requires Bearer authentication. The client will not attempt to use refresh tokens for an OAuth2 flow.",
Optional: true,
Sensitive: true,
},
@@ -74,7 +76,7 @@ func clusterSchema() map[string]*schema.Schema {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
- Description: "exec_provider_config is config used to call an external command to perform cluster authentication See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig",
+ Description: "Configuration for an exec provider used to call an external command to perform cluster authentication See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"api_version": {
@@ -112,36 +114,37 @@ func clusterSchema() map[string]*schema.Schema {
},
},
"tls_client_config": {
- Type: schema.TypeList,
- MaxItems: 1,
- Optional: true,
+ Type: schema.TypeList,
+ Description: "Settings to enable transport layer security when connecting to the cluster.",
+ MaxItems: 1,
+ Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"ca_data": {
Type: schema.TypeString,
Optional: true,
- Description: "ca_data holds PEM-encoded bytes (typically read from a root certificates bundle)",
+ Description: "PEM-encoded bytes (typically read from a root certificates bundle).",
},
"cert_data": {
Type: schema.TypeString,
Optional: true,
- Description: "cert_data holds PEM-encoded bytes (typically read from a client certificate file).",
+ Description: "PEM-encoded bytes (typically read from a client certificate file).",
},
"insecure": {
Type: schema.TypeBool,
Optional: true,
- Description: "Server should be accessed without verifying the TLS certificate.",
+ Description: "Whether server should be accessed without verifying the TLS certificate.",
},
"key_data": {
Type: schema.TypeString,
Optional: true,
Sensitive: true,
- Description: "key_data holds PEM-encoded bytes (typically read from a client certificate key file).",
+ Description: "PEM-encoded bytes (typically read from a client certificate key file).",
},
"server_name": {
Type: schema.TypeString,
Optional: true,
- Description: "ServerName is passed to the server for SNI and is used in the client to check server certificates against. If ServerName is empty, the hostname used to contact the server is used.",
+ Description: "Name to pass to the server for SNI and used in the client to check server certificates against. If empty, the hostname used to contact the server is used.",
},
},
},
@@ -149,11 +152,11 @@ func clusterSchema() map[string]*schema.Schema {
"username": {
Type: schema.TypeString,
Optional: true,
- Description: "Server requires Basic authentication",
+ Description: "Username for servers that require Basic authentication.",
},
"password": {
Type: schema.TypeString,
- Description: "Server requires Basic authentication",
+ Description: "Password for servers that require Basic authentication.",
Optional: true,
Sensitive: true,
},
@@ -161,30 +164,36 @@ func clusterSchema() map[string]*schema.Schema {
},
},
"info": {
- Type: schema.TypeList,
- Computed: true,
+ Type: schema.TypeList,
+ Description: "Information about cluster cache and state.",
+ Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"server_version": {
- Type: schema.TypeString,
- Computed: true,
+ Type: schema.TypeString,
+ Description: "Kubernetes version of the cluster.",
+ Computed: true,
},
"applications_count": {
- Type: schema.TypeString,
- Computed: true,
+ Type: schema.TypeString,
+ Description: "Number of applications managed by Argo CD on the cluster.",
+ Computed: true,
},
"connection_state": {
- Type: schema.TypeList,
- Computed: true,
+ Type: schema.TypeList,
+ Description: "Information about the connection to the cluster.",
+ Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"message": {
- Type: schema.TypeString,
- Computed: true,
+ Type: schema.TypeString,
+ Description: "Human readable information about the connection status.",
+ Computed: true,
},
"status": {
- Type: schema.TypeString,
- Computed: true,
+ Type: schema.TypeString,
+ Description: "Current status indicator for the connection.",
+ Computed: true,
},
},
},
@@ -218,7 +227,7 @@ func clusterSchema() map[string]*schema.Schema {
},
"project": {
Type: schema.TypeString,
- Description: "Add cluster scoped to project",
+ Description: "Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters.",
Optional: true,
},
}
diff --git a/argocd/schema_metadata.go b/argocd/schema_metadata.go
index 23c3b00e..56505125 100644
--- a/argocd/schema_metadata.go
+++ b/argocd/schema_metadata.go
@@ -2,13 +2,14 @@ package argocd
import (
"fmt"
+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
func metadataSchema(name string) *schema.Schema {
return &schema.Schema{
Type: schema.TypeList,
- Description: fmt.Sprintf("Standard %s's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata", name),
+ Description: "Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).",
Required: true,
MaxItems: 1,
Elem: &schema.Resource{
diff --git a/argocd/schema_project.go b/argocd/schema_project.go
index e12b3d5f..f7d5b610 100644
--- a/argocd/schema_project.go
+++ b/argocd/schema_project.go
@@ -415,110 +415,128 @@ func projectSpecSchemaV2() *schema.Schema {
Type: schema.TypeList,
MinItems: 1,
MaxItems: 1,
- Description: "ArgoCD App project resource specs. Required attributes: destination, source_repos.",
+ Description: "ArgoCD AppProject spec.",
Required: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cluster_resource_blacklist": {
- Type: schema.TypeSet,
- Optional: true,
+ Type: schema.TypeSet,
+ Description: "Blacklisted cluster level resources.",
+ Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"group": {
Type: schema.TypeString,
+ Description: "The Kubernetes resource Group to match for.",
ValidateFunc: validateGroupName,
Optional: true,
},
"kind": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "The Kubernetes resource Kind to match for.",
+ Optional: true,
},
},
},
},
"cluster_resource_whitelist": {
- Type: schema.TypeSet,
- Optional: true,
+ Type: schema.TypeSet,
+ Description: "Whitelisted cluster level resources.",
+ Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"group": {
Type: schema.TypeString,
+ Description: "The Kubernetes resource Group to match for.",
ValidateFunc: validateGroupName,
Optional: true,
},
"kind": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "The Kubernetes resource Kind to match for.",
+ Optional: true,
},
},
},
},
"description": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "Project description.",
+ Optional: true,
},
"destination": {
- Type: schema.TypeSet,
- Required: true,
+ Type: schema.TypeSet,
+ Description: "Destinations available for deployment.",
+ Required: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"server": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "URL of the target cluster and must be set to the Kubernetes control plane API.",
+ Optional: true,
},
"namespace": {
- Type: schema.TypeString,
- Required: true,
+ Type: schema.TypeString,
+ Description: "Target namespace for applications' resources.",
+ Required: true,
},
"name": {
Type: schema.TypeString,
- Optional: true,
Description: "Name of the destination cluster which can be used instead of server.",
+ Optional: true,
},
},
},
},
"namespace_resource_blacklist": {
- Type: schema.TypeSet,
- Optional: true,
+ Type: schema.TypeSet,
+ Description: "Blacklisted namespace level resources.",
+ Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"group": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "The Kubernetes resource Group to match for.",
+ Optional: true,
},
"kind": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "The Kubernetes resource Kind to match for.",
+ Optional: true,
},
},
},
},
"namespace_resource_whitelist": {
- Type: schema.TypeSet,
- Optional: true,
+ Type: schema.TypeSet,
+ Description: "Whitelisted namespace level resources.",
+ Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"group": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "The Kubernetes resource Group to match for.",
+ Optional: true,
},
"kind": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "The Kubernetes resource Kind to match for.",
+ Optional: true,
},
},
},
},
"orphaned_resources": {
- Type: schema.TypeList,
- Optional: true,
- MaxItems: 1,
+ Type: schema.TypeList,
+ Description: "Settings specifying if controller should monitor orphaned resources of apps in this project.",
+ Optional: true,
+ MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"warn": {
- Type: schema.TypeBool,
- Optional: true,
+ Type: schema.TypeBool,
+ Description: "Whether a warning condition should be created for apps which have orphaned resources.",
+ Optional: true,
},
"ignore": {
Type: schema.TypeSet,
@@ -527,16 +545,19 @@ func projectSpecSchemaV2() *schema.Schema {
Schema: map[string]*schema.Schema{
"group": {
Type: schema.TypeString,
+ Description: "The Kubernetes resource Group to match for.",
ValidateFunc: validateGroupName,
Optional: true,
},
"kind": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "The Kubernetes resource Kind to match for.",
+ Optional: true,
},
"name": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "The Kubernetes resource name to match for.",
+ Optional: true,
},
},
},
@@ -545,86 +566,102 @@ func projectSpecSchemaV2() *schema.Schema {
},
},
"role": {
- Type: schema.TypeList,
- Optional: true,
+ Type: schema.TypeList,
+ Description: "User defined RBAC roles associated with this project.",
+ Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"description": {
- Type: schema.TypeString,
- Optional: true,
+ Type: schema.TypeString,
+ Description: "Description of the role.",
+ Optional: true,
},
"groups": {
- Type: schema.TypeList,
- Optional: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Description: "List of OIDC group claims bound to this role.",
+ Optional: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
},
"name": {
Type: schema.TypeString,
+ Description: "Name of the role.",
ValidateFunc: validateRoleName,
Required: true,
},
"policies": {
- Type: schema.TypeList,
- Required: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Description: "List of casbin formatted strings that define access policies for the role in the project. For more information, see the [ArgoCD RBAC reference](https://argoproj.github.io/argo-cd/operator-manual/rbac/#rbac-permission-structure).",
+ Required: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
"source_repos": {
- Type: schema.TypeList,
- Required: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Description: "List of repository URLs which can be used for deployment. Can be set to `[\"*\"]` to allow all configured repositories configured in ArgoCD.",
+ Required: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
},
"source_namespaces": {
- Type: schema.TypeSet,
