validatedpatterns
diff --git a/‎templates/_helpers.tpl‎
Lines changed: 2 additions & 0 deletions b/‎templates/_helpers.tpl‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎templates/policies/acm-hub-ca-policy.yaml‎
Lines changed: 1 addition & 1 deletion b/‎templates/policies/acm-hub-ca-policy.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎templates/policies/application-policies.yaml‎
Lines changed: 6 additions & 6 deletions b/‎templates/policies/application-policies.yaml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎templates/policies/ocp-gitops-policy.yaml‎
Lines changed: 28 additions & 3 deletions b/‎templates/policies/ocp-gitops-policy.yaml‎
Lines changed: 28 additions & 3 deletions
diff --git a/‎templates/policies/private-repo-policies.yaml‎
Lines changed: 4 additions & 4 deletions b/‎templates/policies/private-repo-policies.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎tests/application_policy_test.yaml‎
Lines changed: 4 additions & 4 deletions b/‎tests/application_policy_test.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎tests/gitops_sub_namespace_test.yaml‎
Lines changed: 9 additions & 9 deletions b/‎tests/gitops_sub_namespace_test.yaml‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎tests/vp_argo_namespace_app_test.yaml‎
Lines changed: 87 additions & 0 deletions b/‎tests/vp_argo_namespace_app_test.yaml‎
Lines changed: 87 additions & 0 deletions
@@ -69,6 +69,8 @@ if this chart gets DeleteSpokeChildApps, it will set deletePattern to DeleteChil
   {{- end }}
 - name: global.gitOpsSubNamespace
   value: {{ $.Values.global.gitOpsSubNamespace }}
+- name: global.vpArgoNamespace
+  value: {{ $.Values.global.vpArgoNamespace }}
 {{- end }} {{- /*acm.app.policies.helmparameters */}}
 
 {{- define "acm.app.clusterSelector" -}}
 
@@ -172,7 +172,7 @@ spec:
                 apiVersion: v1
                 metadata:
                   name: trusted-hub-bundle
-                  namespace: openshift-gitops
+                  namespace: {{ $.Values.global.vpArgoNamespace }}
                 data:
                   hub-kube-root-ca.crt: |
                     {{ `{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | autoindent hub}}` }}
 
@@ -34,25 +34,25 @@ spec:
                 apiVersion: rbac.authorization.k8s.io/v1
                 kind: ClusterRoleBinding
                 metadata:
-                  name: openshift-gitops-cluster-admin-rolebinding
+                  name: {{ $.Values.global.vpArgoNamespace }}-cluster-admin-rolebinding
                 roleRef:
                   apiGroup: rbac.authorization.k8s.io
                   kind: ClusterRole
                   name: cluster-admin
                 subjects:
                   - kind: ServiceAccount
-                    name: openshift-gitops-argocd-application-controller
-                    namespace: openshift-gitops
+                    name: {{ $.Values.global.vpArgoNamespace }}-argocd-application-controller
+                    namespace: {{ $.Values.global.vpArgoNamespace }}
                   - kind: ServiceAccount
-                    name: openshift-gitops-argocd-server
-                    namespace: openshift-gitops
+                    name: {{ $.Values.global.vpArgoNamespace }}-argocd-server
+                    namespace: {{ $.Values.global.vpArgoNamespace }}
             - complianceType: mustonlyhave
               objectDefinition:
                 apiVersion: argoproj.io/v1alpha1
                 kind: Application
                 metadata:
                   name: {{ $.Values.global.pattern }}-{{ .name }}
-                  namespace: openshift-gitops
+                  namespace: {{ $.Values.global.vpArgoNamespace }}
                   finalizers:
                   - resources-finalizer.argocd.argoproj.io/foreground
                 spec:
 