- Set: schema.HashString,
- Optional: true,
+ Type: schema.TypeSet,
+ Description: "List of namespaces that application resources are allowed to be created in.",
+ Set: schema.HashString,
+ Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"signature_keys": {
- Type: schema.TypeList,
- Optional: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Description: "List of PGP key IDs that commits in Git must be signed with in order to be allowed for sync.",
+ Optional: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
},
"sync_window": {
- Type: schema.TypeList,
- Optional: true,
+ Type: schema.TypeList,
+ Description: "Settings controlling when syncs can be run for apps in this project.",
+ Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"applications": {
- Type: schema.TypeList,
- Optional: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Description: "List of applications that the window will apply to.",
+ Optional: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
},
"clusters": {
- Type: schema.TypeList,
- Optional: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Description: "List of clusters that the window will apply to.",
+ Optional: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
},
"duration": {
Type: schema.TypeString,
+ Description: "Amount of time the sync window will be open.",
ValidateFunc: validateSyncWindowDuration,
Optional: true,
},
"kind": {
Type: schema.TypeString,
+ Description: "Defines if the window allows or blocks syncs, allowed values are `allow` or `deny`.",
ValidateFunc: validateSyncWindowKind,
Optional: true,
},
"manual_sync": {
- Type: schema.TypeBool,
- Optional: true,
+ Type: schema.TypeBool,
+ Description: "Enables manual syncs when they would otherwise be blocked.",
+ Optional: true,
},
"namespaces": {
- Type: schema.TypeList,
- Optional: true,
- Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Description: "List of namespaces that the window will apply to.",
+ Optional: true,
+ Elem: &schema.Schema{Type: schema.TypeString},
},
"schedule": {
Type: schema.TypeString,
+ Description: "Time the window will begin, specified in cron format.",
ValidateFunc: validateSyncWindowSchedule,
Optional: true,
},
diff --git a/argocd/schema_repository.go b/argocd/schema_repository.go
index 7a832526..31369339 100644
--- a/argocd/schema_repository.go
+++ b/argocd/schema_repository.go
@@ -10,74 +10,74 @@ func repositorySchema() map[string]*schema.Schema {
return map[string]*schema.Schema{
"repo": {
Type: schema.TypeString,
- Description: "URL of the repo",
+ Description: "URL of the repository.",
ForceNew: true,
Required: true,
},
"enable_lfs": {
Type: schema.TypeBool,
- Description: "Whether git-lfs support should be enabled for this repo",
+ Description: "Whether `git-lfs` support should be enabled for this repository.",
Optional: true,
},
"inherited_creds": {
Type: schema.TypeBool,
- Description: "Whether credentials were inherited from a credential set",
+ Description: "Whether credentials were inherited from a credential set.",
Computed: true,
},
"insecure": {
Type: schema.TypeBool,
- Description: "Whether the repo is insecure",
+ Description: "Whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys.",
Optional: true,
},
"name": {
Type: schema.TypeString,
- Description: "only for Helm repos",
+ Description: "Name to be used for this repo. Only used with Helm repos.",
Optional: true,
},
"project": {
Type: schema.TypeString,
- Description: "The project name, in case the repository is project scoped",
+ Description: "The project name, in case the repository is project scoped.",
Optional: true,
},
"username": {
Type: schema.TypeString,
- Description: "Username for authenticating at the repo server",
+ Description: "Username used for authenticating at the remote repository.",
Optional: true,
},
"password": {
Type: schema.TypeString,
Sensitive: true,
- Description: "Password for authenticating at the repo server",
+ Description: "Password or PAT used for authenticating at the remote repository.",
Optional: true,
},
"ssh_private_key": {
Type: schema.TypeString,
Sensitive: true,
- Description: "SSH private key data for authenticating at the repo server only for Git repos",
+ Description: "PEM data for authenticating at the repo server. Only used with Git repos.",
ValidateFunc: validateSSHPrivateKey,
Optional: true,
},
"tls_client_cert_data": {
Type: schema.TypeString,
- Description: "TLS client cert data for authenticating at the repo server",
+ Description: "TLS client certificate in PEM format for authenticating at the repo server.",
// TODO: add a validator
Optional: true,
},
"tls_client_cert_key": {
Type: schema.TypeString,
Sensitive: true,
- Description: "TLS client cert key for authenticating at the repo server ",
+ Description: "TLS client certificate private key in PEM format for authenticating at the repo server.",
// TODO: add a validator
Optional: true,
},
"enable_oci": {
Type: schema.TypeBool,
- Description: "Specify whether the repo server should be viewed as OCI compliant",
+ Description: "Whether `helm-oci` support should be enabled for this repository.",
Optional: true,
},
"type": {
Type: schema.TypeString,
- Description: "type of the repo, may be 'git' or 'helm', defaults to 'git'",
+ Description: "Type of the repo. Can be either `git` or `helm`. `git` is assumed if empty or absent.",
Default: "git",
ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) {
v := val.(string)
@@ -89,8 +89,9 @@ func repositorySchema() map[string]*schema.Schema {
Optional: true,
},
"connection_state_status": {
- Type: schema.TypeString,
- Computed: true,
+ Description: "Contains information about the current state of connection to the repository server.",
+ Type: schema.TypeString,
+ Computed: true,
},
}
}
diff --git a/argocd/schema_repository_certificate.go b/argocd/schema_repository_certificate.go
index 6ec5958a..b9cd5b1d 100644
--- a/argocd/schema_repository_certificate.go
+++ b/argocd/schema_repository_certificate.go
@@ -11,32 +11,32 @@ func certificatesSchema() map[string]*schema.Schema {
Optional: true,
ForceNew: true,
MaxItems: 1,
- Description: "Defines a ssh certificate.",
+ Description: "Defines a `ssh` certificate.",
ConflictsWith: []string{"https"},
AtLeastOneOf: []string{"https", "ssh"},
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"server_name": {
Type: schema.TypeString,
- Description: "ServerName specifies the DNS name of the server this certificate is intended for",
+ Description: "DNS name of the server this certificate is intended for.",
Required: true,
ForceNew: true,
},
"cert_subtype": {
Type: schema.TypeString,
- Description: "SubType specifies the sub type of the cert, i.e. `ssh-rsa`",
+ Description: "The sub type of the cert, i.e. `ssh-rsa`.",
Required: true,
ForceNew: true,
},
"cert_data": {
Type: schema.TypeString,
- Description: "CertData contains the actual certificate data, dependent on the certificate type",
+ Description: "The actual certificate data, dependent on the certificate type.",
Required: true,
ForceNew: true,
},
"cert_info": {
Type: schema.TypeString,
- Description: "CertInfo will hold additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName)",
+ Description: "Additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName).",
Computed: true,
},
},
@@ -49,29 +49,29 @@ func certificatesSchema() map[string]*schema.Schema {
MaxItems: 1,
ConflictsWith: []string{"ssh"},
AtLeastOneOf: []string{"https", "ssh"},
- Description: "Defines a https certificate.",
+ Description: "Defines a `https` certificate.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"server_name": {
Type: schema.TypeString,
- Description: "ServerName specifies the DNS name of the server this certificate is intended for",
+ Description: "DNS name of the server this certificate is intended for.",
Required: true,
ForceNew: true,
},
"cert_data": {
Type: schema.TypeString,
- Description: "CertData contains the actual certificate data, dependent on the certificate type",
+ Description: "The actual certificate data, dependent on the certificate type.",
Required: true,
ForceNew: true,
},
"cert_subtype": {
Type: schema.TypeString,
- Description: "SubType specifies the sub type of the cert, i.e. `ssh-rsa`",
+ Description: "The sub type of the cert, i.e. `ssh-rsa`.",
Computed: true,
},
"cert_info": {
Type: schema.TypeString,
- Description: "CertInfo will hold additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName)",
+ Description: "Additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName).",
Computed: true,
},
},
diff --git a/argocd/schema_repository_credentials.go b/argocd/schema_repository_credentials.go
index 2b2c45aa..67c9fbab 100644
--- a/argocd/schema_repository_credentials.go
+++ b/argocd/schema_repository_credentials.go
@@ -8,43 +8,43 @@ func repositoryCredentialsSchema() map[string]*schema.Schema {
return map[string]*schema.Schema{
"url": {
Type: schema.TypeString,
- Description: "URL is the URL that these credentials matches to",
+ Description: "URL that these credentials matches to.",
Required: true,
},
"username": {
Type: schema.TypeString,
- Description: "Username for authenticating at the repo server",
+ Description: "Username for authenticating at the repo server.",
Optional: true,
},
"password": {
Type: schema.TypeString,
Sensitive: true,
- Description: "Password for authenticating at the repo server",
+ Description: "Password for authenticating at the repo server.",
Optional: true,
},
"ssh_private_key": {
Type: schema.TypeString,
Sensitive: true,
- Description: "SSH private key data for authenticating at the repo server only for Git repos",
+ Description: "Private key data for authenticating at the repo server using SSH (only Git repos).",
ValidateFunc: validateSSHPrivateKey,
Optional: true,
},
"tls_client_cert_data": {
Type: schema.TypeString,
- Description: "TLS client cert data for authenticating at the repo server",
+ Description: "TLS client cert data for authenticating at the repo server.",
// TODO: add a validator
Optional: true,
},
"tls_client_cert_key": {
Type: schema.TypeString,
Sensitive: true,
- Description: "TLS client cert key for authenticating at the repo server ",
+ Description: "TLS client cert key for authenticating at the repo server.",
// TODO: add a validator
Optional: true,
},
"enable_oci": {
Type: schema.TypeBool,
- Description: "Specify whether the repo server should be viewed as OCI compliant",
+ Description: "Whether `helm-oci` support should be enabled for this repo.",
Optional: true,
},
}
diff --git a/docs/index.md b/docs/index.md
index 61b8e3a8..787c160a 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,55 +1,86 @@
+---
+page_title: "Provider: ArgoCD"
+description: |-
+ The ArgoCD provider provides lifecycle management of ArgoCD resources.
+---
+
# ArgoCD Provider
-A Terraform provider for [ArgoCD](https://argoproj.github.io/argo-cd/).
+The ArgoCD Provider provides lifecycle management of
+[ArgoCD](https://argo-cd.readthedocs.io/en/stable/) resources.
+
+**NB**: The provider is not concerned with the installation/configuration of
+ArgoCD itself. To make use of the provider, you will need to have an existing
+ArgoCD installation and, the ArgoCD API server must be
+[accessible](https://argo-cd.readthedocs.io/en/stable/getting_started/#3-access-the-argo-cd-api-server)
+from where you are running Terraform.
## Example Usage
-```hcl
+```terraform
provider "argocd" {
server_addr = "argocd.local:443"
auth_token = "1234..."
}
```
-## Argument Reference
-
-* `server_addr` - (Required) ArgoCD server address with port.
-* `use_local_config` - (Optional) use the authentication settings found in the local config file. Useful when you have previously logged in using SSO. Conflicts with
-`auth_token`, `username` and `password`.
-* `config_path` (Optional) - Override the default config path of `$HOME/.config/argocd/config`. Only relevant when using `use_local_config` above.
- Can be set through the `ARGOCD_CONFIG_PATH` environment variable.
-* `auth_token` - (Optional) ArgoCD authentication token, takes precedence over `username`/`password`. Can be set through the `ARGOCD_AUTH_TOKEN` environment variable.
-* `username` - (Optional) authentication username. Can be set through the `ARGOCD_AUTH_USERNAME` environment variable.
-* `password` - (Optional) authentication password. Can be set through the `ARGOCD_AUTH_PASSWORD` environment variable.
-* `cert_file` - (Optional) Additional root CA certificates file to add to the client TLS connection pool.
-* `client_cert_file` - (Optional) Client Certificate.
-* `client_cert_key` - (Optional) Client Certificate Key.
-* `plain_text` - (Optional) Boolean, whether to initiate an unencrypted connection to ArgoCD server.
-* `context` - (Optional) Kubernetes context to load from an existing `.kube/config` file. Can be set through `ARGOCD_CONTEXT` environment variable.
-* `user_agent` - (Optional)
-* `grpc_web` - (Optional) Whether to use gRPC web proxy client. Useful if Argo CD server is behind proxy which does not support HTTP2.
-* `grpc_web_root_path` - (Optional) Use the gRPC web proxy client and set the web root, e.g. `argo-cd`. Useful if the Argo CD server is behind a proxy at a non-root path.
-* `port_forward` - (Optional)
-* `port_forward_with_namespace` - (Optional)
-* `headers` - (Optional) Additional headers to add to each request to the ArgoCD server.
-* `insecure` - (Optional) Whether to skip TLS server certificate. Can be set through the `ARGOCD_INSECURE` environment variable.
-* `kubernetes` - Kubernetes configuration block.
-
-The `kubernetes` block supports:
-
-* `config_path` - (Optional) Path to the kube config file. Can be sourced from `KUBE_CONFIG_PATH`.
-* `config_paths` - (Optional) A list of paths to the kube config files. Can be sourced from `KUBE_CONFIG_PATHS`.
-* `host` - (Optional) The hostname (in form of URI) of the Kubernetes API. Can be sourced from `KUBE_HOST`.
-* `username` - (Optional) The username to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_USER`.
-* `password` - (Optional) The password to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_PASSWORD`.
-* `token` - (Optional) The bearer token to use for authentication when accessing the Kubernetes API. Can be sourced from `KUBE_TOKEN`.
-* `insecure` - (Optional) Whether server should be accessed without verifying the TLS certificate. Can be sourced from `KUBE_INSECURE`.
-* `client_certificate` - (Optional) PEM-encoded client certificate for TLS authentication. Can be sourced from `KUBE_CLIENT_CERT_DATA`.
-* `client_key` - (Optional) PEM-encoded client certificate key for TLS authentication. Can be sourced from `KUBE_CLIENT_KEY_DATA`.
-* `cluster_ca_certificate` - (Optional) PEM-encoded root certificates bundle for TLS authentication. Can be sourced from `KUBE_CLUSTER_CA_CERT_DATA`.
-* `config_context` - (Optional) Context to choose from the config file. Can be sourced from `KUBE_CTX`.
-* `exec` - (Optional) Configuration block to use an [exec-based credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials.
- * `api_version` - (Required) API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`.
- * `command` - (Required) Command to execute.
- * `args` - (Optional) List of arguments to pass when executing the plugin.
- * `env` - (Optional) Map of environment variables to set when executing the plugin.
\ No newline at end of file
+
+## Schema
+
+### Required
+
+- `server_addr` (String) ArgoCD server address with port. Can be set through the `ARGOCD_SERVER` environment variable.
+
+### Optional
+
+- `auth_token` (String) ArgoCD authentication token, takes precedence over `username`/`password`. Can be set through the `ARGOCD_AUTH_TOKEN` environment variable.
+- `cert_file` (String) Additional root CA certificates file to add to the client TLS connection pool.
+- `client_cert_file` (String) Client certificate.
+- `client_cert_key` (String) Client certificate key.
+- `config_path` (String) Override the default config path of `$HOME/.config/argocd/config`. Only relevant when `use_local_config`. Can be set through the `ARGOCD_CONFIG_PATH` environment variable.
+- `context` (String) Kubernetes context to load from an existing `.kube/config` file. Can be set through `ARGOCD_CONTEXT` environment variable.
+- `grpc_web` (Boolean) Whether to use gRPC web proxy client. Useful if Argo CD server is behind proxy which does not support HTTP2.
+- `grpc_web_root_path` (String) Use the gRPC web proxy client and set the web root, e.g. `argo-cd`. Useful if the Argo CD server is behind a proxy at a non-root path.
+- `headers` (Set of String) Additional headers to add to each request to the ArgoCD server.
+- `insecure` (Boolean) Whether to skip TLS server certificate. Can be set through the `ARGOCD_INSECURE` environment variable.
+- `kubernetes` (Block List, Max: 1) Kubernetes configuration. (see [below for nested schema](#nestedblock--kubernetes))
+- `password` (String) Authentication password. Can be set through the `ARGOCD_AUTH_PASSWORD` environment variable.
+- `plain_text` (Boolean) Whether to initiate an unencrypted connection to ArgoCD server.
+- `port_forward` (Boolean)
+- `port_forward_with_namespace` (String)
+- `use_local_config` (Boolean) Use the authentication settings found in the local config file. Useful when you have previously logged in using SSO. Conflicts with `auth_token`, `username` and `password`.
+- `user_agent` (String)
+- `username` (String) Authentication username. Can be set through the `ARGOCD_AUTH_USERNAME` environment variable.
+
+
+### Nested Schema for `kubernetes`
+
+Optional:
+
+- `client_certificate` (String) PEM-encoded client certificate for TLS authentication. Can be sourced from `KUBE_CLIENT_CERT_DATA`.
+- `client_key` (String) PEM-encoded client certificate key for TLS authentication. Can be sourced from `KUBE_CLIENT_KEY_DATA`.
+- `cluster_ca_certificate` (String) PEM-encoded root certificates bundle for TLS authentication. Can be sourced from `KUBE_CLUSTER_CA_CERT_DATA`.
+- `config_context` (String) Context to choose from the config file. Can be sourced from `KUBE_CTX`.
+- `config_context_auth_info` (String)
+- `config_context_cluster` (String)
+- `config_path` (String) Path to the kube config file. Can be sourced from `KUBE_CONFIG_PATH`.
+- `config_paths` (List of String) A list of paths to the kube config files. Can be sourced from `KUBE_CONFIG_PATHS`.
+- `exec` (Block List, Max: 1) Configuration block to use an [exec-based credential plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins), e.g. call an external command to receive user credentials. (see [below for nested schema](#nestedblock--kubernetes--exec))
+- `host` (String) The hostname (in form of URI) of the Kubernetes API. Can be sourced from `KUBE_HOST`.
+- `insecure` (Boolean) Whether server should be accessed without verifying the TLS certificate. Can be sourced from `KUBE_INSECURE`.
+- `password` (String) The password to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_PASSWORD`.
+- `token` (String) Token to authenticate an service account. Can be sourced from `KUBE_TOKEN`.