@@ -1,8 +1,8 @@
-# We copy the vp-private-repo-credentials from the "openshift-gitops" namespace
+# We copy the vp-private-repo-credentials from the ArgoCD namespace
 # to the "open-cluster-management" via the "private-hub-policy"
 #
 # Then we copy the secret from the "open-cluster-management" namespace to the
-# managed clusters "openshift-gitops" instance
+# managed clusters ArgoCD instance
 #
 # And we also copy the same secret to the namespaced argo's namespace
 {{ if $.Values.global.privateRepo }}
@@ -38,7 +38,7 @@ spec:
                 type: Opaque
                 metadata:
                   name: vp-private-repo-credentials
-                  namespace: openshift-gitops
+                  namespace: {{ $.Values.global.vpArgoNamespace }}
                   labels:
                     argocd.argoproj.io/secret-type: repository
                 data: '{{ `{{hub copySecretData "open-cluster-management" "vp-private-repo-credentials" hub}}` }}'
@@ -116,7 +116,7 @@ spec:
                   namespace: open-cluster-management
                   labels:
                     argocd.argoproj.io/secret-type: repository
-                data: '{{ `{{copySecretData "openshift-gitops" "vp-private-repo-credentials"}}` }}'
+                data: '{{ `{{copySecretData "` }}{{ $.Values.global.vpArgoNamespace }}{{ `" "vp-private-repo-credentials"}}` }}'
 ---
 apiVersion: policy.open-cluster-management.io/v1
 kind: PlacementBinding
 
@@ -87,8 +87,8 @@ tests:
           path: spec.predicates[0].requiredClusterSelector.labelSelector.matchLabels.clusterGroup
           value: group-two
 
-  # Test for openshift-gitops-cluster-admin-rolebinding CRB
-  - it: Should precreate the openshift-gitops-cluster-admin-rolebinding ClusterRoleBinding
+  # Test for cluster-admin-rolebinding CRB (uses default vpArgoNamespace: openshift-gitops)
+  - it: Should precreate the cluster-admin-rolebinding ClusterRoleBinding
     values:
       - ./clusterselector_values.yaml
     set:
@@ -268,7 +268,7 @@ tests:
           value: group-one-clustergroup-policy
         lengthEqual:
           path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.sources[1].helm.parameters
-          count: 20 # 17 (in the helper) +3 (1 override, and 1 clusterGroup.name)
+          count: 21 # 18 (in the helper) +3 (1 override, and 1 clusterGroup.name)
       - documentSelector:
           path: metadata.name
           value: group-one-clustergroup-policy
@@ -303,7 +303,7 @@ tests:
           value: group-one-clustergroup-policy
         lengthEqual:
           path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.sources[1].helm.parameters
-          count: 20 # 17 (in the helper) +3 (1 override, and 1 clusterGroup.name)
+          count: 21 # 18 (in the helper) +3 (1 override, and 1 clusterGroup.name)
       - documentSelector:
           path: metadata.name
           value: group-one-clustergroup-policy
 
@@ -78,13 +78,13 @@ tests:
           path: metadata.name
           value: region-one-gitops-policy
         equal:
-          path: spec.policy-templates[0].objectDefinition.spec.object-templates[2].objectDefinition.kind
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[3].objectDefinition.kind
           value: Namespace
       - documentSelector:
           path: metadata.name
           value: region-one-gitops-policy
         equal:
-          path: spec.policy-templates[0].objectDefinition.spec.object-templates[2].objectDefinition.metadata.name
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[3].objectDefinition.metadata.name
           value: yolo
 
   - it: should create operatorgroup object-template when gitOpsSubNamespace is set to something other than openshift-operators
@@ -103,19 +103,19 @@ tests:
           path: metadata.name
           value: region-one-gitops-policy
         equal:
-          path: spec.policy-templates[0].objectDefinition.spec.object-templates[3].objectDefinition.kind
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[4].objectDefinition.kind
           value: OperatorGroup
       - documentSelector:
           path: metadata.name
           value: region-one-gitops-policy
         equal:
-          path: spec.policy-templates[0].objectDefinition.spec.object-templates[3].objectDefinition.metadata.name
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[4].objectDefinition.metadata.name
           value: my-gitops-ns-operator-group
       - documentSelector:
           path: metadata.name
           value: region-one-gitops-policy
         equal:
-          path: spec.policy-templates[0].objectDefinition.spec.object-templates[3].objectDefinition.metadata.namespace
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[4].objectDefinition.metadata.namespace
           value: my-gitops-ns
 
   - it: should not create operatorgroup nor namespace object-template when gitOpsSubNamespace is set to openshift-operators
@@ -135,7 +135,7 @@ tests:
           value: region-one-gitops-policy
         lengthEqual:
           path: spec.policy-templates[0].objectDefinition.spec.object-templates
-          count: 2 # Just subscription and configmap
+          count: 3 # Subscription, namespace (vpArgoNamespace), and configmap
 