+- `username` (String) The username to use for HTTP basic authentication when accessing the Kubernetes API. Can be sourced from `KUBE_USER`.
+
+
+### Nested Schema for `kubernetes.exec`
+
+Required:
+
+- `api_version` (String) API version to use when decoding the ExecCredentials resource, e.g. `client.authentication.k8s.io/v1beta1`.
+- `command` (String) Command to execute.
+
+Optional:
+
+- `args` (List of String) Map of environment variables to set when executing the plugin.
+- `env` (Map of String) List of arguments to pass when executing the plugin.
\ No newline at end of file
diff --git a/docs/resources/application.md b/docs/resources/application.md
index fc9f430e..086d560e 100644
--- a/docs/resources/application.md
+++ b/docs/resources/application.md
@@ -1,10 +1,18 @@
-# argocd_application
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "argocd_application Resource - terraform-provider-argocd"
+subcategory: ""
+description: |-
+
+---
+
+# argocd_application (Resource)
+
-Creates an ArgoCD application.
## Example Usage
-```hcl
+```terraform
resource "argocd_application" "kustomize" {
metadata {
name = "kustomize-app"
@@ -27,7 +35,7 @@ resource "argocd_application" "kustomize" {
images = ["hashicorp/terraform:light"]
common_labels = {
"this.is.a.common" = "la-bel"
- "another.io/one" = "true"
+ "another.io/one" = "true"
}
}
}
@@ -46,7 +54,7 @@ resource "argocd_application" "kustomize" {
# Only available from ArgoCD 1.5.0 onwards
sync_options = ["Validate=false"]
retry {
- limit = "5"
+ limit = "5"
backoff = {
duration = "30s"
max_duration = "2m"
@@ -62,9 +70,9 @@ resource "argocd_application" "kustomize" {
}
ignore_difference {
- group = "apps"
- kind = "StatefulSet"
- name = "someStatefulSet"
+ group = "apps"
+ kind = "StatefulSet"
+ name = "someStatefulSet"
json_pointers = [
"/spec/replicas",
"/spec/template/spec/metadata/labels/bar",
@@ -103,8 +111,8 @@ resource "argocd_application" "helm" {
name = "someotherparameter"
value = "true"
}
- value_files = ["values-test.yml"]
- values = <
+## Schema
+
+### Required
+
+- `metadata` (Block List, Min: 1, Max: 1) Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata). (see [below for nested schema](#nestedblock--metadata))
+- `spec` (Block List, Min: 1, Max: 1) The application specification. (see [below for nested schema](#nestedblock--spec))
+
+### Optional
+
+- `cascade` (Boolean) Whether to applying cascading deletion when application is removed.
+- `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
+- `wait` (Boolean) Upon application creation or update, wait for application health/sync status to be healthy/Synced, upon application deletion, wait for application to be removed, when set to true.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+
+### Nested Schema for `metadata`
+
+Optional:
+
+- `annotations` (Map of String) An unstructured key value map stored with the applications.argoproj.io that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations
+- `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the applications.argoproj.io. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+- `name` (String) Name of the applications.argoproj.io, must be unique. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+- `namespace` (String) Namespace of the applications.argoproj.io, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+Read-Only:
+
+- `generation` (Number) A sequence number representing a specific generation of the desired state.
+- `resource_version` (String) An opaque value that represents the internal version of this applications.argoproj.io that can be used by clients to determine when applications.argoproj.io has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+- `uid` (String) The unique in time and space value for this applications.argoproj.io. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+
+
+
+### Nested Schema for `spec`
+
+Required:
+
+- `destination` (Block Set, Min: 1, Max: 1) (see [below for nested schema](#nestedblock--spec--destination))
+- `source` (Block List, Min: 1, Max: 1) (see [below for nested schema](#nestedblock--spec--source))
+
+Optional:
+
+- `ignore_difference` (Block List) (see [below for nested schema](#nestedblock--spec--ignore_difference))
+- `info` (Block Set) (see [below for nested schema](#nestedblock--spec--info))
+- `project` (String) The application project, defaults to 'default'
+- `revision_history_limit` (Number)
+- `sync_policy` (Block List, Max: 1) (see [below for nested schema](#nestedblock--spec--sync_policy))
+
+
+### Nested Schema for `spec.destination`
+
+Required:
+
+- `namespace` (String)
+
+Optional:
+
+- `name` (String) Name of the destination cluster which can be used instead of server.
+- `server` (String)
+
+
+
+### Nested Schema for `spec.source`
+
+Required:
+
+- `repo_url` (String)
+
+Optional:
+
+- `chart` (String)
+- `directory` (Block List, Max: 1) (see [below for nested schema](#nestedblock--spec--source--directory))
+- `helm` (Block List, Max: 1) (see [below for nested schema](#nestedblock--spec--source--helm))
+- `kustomize` (Block List, Max: 1) (see [below for nested schema](#nestedblock--spec--source--kustomize))
+- `path` (String)
+- `plugin` (Block List, Max: 1) (see [below for nested schema](#nestedblock--spec--source--plugin))
+- `target_revision` (String)
+
+
+### Nested Schema for `spec.source.directory`
+
+Optional:
+
+- `jsonnet` (Block List, Max: 1) (see [below for nested schema](#nestedblock--spec--source--directory--jsonnet))
+- `recurse` (Boolean)
+
+
+### Nested Schema for `spec.source.directory.jsonnet`
+
+Optional:
+
+- `ext_var` (Block List) (see [below for nested schema](#nestedblock--spec--source--directory--jsonnet--ext_var))
+- `tla` (Block Set) (see [below for nested schema](#nestedblock--spec--source--directory--jsonnet--tla))
+
+
+### Nested Schema for `spec.source.directory.jsonnet.ext_var`
+
+Optional:
+
+- `code` (Boolean)
+- `name` (String)
+- `value` (String)
+
+
+
+### Nested Schema for `spec.source.directory.jsonnet.tla`
+
+Optional:
+
+- `code` (Boolean)
+- `name` (String)
+- `value` (String)
+
+
+
+
+
+### Nested Schema for `spec.source.helm`
+
+Optional:
+
+- `parameter` (Block Set) (see [below for nested schema](#nestedblock--spec--source--helm--parameter))
+- `release_name` (String) The Helm release name. If omitted it will use the application name
+- `skip_crds` (Boolean) Helm installs custom resource definitions in the crds folder by default if they are not existing. If needed, it is possible to skip the CRD installation step with this flag
+- `value_files` (List of String)
+- `values` (String)
+
+
+### Nested Schema for `spec.source.helm.parameter`
+
+Optional:
+
+- `force_string` (Boolean) force_string determines whether to tell Helm to interpret booleans and numbers as strings
+- `name` (String)
+- `value` (String)
+
+
+
+
+### Nested Schema for `spec.source.kustomize`
+
+Optional:
+
+- `common_annotations` (Map of String)
+- `common_labels` (Map of String)
+- `images` (Set of String)
+- `name_prefix` (String)
+- `name_suffix` (String)
+- `version` (String)
+
+
+
+### Nested Schema for `spec.source.plugin`
+
+Optional:
+
+- `env` (Block Set) (see [below for nested schema](#nestedblock--spec--source--plugin--env))
+- `name` (String)
+
+
+### Nested Schema for `spec.source.plugin.env`
+
+Optional:
+
+- `name` (String)
+- `value` (String)
+
+
+
+
+
+### Nested Schema for `spec.ignore_difference`
+
+Optional:
+
+- `group` (String)
+- `jq_path_expressions` (Set of String)
+- `json_pointers` (Set of String)
+- `kind` (String)
+- `name` (String)
+- `namespace` (String)
+
+
+
+### Nested Schema for `spec.info`
+
+Optional:
+
+- `name` (String)
+- `value` (String)
+
+
+
+### Nested Schema for `spec.sync_policy`
+
+Optional:
+
+- `automated` (Map of Boolean)
+- `retry` (Block List, Max: 1) (see [below for nested schema](#nestedblock--spec--sync_policy--retry))
+- `sync_options` (List of String)
+
+
+### Nested Schema for `spec.sync_policy.retry`
+
+Optional:
+
+- `backoff` (Map of String)
+- `limit` (String) Max number of allowed sync retries, as a string
+
+
+
+
+
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String)
+- `delete` (String)
+- `update` (String)
## Import
-ArgoCD applications can be imported using an id consisting of `{name}:{namespace}`, e.g.
-```
-$ terraform import argocd_application.myapp myapp:argocd
+Import is supported using the following syntax:
+
+```shell
+# ArgoCD applications can be imported using an id consisting of `{name}:{namespace}`. E.g.
+
+terraform import argocd_application.myapp myapp:argocd
```
diff --git a/docs/resources/cluster.md b/docs/resources/cluster.md
index a21430a3..fa282191 100644
--- a/docs/resources/cluster.md
+++ b/docs/resources/cluster.md
@@ -1,10 +1,19 @@
-# argocd_cluster
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "argocd_cluster Resource - terraform-provider-argocd"
+subcategory: ""
+description: |-
+ Manages cluster credentials https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters within ArgoCD.
+---
-Creates an ArgoCD cluster.
+# argocd_cluster (Resource)
-## Example Usage - Bearer token
+Manages [cluster credentials](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters) within ArgoCD.
-```hcl
+## Example Usage
+
+```terraform
+## Bearer token Authentication
resource "argocd_cluster" "kubernetes" {
server = "https://1.2.3.4:12345"
@@ -15,22 +24,17 @@ resource "argocd_cluster" "kubernetes" {
ca_data = file("path/to/ca.pem")
// ca_data = "-----BEGIN CERTIFICATE-----\nfoo\nbar\n-----END CERTIFICATE-----"
// ca_data = base64decode("LS0tLS1CRUdJTiBDRVJUSUZ...")
-
// insecure = true
}
}
}
-```
-
-## Example Usage - GCP GKE cluster
-```hcl
+## GCP GKE cluster
data "google_container_cluster" "cluster" {
name = "cluster"
location = "europe-west1"
}
-# Create the service account, cluster role + binding, which ArgoCD expects to be present in the targeted cluster
resource "kubernetes_service_account" "argocd_manager" {
metadata {
name = "argocd-manager"
@@ -87,15 +91,12 @@ resource "argocd_cluster" "gke" {
config {
bearer_token = data.kubernetes_secret.argocd_manager.data["token"]
tls_client_config {
- ca_data = base64decode(data.google_container_cluster.cluster.master_auth.0.cluster_ca_certificate)
+ ca_data = base64decode(data.google_container_cluster.cluster.master_auth.0.cluster_ca_certificate)
}
}
}
-```
-
-## Example Usage - AWS EKS cluster
-```hcl
+## AWS EKS cluster
data "aws_eks_cluster" "cluster" {
name = "cluster"
}
@@ -117,61 +118,106 @@ resource "argocd_cluster" "eks" {
}
```
-## Argument Reference
+
+## Schema
+
+### Required
+
+- `config` (Block List, Min: 1, Max: 1) Cluster information for connecting to a cluster. (see [below for nested schema](#nestedblock--config))
+
+### Optional
+
+- `metadata` (Block List, Max: 2) Standard cluster secret's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata (see [below for nested schema](#nestedblock--metadata))
+- `name` (String) Name of the cluster. If omitted, will use the server address.
+- `namespaces` (List of String) List of namespaces which are accessible in that cluster. Cluster level resources would be ignored if namespace list is not empty.
+- `project` (String) Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity. More info: https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters.
+- `server` (String) Server is the API server URL of the Kubernetes cluster.
+- `shard` (String) Optional shard number. Calculated on the fly by the application controller if not specified.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `info` (List of Object) Information about cluster cache and state. (see [below for nested schema](#nestedatt--info))
+
+
+### Nested Schema for `config`
+
+Optional:
-* `server` - (Required) Server is the API server URL of the Kubernetes cluster.
-* `name` - (Optional) Name of the cluster. If omitted, will use the server address.
-* `shard` - (Optional) Shard contains optional shard number. Calculated on the fly by the application controller if not specified.
-* `namespaces` - (Optional) Holds list of namespaces which are accessible in that cluster. Cluster level resources would be ignored if namespace list is not empty..
-* `config` - (Optional) The configuration specification, nested attributes are documented below.
-* `metadata` - (Optional) Cluster metadata, nested attributes are documented below.
-* `project` - (Optional) Scope cluster to ArgoCD project. If omitted, cluster will be global. Requires ArgoCD 2.2.0 onwards.
+- `aws_auth_config` (Block List) (see [below for nested schema](#nestedblock--config--aws_auth_config))
+- `bearer_token` (String, Sensitive) Server requires Bearer authentication. The client will not attempt to use refresh tokens for an OAuth2 flow.
+- `exec_provider_config` (Block List, Max: 1) Configuration for an exec provider used to call an external command to perform cluster authentication See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig. (see [below for nested schema](#nestedblock--config--exec_provider_config))
+- `password` (String, Sensitive) Password for servers that require Basic authentication.
+- `tls_client_config` (Block List, Max: 1) Settings to enable transport layer security when connecting to the cluster. (see [below for nested schema](#nestedblock--config--tls_client_config))
+- `username` (String) Username for servers that require Basic authentication.
-The `config` block can have the following attributes:
+
+### Nested Schema for `config.aws_auth_config`
-* `aws_auth_config` - (Optional) AWS EKS specific IAM authentication. Structure is documented below.
-* `bearer_token` - (Optional) OAuth2 bearer token. ArgoCD client will not attempt to use refresh tokens for an OAuth2 flow.
-* `exec_provider_config` - (Optional) configuration used to call an external command to perform cluster authentication See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig. Structure is documented below.
-* `tls_client_config` - (Optional) TLS client configuration. Structure is documented below.
-* `username` - (Optional)
-* `password` - (Optional)
+Optional:
-The `config.aws_auth_config` block can have the following attributes:
+- `cluster_name` (String) AWS cluster name.
+- `role_arn` (String) IAM role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
-* `cluster_name` - (Optional) Name of the EKS cluster.
-* `role_arn` - (Optional) RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
-The `config.exec_provider_config` can have the following attributes:
+
+### Nested Schema for `config.exec_provider_config`
-* `api_version` - (Optional) Preferred input version of the ExecInfo.
-* `command` - (Optional) Command to execute.
-* `args` - (Optional) list of string. Arguments to pass to the command when executing it.
-* `env` - (Optional) map of string. Defines additional environment variables to expose to the process.
-* `install_hint` - (Optional) This text is shown to the user when the executable doesn't seem to be present.
+Optional:
-The `config.tls_client_config` block can have the following attributes:
+- `api_version` (String) Preferred input version of the ExecInfo
+- `args` (List of String) Arguments to pass to the command when executing it
+- `command` (String) Command to execute
+- `env` (Map of String) Env defines additional environment variables to expose to the process. Passed as a map of strings
+- `install_hint` (String) This text is shown to the user when the executable doesn't seem to be present
-* `ca_data` - (Optional) string. Holds PEM-encoded bytes (typically read from a root certificates bundle).
-* `cert_data` - (Optional) string. Holds PEM-encoded bytes (typically read from a client certificate file).
-* `key_data` - (Optional) string. Holds PEM-encoded bytes (typically read from a client certificate key file).
-* `insecure` - (Optional) boolean. For when the server should be accessed without verifying the TLS certificate.
-* `server_name` - (Optional) string. Passed to the server for SNI and is used in the client to check server certificates against. If empty, the hostname used to contact the server is used.
-The `metadata` block can have the following attributes:
+
+### Nested Schema for `config.tls_client_config`
-* `annotations` - (Optional) An unstructured key value map stored with the config map that may be used to store arbitrary metadata. **By default, the provider ignores any annotations whose key names end with kubernetes.io. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem)**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
-* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the config map. May match selectors of replication controllers and services. **By default, the provider ignores any labels whose key names end with kubernetes.io. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem).** For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
+Optional:
-## Attribute Reference
+- `ca_data` (String) PEM-encoded bytes (typically read from a root certificates bundle).
+- `cert_data` (String) PEM-encoded bytes (typically read from a client certificate file).
+- `insecure` (Boolean) Whether server should be accessed without verifying the TLS certificate.
+- `key_data` (String, Sensitive) PEM-encoded bytes (typically read from a client certificate key file).
+- `server_name` (String) Name to pass to the server for SNI and used in the client to check server certificates against. If empty, the hostname used to contact the server is used.
-* `info.0.server_version` - The version of the remote Kubernetes cluster.
-* `info.0.applications_count` - How many ArgoCD applications the cluster currently holds.
-* `info.0.connection_state.0.message`
-* `info.0.connection_state.0.status`
+
+
+
+### Nested Schema for `metadata`
+
+Optional:
+
+- `annotations` (Map of String) An unstructured key value map stored with the cluster secret that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations
+- `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the cluster secret. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+
+
+
+### Nested Schema for `info`
+
+Read-Only:
+
+- `applications_count` (String)
+- `connection_state` (List of Object) (see [below for nested schema](#nestedobjatt--info--connection_state))
+- `server_version` (String)
+
+
+### Nested Schema for `info.connection_state`
+
+Read-Only:
+
+- `message` (String)
+- `status` (String)
## Import
-ArgoCD clusters can be imported using an id consisting of `{server}`, e.g.
-```
-$ terraform import argocd_cluster.mycluster https://mycluster.io:443
+Import is supported using the following syntax:
+
+```shell
+# Cluster credentials can be imported using the server URL.
+
+# Example:
+terraform import argocd_cluster.mycluster https://mycluster.io:443
```
diff --git a/docs/resources/project.md b/docs/resources/project.md
index eeb84e70..ea23d125 100644
--- a/docs/resources/project.md
+++ b/docs/resources/project.md
@@ -1,10 +1,18 @@
-# argocd_project
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "argocd_project Resource - terraform-provider-argocd"
+subcategory: ""
+description: |-
+ Manages projects https://argo-cd.readthedocs.io/en/stable/user-guide/projects/ within ArgoCD.
+---
-Creates an ArgoCD project.
+# argocd_project (Resource)
+
+Manages [projects](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/) within ArgoCD.