   - it: should not create operatorgroup nor namespace object-template when gitOpsSubNamespace is set to null
     set:
@@ -154,7 +154,7 @@ tests:
           value: region-one-gitops-policy
         lengthEqual:
           path: spec.policy-templates[0].objectDefinition.spec.object-templates
-          count: 2 # Just subscription and configmap
+          count: 3 # Subscription, namespace (vpArgoNamespace), and configmap
 
   - it: should not create operatorgroup nor namespace object-template when gitOpsSubNamespace is set to empty
     set:
@@ -173,7 +173,7 @@ tests:
           value: region-one-gitops-policy
         lengthEqual:
           path: spec.policy-templates[0].objectDefinition.spec.object-templates
-          count: 2 # Just subscription and configmap
+          count: 3 # Subscription, namespace (vpArgoNamespace), and configmap
 
   - it: should use gitOpsSubNamespace as subscription namespace when set
     set:
@@ -191,5 +191,5 @@ tests:
           path: metadata.name
           value: region-one-gitops-policy
         matchRegex:
-          path: spec.policy-templates[0].objectDefinition.spec.object-templates[3].objectDefinition.metadata.namespace
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[4].objectDefinition.metadata.namespace
           pattern: ^my-gitops-ns$
@@ -0,0 +1,87 @@
+suite: Test vpArgoNamespace in application-policies
+templates:
+  - templates/policies/application-policies.yaml
+release:
+  name: release-test
+tests:
+  - it: should use custom vpArgoNamespace in ClusterRoleBinding name
+    values:
+      - ./clusterselector_values.yaml
+    set:
+      global:
+        vpArgoNamespace: custom-argocd
+        multiSourceSupport: true
+        multiSourceRepoUrl: "https://charts.example.com"
+        multiSourceTargetRevision: "0.1.0"
+    asserts:
+      - documentSelector:
+          path: metadata.name
+          value: group-one-clustergroup-policy
+        equal:
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.metadata.name
+          value: custom-argocd-cluster-admin-rolebinding
+
+  - it: should use custom vpArgoNamespace in ServiceAccount subjects
+    values:
+      - ./clusterselector_values.yaml
+    set:
+      global:
+        vpArgoNamespace: custom-argocd
+        multiSourceSupport: true
+        multiSourceRepoUrl: "https://charts.example.com"
+        multiSourceTargetRevision: "0.1.0"
+    asserts:
+      - documentSelector:
+          path: metadata.name
+          value: group-one-clustergroup-policy
+        contains:
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.subjects
+          content:
+            kind: ServiceAccount
+            name: custom-argocd-argocd-application-controller
+            namespace: custom-argocd
+      - documentSelector:
+          path: metadata.name
+          value: group-one-clustergroup-policy
+        contains:
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[0].objectDefinition.subjects
+          content:
+            kind: ServiceAccount
+            name: custom-argocd-argocd-server
+            namespace: custom-argocd
+
+  - it: should use custom vpArgoNamespace for Application namespace
+    values:
+      - ./clusterselector_values.yaml
+    set:
+      global:
+        vpArgoNamespace: custom-argocd
+        multiSourceSupport: true
+        multiSourceRepoUrl: "https://charts.example.com"
+        multiSourceTargetRevision: "0.1.0"
+    asserts:
+      - documentSelector:
+          path: metadata.name
+          value: group-one-clustergroup-policy
+        equal:
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.metadata.namespace
+          value: custom-argocd
+
+  - it: should pass vpArgoNamespace as a helm parameter
+    values:
+      - ./clusterselector_values.yaml
+    set:
+      global:
+        vpArgoNamespace: custom-argocd
+        multiSourceSupport: true
+        multiSourceRepoUrl: "https://charts.example.com"
+        multiSourceTargetRevision: "0.1.0"
+    asserts:
+      - documentSelector:
+          path: metadata.name
+          value: group-one-clustergroup-policy
+        contains:
+          path: spec.policy-templates[0].objectDefinition.spec.object-templates[1].objectDefinition.spec.sources[1].helm.parameters
+          content:
+            name: global.vpArgoNamespace
+            value: custom-argocd