## Example Usage
-```hcl
+```terraform
resource "argocd_project" "myproject" {
metadata {
name = "myproject"
@@ -18,8 +26,10 @@ resource "argocd_project" "myproject" {
}
spec {
- description = "simple project"
- source_repos = ["*"]
+ description = "simple project"
+
+ source_namespaces = ["argocd"]
+ source_repos = ["*"]
destination {
server = "https://kubernetes.default.svc"
@@ -33,6 +43,7 @@ resource "argocd_project" "myproject" {
name = "anothercluster"
namespace = "bar"
}
+
cluster_resource_blacklist {
group = "*"
kind = "*"
@@ -45,6 +56,7 @@ resource "argocd_project" "myproject" {
group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
}
+
namespace_resource_blacklist {
group = "networking.k8s.io"
kind = "Ingress"
@@ -53,6 +65,7 @@ resource "argocd_project" "myproject" {
group = "*"
kind = "*"
}
+
orphaned_resources {
warn = true
@@ -68,6 +81,7 @@ resource "argocd_project" "myproject" {
name = "ignored2"
}
}
+
role {
name = "testrole"
policies = [
@@ -88,6 +102,7 @@ resource "argocd_project" "myproject" {
"p, proj:myproject:testrole, applications, sync, myproject/*, deny",
]
}
+
sync_window {
kind = "allow"
applications = ["api-*"]
@@ -106,74 +121,167 @@ resource "argocd_project" "myproject" {
schedule = "22 1 5 * *"
manual_sync = false
}
+
signature_keys = [
"4AEE18F83AFDEB23",
"07E34825A909B250"
]
}
}
-
```
-## Argument Reference
+
+## Schema
+
+### Required
+
+- `metadata` (Block List, Min: 1, Max: 1) Standard Kubernetes object metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata). (see [below for nested schema](#nestedblock--metadata))
+- `spec` (Block List, Min: 1, Max: 1) ArgoCD AppProject spec. (see [below for nested schema](#nestedblock--spec))
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+
+### Nested Schema for `metadata`
+
+Optional:
+
+- `annotations` (Map of String) An unstructured key value map stored with the appprojects.argoproj.io that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations
+- `labels` (Map of String) Map of string keys and values that can be used to organize and categorize (scope and select) the appprojects.argoproj.io. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+- `name` (String) Name of the appprojects.argoproj.io, must be unique. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+- `namespace` (String) Namespace of the appprojects.argoproj.io, must be unique. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+
+Read-Only:
+
+- `generation` (Number) A sequence number representing a specific generation of the desired state.
+- `resource_version` (String) An opaque value that represents the internal version of this appprojects.argoproj.io that can be used by clients to determine when appprojects.argoproj.io has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+- `uid` (String) The unique in time and space value for this appprojects.argoproj.io. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
+
+
+
+### Nested Schema for `spec`
+
+Required:
+
+- `destination` (Block Set, Min: 1) Destinations available for deployment. (see [below for nested schema](#nestedblock--spec--destination))
+- `source_repos` (List of String) List of repository URLs which can be used for deployment. Can be set to `["*"]` to allow all configured repositories configured in ArgoCD.
+
+Optional:
+
+- `cluster_resource_blacklist` (Block Set) Blacklisted cluster level resources. (see [below for nested schema](#nestedblock--spec--cluster_resource_blacklist))
+- `cluster_resource_whitelist` (Block Set) Whitelisted cluster level resources. (see [below for nested schema](#nestedblock--spec--cluster_resource_whitelist))
+- `description` (String) Project description.
+- `namespace_resource_blacklist` (Block Set) Blacklisted namespace level resources. (see [below for nested schema](#nestedblock--spec--namespace_resource_blacklist))
+- `namespace_resource_whitelist` (Block Set) Whitelisted namespace level resources. (see [below for nested schema](#nestedblock--spec--namespace_resource_whitelist))
+- `orphaned_resources` (Block List, Max: 1) Settings specifying if controller should monitor orphaned resources of apps in this project. (see [below for nested schema](#nestedblock--spec--orphaned_resources))
+- `role` (Block List) User defined RBAC roles associated with this project. (see [below for nested schema](#nestedblock--spec--role))
+- `signature_keys` (List of String) List of PGP key IDs that commits in Git must be signed with in order to be allowed for sync.
+- `source_namespaces` (Set of String) List of namespaces that application resources are allowed to be created in.
+- `sync_window` (Block List) Settings controlling when syncs can be run for apps in this project. (see [below for nested schema](#nestedblock--spec--sync_window))
+
+
+### Nested Schema for `spec.destination`
+
+Required:
+
+- `namespace` (String) Target namespace for applications' resources.
-* `metadata` - (Required) Standard Kubernetes API service's metadata. For more info see the [Kubernetes reference](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata).
-* `spec` - (Required) The project specification, the nested attributes are documented below.
+Optional:
-The `metadata` block can have the following attributes:
+- `name` (String) Name of the destination cluster which can be used instead of server.
+- `server` (String) URL of the target cluster and must be set to the Kubernetes control plane API.
-* `name` - (Required) The project name, must be unique, cannot be updated.
-* `annotations` - (Optional) An unstructured key value map stored with the config map that may be used to store arbitrary metadata. **By default, the provider ignores any annotations whose key names end with kubernetes.io. This is necessary because such annotations can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such annotations in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem)**. For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/).
-* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the config map. May match selectors of replication controllers and services. **By default, the provider ignores any labels whose key names end with kubernetes.io. This is necessary because such labels can be mutated by server-side components and consequently cause a perpetual diff in the Terraform plan output. If you explicitly specify any such labels in the configuration template then Terraform will consider these as normal resource attributes and manage them as expected (while still avoiding the perpetual diff problem).** For more info see [Kubernetes reference](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/).
-The `spec` block can have the following attributes:
+
+### Nested Schema for `spec.cluster_resource_blacklist`
-* `destination` - (Required) The allowed cluster/namespace project destination, can be repeated multiple times.
-* `source_repos` - (Required) List of strings containing allowed application repositories URLs for the project. Can be set to `["*"]` to allow all configured repositories configured in ArgoCD.
-* `cluster_resource_whitelist` - (Optional) Cluster-scoped resource allowed to be managed by the project applications, can be repeated multiple times.
-* `description` - (Optional)
-* `orphaned_resources` - (Optional) A key value map to control orphaned resources monitoring,
-* `namespace_resource_blacklist` - (Optional) Namespaced-scoped resources allowed to be managed by the project applications, can be repeated multiple times.
-* `role` - (Optional) can be repeated multiple times.
-* `sync_window` - (Optional) can be repeated multiple times.
-* `signature_keys` - (Optional) list of PGP key IDs strings that commits to be synced to must be signed with.
+Optional:
-Each `cluster_resource_whitelist` block can have the following attributes:
-* `group` - (Optional) The Kubernetes resource Group to match for.
-* `kind` - (Optional) The Kubernetes resource Kind to match for.
+- `group` (String) The Kubernetes resource Group to match for.
+- `kind` (String) The Kubernetes resource Kind to match for.
-The `orphaned_resources` block can have the following attributes:
-* `warn` - (Optional) Boolean, defaults to `false`.
-* `ignore` - (Optional), set of map of strings, specifies which Group/Kind/Name resource(s) to ignore. Can be repeated multiple times. Structure is documented below.
-Each `orphaned_resources/ignore` block can have the following attributes:
-* `group` - (Optional) The Kubernetes resource Group to match for.
-* `kind` - (Optional) The Kubernetes resource Kind to match for.
-* `name` - (Optional) The Kubernetes resource name to match for.
+
+### Nested Schema for `spec.cluster_resource_whitelist`
-Each `namespace_resource_blacklist` block can have the following attributes:
-* `group` - (Optional) The Kubernetes resource Group to match for.
-* `kind` - (Optional) The Kubernetes resource Kind to match for.
+Optional:
-Each `role` block can have the following attributes:
-* `name` - (Required) Name of the role.
-* `policies` - (Required) list of Casbin formated strings that define access policies for the role in the project, For more information, read the [ArgoCD RBAC reference](https://argoproj.github.io/argo-cd/operator-manual/rbac/#rbac-permission-structure).
-* `description` - (Optional)
-* `groups` - (Optional) List of OIDC group claims bound to this role.
+- `group` (String) The Kubernetes resource Group to match for.
+- `kind` (String) The Kubernetes resource Kind to match for.
-Each `sync_window` block can have the following attributes:
-* `applications` - (Optional) List of applications the window will apply to.
-* `clusters` - (Optional) List of clusters the window will apply to.
-* `duration` - (Optional) amount of time the sync window will be open.
-* `kind` - (Optional) Defines if the window allows or blocks syncs, allowed values are `allow` or `deny`.
-* `manual_sync` - (Optional) Boolean, enables manual syncs when they would otherwise be blocked.
-* `namespaces` - (Optional) List of namespaces that the window will apply to.
-* `schedule` - (Optional) Time the window will begin, specified in cron format.
+
+### Nested Schema for `spec.namespace_resource_blacklist`
+
+Optional:
+
+- `group` (String) The Kubernetes resource Group to match for.
+- `kind` (String) The Kubernetes resource Kind to match for.
+
+
+
+### Nested Schema for `spec.namespace_resource_whitelist`
+
+Optional:
+
+- `group` (String) The Kubernetes resource Group to match for.
+- `kind` (String) The Kubernetes resource Kind to match for.
+
+
+
+### Nested Schema for `spec.orphaned_resources`
+
+Optional:
+
+- `ignore` (Block Set) (see [below for nested schema](#nestedblock--spec--orphaned_resources--ignore))
+- `warn` (Boolean) Whether a warning condition should be created for apps which have orphaned resources.
+
+
+### Nested Schema for `spec.orphaned_resources.ignore`
+
+Optional:
+
+- `group` (String) The Kubernetes resource Group to match for.
+- `kind` (String) The Kubernetes resource Kind to match for.
+- `name` (String) The Kubernetes resource name to match for.
+
+
+
+
+### Nested Schema for `spec.role`
+
+Required:
+
+- `name` (String) Name of the role.
+- `policies` (List of String) List of casbin formatted strings that define access policies for the role in the project. For more information, see the [ArgoCD RBAC reference](https://argoproj.github.io/argo-cd/operator-manual/rbac/#rbac-permission-structure).
+
+Optional:
+
+- `description` (String) Description of the role.
+- `groups` (List of String) List of OIDC group claims bound to this role.
+
+
+
+### Nested Schema for `spec.sync_window`
+
+Optional:
+
+- `applications` (List of String) List of applications that the window will apply to.
+- `clusters` (List of String) List of clusters that the window will apply to.
+- `duration` (String) Amount of time the sync window will be open.
+- `kind` (String) Defines if the window allows or blocks syncs, allowed values are `allow` or `deny`.
+- `manual_sync` (Boolean) Enables manual syncs when they would otherwise be blocked.
+- `namespaces` (List of String) List of namespaces that the window will apply to.
+- `schedule` (String) Time the window will begin, specified in cron format.
## Import
-ArgoCD projects can be imported using an id consisting of `{name}`, e.g.
-```
-$ terraform import argocd_project.myproject myproject
+Import is supported using the following syntax:
+
+```shell
+# Projects can be imported using the project name.
+
+# Example:
+terraform import argocd_project.myproject myproject
```
diff --git a/docs/resources/project_token.md b/docs/resources/project_token.md
index 157dd465..7c3f4a6f 100644
--- a/docs/resources/project_token.md
+++ b/docs/resources/project_token.md
@@ -1,10 +1,18 @@
-# argocd_project_token
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "argocd_project_token Resource - terraform-provider-argocd"
+subcategory: ""
+description: |-
+ Manages ArgoCD project role JWT tokens. See Project Roles https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-roles for more info.
+---
-Creates an ArgoCD role project JSON Web Token.
+# argocd_project_token (Resource)
+
+Manages ArgoCD project role JWT tokens. See [Project Roles](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-roles) for more info.
## Example Usage
-```hcl
+```terraform
resource "argocd_project_token" "secret" {
project = "someproject"
role = "foobar"
@@ -14,16 +22,25 @@ resource "argocd_project_token" "secret" {
}
```
-## Argument Reference
+
+## Schema
+
+### Required
+
+- `project` (String) The project associated with the token.
+- `role` (String) The name of the role in the project associated with the token.
+
+### Optional
+
+- `description` (String) Description of the token.
+- `expires_in` (String) Duration before the token will expire. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. E.g. `12h`, `7d`. Default: No expiration.
+- `renew_before` (String) Duration to control token silent regeneration, valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. If `expires_in` is set, Terraform will regenerate the token if `expires_in - renew_before < currentDate`.
+
+### Read-Only
-* `project` - (Required) The project name associated with the token.
-* `role` - (Required) The project role associated with the token, the role must exist beforehand.
-* `description` - (Optional)
-* `expires_in` - (Optional) An expiration duration, valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
-* `renew_before` - (Optional) duration to control token silent regeneration, valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". If `expires_in` is set, Terraform will regenerate the token if `expires_in - renew_before < currentDate`.
+- `expires_at` (String) If `expires_in` is set, Unix timestamp upon which the token will expire.
+- `id` (String) The ID of this resource.
+- `issued_at` (String) Unix timestamp at which the token was issued.
+- `jwt` (String, Sensitive) The raw JWT.
-## Attribute Reference
-* `jwt` - The raw JWT as a string.
-* `issued_at` - Unix timestamp upon which the token was issued at, as a string.
-* `expires_at` - If `expires_in` is set, Unix timestamp upon which the token will expire, as a string.
diff --git a/docs/resources/repository.md b/docs/resources/repository.md
index 33da0744..97303576 100644
--- a/docs/resources/repository.md
+++ b/docs/resources/repository.md
@@ -1,23 +1,31 @@
-# argocd_repository
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "argocd_repository Resource - terraform-provider-argocd"
+subcategory: ""
+description: |-
+ Manages repositories https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories within ArgoCD.
+---
-Creates an ArgoCD repository.
+# argocd_repository (Resource)
+
+Manages [repositories](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories) within ArgoCD.
## Example Usage
-```hcl
-// Public Helm repository
+```terraform
+# Public Helm repository
resource "argocd_repository" "public_nginx_helm" {
repo = "https://helm.nginx.com/stable"
name = "nginx-stable"
type = "helm"
}
-// Public Git repository
+# Public Git repository
resource "argocd_repository" "public_git" {
repo = "git@github.com:user/somerepo.git"
}
-// Private Git repository
+# Private Git repository
resource "argocd_repository" "private" {
repo = "git@private-git-repository.local:somerepo.git"
username = "git"
@@ -26,31 +34,45 @@ resource "argocd_repository" "private" {
}
```
-## Argument Reference
+
+## Schema
+
+### Required
+
+- `repo` (String) URL of the repository.
-* `repo` - (Required), string, URL of the repository.
-* `type` - (Optional), string, type of the repo, may be "git or "helm. Defaults to `git`.
-* `insecure` - (Optional), boolean, whether to verify the repository TLS certificate.
-* `name` - (Optional), string, only for Helm repositories.
-* `enable_lfs` - (Optional), boolean, whether git-lfs support should be enabled for this repository.
-* `username` - (Optional), string, username to authenticate against the repository server.
-* `password` - (Optional), string, password to authenticate against the repository server.
-* `project` - (Optional), string, if the repository will be project-scoped, the name of that project. Refer to this [doc](https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters). Requires ArgoCD 2.2.0 onwards.
-* `ssh_private_key` - (Optional), string, SSH private key data to authenticate against the repository server. **Only for Git repositories**.
-* `tls_client_cert_data` - (Optional), TLS client cert data to authenticate against the repository server.
-* `tls_client_cert_key` - (Optional), TLS client cert key to authenticate against the repository server.
-* `enable_oci` - (Optional), specify whether the repository server should be viewed as OCI compliant.
+### Optional
-# Exported Attributes
+- `enable_lfs` (Boolean) Whether `git-lfs` support should be enabled for this repository.
+- `enable_oci` (Boolean) Whether `helm-oci` support should be enabled for this repository.
+- `insecure` (Boolean) Whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys.
+- `name` (String) Name to be used for this repo. Only used with Helm repos.
+- `password` (String, Sensitive) Password or PAT used for authenticating at the remote repository.
+- `project` (String) The project name, in case the repository is project scoped.
+- `ssh_private_key` (String, Sensitive) PEM data for authenticating at the repo server. Only used with Git repos.
+- `tls_client_cert_data` (String) TLS client certificate in PEM format for authenticating at the repo server.
+- `tls_client_cert_key` (String, Sensitive) TLS client certificate private key in PEM format for authenticating at the repo server.
+- `type` (String) Type of the repo. Can be either `git` or `helm`. `git` is assumed if empty or absent.
+- `username` (String) Username used for authenticating at the remote repository.
-* `connection_state_status` - string, repository connection state status.
-* `inherited_creds` - boolean, whether credentials wre inherited from a credential set.
+### Read-Only
+
+- `connection_state_status` (String) Contains information about the current state of connection to the repository server.
+- `id` (String) The ID of this resource.
+- `inherited_creds` (Boolean) Whether credentials were inherited from a credential set.
## Import
-ArgoCD repositories can be imported using an id consisting of `{repo}`, e.g.
-```
-$ terraform import argocd_repository.myrepo git@private-git-repository.local:somerepo.git
-```
+Import is supported using the following syntax:
+
+```shell
+# Repositories can be imported using the repository URL.
-**NOTE**: as ArgoCD API does not return any sensitive information, a subsequent _terraform apply_ should be executed to make the password, ssh_private_key and tls_client_cert_key attributes converge to their expected values defined within the plan.
+# Note: as the ArgoCD API does not return any sensitive information, a
+# subsequent `terraform apply` should be executed to make the `password`,
+# `ssh_private_key` and `tls_client_cert_key` attributes converge to their
+# expected values defined within the plan.
+
+# Example:
+terraform import argocd_repository.myrepo git@private-git-repository.local:somerepo.git
+```
diff --git a/docs/resources/repository_certificate.md b/docs/resources/repository_certificate.md
index 9d5c2d5e..139eae4a 100644
--- a/docs/resources/repository_certificate.md
+++ b/docs/resources/repository_certificate.md
@@ -1,64 +1,77 @@
-# argocd_repository_certificate
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "argocd_repository_certificate Resource - terraform-provider-argocd"
+subcategory: ""
+description: |-
+ Manages custom TLS certificates https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#self-signed-untrusted-tls-certificates used by ArgoCD for connecting Git repositories.
+---
-Creates an ArgoCD certificate, for use with future or existing private repositories.
+# argocd_repository_certificate (Resource)
+
+Manages [custom TLS certificates](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#self-signed-untrusted-tls-certificates) used by ArgoCD for connecting Git repositories.
## Example Usage
-### Example ssh certificate
-```hcl
-// Private repository ssh certificate
+```terraform
+# HTTPS certificate
resource "argocd_repository_certificate" "private-git-repository" {
- ssh {
- server_name = "private-git-repository.local"
- cert_subtype = "ssh-rsa"
- cert_data = <
+## Schema
+
+### Optional
+
+- `https` (Block List, Max: 1) Defines a `https` certificate. (see [below for nested schema](#nestedblock--https))
+- `ssh` (Block List, Max: 1) Defines a `ssh` certificate. (see [below for nested schema](#nestedblock--ssh))
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+
+### Nested Schema for `https`
+
+Required:
+
+- `cert_data` (String) The actual certificate data, dependent on the certificate type.
+- `server_name` (String) DNS name of the server this certificate is intended for.
+
+Read-Only:
+
+- `cert_info` (String) Additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName).
+- `cert_subtype` (String) The sub type of the cert, i.e. `ssh-rsa`.
-* `https` - (Optional), for a https certificate, the nested attributes are documented below.
-* `ssh` - (Optional), for a ssh certificate, the nested attributes are documented below.
-### https
+
+### Nested Schema for `ssh`
-* `server_name` - (Required), string, specifies the DNS name of the server this certificate is intended for.
-* `cert_data` - (Required), string, contains the actual certificate data, dependent on the certificate type.
+Required:
-### ssh
+- `cert_data` (String) The actual certificate data, dependent on the certificate type.
+- `cert_subtype` (String) The sub type of the cert, i.e. `ssh-rsa`.
+- `server_name` (String) DNS name of the server this certificate is intended for.
-* `server_name` - (Required), string, specifies the DNS name of the server this certificate is intended for.
-* `cert_subtype` - (Required), string, specifies the sub type of the cert, i.e. "ssh-rsa".
-* `cert_data` - (Required), string, contains the actual certificate data, dependent on the certificate type.
+Read-Only:
-## Attribute Reference
+- `cert_info` (String) Additional certificate info, dependent on the certificate type (e.g. SSH fingerprint, X509 CommonName).
-### https
-* `https.0.cert_subtype` - contains the sub type of the cert, i.e. "ssh-rsa"
-* `https.0.cert_info` - holds additional certificate info (e.g. X509 CommonName, etc).
-### ssh
-* `ssh.0.cert_info` - holds additional certificate info (e.g. SSH fingerprint, etc).
diff --git a/docs/resources/repository_credentials.md b/docs/resources/repository_credentials.md
index 1072630d..ec241316 100644
--- a/docs/resources/repository_credentials.md
+++ b/docs/resources/repository_credentials.md
@@ -1,38 +1,57 @@
-# argocd_repository_credentials
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "argocd_repository_credentials Resource - terraform-provider-argocd"
+subcategory: ""
+description: |-
+ Manages repository credentials https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#credentials within ArgoCD.
+---
-Creates ArgoCD repository credentials, for use with future or existing private repositories.
+# argocd_repository_credentials (Resource)
+
+Manages [repository credentials](https://argo-cd.readthedocs.io/en/stable/user-guide/private-repositories/#credentials) within ArgoCD.
## Example Usage
-```hcl
-// Private repository credentials
+```terraform
resource "argocd_repository_credentials" "private" {
url = "git@private-git-repository.local"
username = "git"
ssh_private_key = "-----BEGIN OPENSSH PRIVATE KEY-----\nfoo\nbar\n-----END OPENSSH PRIVATE KEY-----"
}
-
-// Uses previously defined argocd_repository_credentials credentials
-resource "argocd_repository" "private" {
- repo = "git@private-git-repository.local:somerepo.git"
-}
```
-## Argument Reference
+
+## Schema
+
+### Required
+
+- `url` (String) URL that these credentials matches to.
+
+### Optional
+
+- `enable_oci` (Boolean) Whether `helm-oci` support should be enabled for this repo.
+- `password` (String, Sensitive) Password for authenticating at the repo server.
+- `ssh_private_key` (String, Sensitive) Private key data for authenticating at the repo server using SSH (only Git repos).
+- `tls_client_cert_data` (String) TLS client cert data for authenticating at the repo server.
+- `tls_client_cert_key` (String, Sensitive) TLS client cert key for authenticating at the repo server.
+- `username` (String) Username for authenticating at the repo server.
-* `url` - (Required), string, URL that these credentials matches to.
-* `username` - (Optional), string, username to authenticate against the repository server.
-* `password` - (Optional), string, password to authenticate against the repository server.
-* `ssh_private_key` - (Optional), string, SSH private key data to authenticate against the repository server. **Only for Git repositories**.
-* `tls_client_cert_data` - (Optional), TLS client cert data to authenticate against the repository server.
-* `tls_client_cert_key` - (Optional), TLS client cert key to authenticate against the repository server.
-* `enable_oci` - (Optional), specify whether the repository server should be viewed as OCI compliant.
+### Read-Only
+
+- `id` (String) The ID of this resource.
## Import
-ArgoCD repository credentials can be imported using an id consisting of `{url}`, e.g.
-```
-$ terraform import argocd_repository_credentials.myrepocreds git@private-git-repository.local:somerepo.git
-```
+Import is supported using the following syntax:
-**NOTE**: as ArgoCD API does not return any sensitive information, a subsequent _terraform apply_ should be executed to make the password, ssh_private_key and tls_client_cert_key attributes converge to their expected values defined within the plan.
\ No newline at end of file
+```shell
+# Repository credentials can be imported using the repository URL.
+
+# Note: as the ArgoCD API does not return any sensitive information, a
+# subsequent `terraform apply` should be executed to make the `password`,
+# `ssh_private_key` and `tls_client_cert_key` attributes converge to their
+# expected values defined within the plan.
+
+# Example:
+terraform import argocd_repository_credentials.myrepocreds git@private-git-repository.local:somerepo.git
+```
diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf
new file mode 100644
index 00000000..3b30451a
--- /dev/null
+++ b/examples/provider/provider.tf
@@ -0,0 +1,4 @@
+provider "argocd" {
+ server_addr = "argocd.local:443"
+ auth_token = "1234..."
+}
diff --git a/examples/resources/argocd_application/import.sh b/examples/resources/argocd_application/import.sh
new file mode 100644
index 00000000..606f5980
--- /dev/null
+++ b/examples/resources/argocd_application/import.sh
@@ -0,0 +1,3 @@
+# ArgoCD applications can be imported using an id consisting of `{name}:{namespace}`. E.g.
+
+terraform import argocd_application.myapp myapp:argocd
\ No newline at end of file
diff --git a/examples/resources/argocd_application/resource.tf b/examples/resources/argocd_application/resource.tf
new file mode 100644
index 00000000..feb2ada2
--- /dev/null
+++ b/examples/resources/argocd_application/resource.tf
@@ -0,0 +1,116 @@
+resource "argocd_application" "kustomize" {
+ metadata {
+ name = "kustomize-app"
+ namespace = "argocd"
+ labels = {
+ test = "true"
+ }
+ }
+
+ spec {
+ project = "myproject"
+
+ source {
+ repo_url = "https://github.com/kubernetes-sigs/kustomize"
+ path = "examples/helloWorld"
+ target_revision = "master"
+ kustomize {
+ name_prefix = "foo-"
+ name_suffix = "-bar"
+ images = ["hashicorp/terraform:light"]
+ common_labels = {
+ "this.is.a.common" = "la-bel"
+ "another.io/one" = "true"
+ }
+ }
+ }
+
+ destination {
+ server = "https://kubernetes.default.svc"
+ namespace = "foo"
+ }
+
+ sync_policy {
+ automated = {
+ prune = true
+ self_heal = true
+ allow_empty = true
+ }
+ # Only available from ArgoCD 1.5.0 onwards
+ sync_options = ["Validate=false"]
+ retry {
+ limit = "5"
+ backoff = {
+ duration = "30s"
+ max_duration = "2m"
+ factor = "2"
+ }
+ }
+ }
+
+ ignore_difference {
+ group = "apps"
+ kind = "Deployment"
+ json_pointers = ["/spec/replicas"]
+ }
+
+ ignore_difference {
+ group = "apps"
+ kind = "StatefulSet"
+ name = "someStatefulSet"
+ json_pointers = [
+ "/spec/replicas",
+ "/spec/template/spec/metadata/labels/bar",
+ ]
+ # Only available from ArgoCD 2.1.0 onwards
+ jq_path_expressions = [
+ ".spec.replicas",
+ ".spec.template.spec.metadata.labels.bar",
+ ]
+ }
+ }
+}
+
+resource "argocd_application" "helm" {
+ metadata {
+ name = "helm-app"
+ namespace = "argocd"
+ labels = {
+ test = "true"
+ }
+ }
+
+ wait = true
+
+ spec {
+ source {
+ repo_url = "https://some.chart.repo.io"
+ chart = "mychart"
+ target_revision = "1.2.3"
+ helm {
+ parameter {
+ name = "image.tag"
+ value = "1.2.3"
+ }
+ parameter {
+ name = "someotherparameter"
+ value = "true"
+ }
+ value_files = ["values-test.yml"]
+ values = <