From 565f71e3b1c96ee3126dff7cdea9d251378bda66 Mon Sep 17 00:00:00 2001
From: Jennifer Weir <contact@jenniferpweir.com>
Date: Sat, 9 May 2026 15:48:51 -0400
Subject: [PATCH] chore(argocd): swap to avp template for now

---
 .../argocd/operator/components/argocd.yaml    |  2 +-
 .../argocd/overlays/okd/kustomization.yaml    |  2 +-
 .../overlays/okd/oidc-external-secret.yaml    | 38 +++++++++----------
 terraform/okd/main.tf                         |  6 +--
 4 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/manifests/platform/argocd/operator/components/argocd.yaml b/manifests/platform/argocd/operator/components/argocd.yaml
index 365a74b..88470c3 100644
--- a/manifests/platform/argocd/operator/components/argocd.yaml
+++ b/manifests/platform/argocd/operator/components/argocd.yaml
@@ -105,7 +105,7 @@ spec:
     name: azure
     issuer: <path:projects/1086456784694/secrets/azure_issuer_url#azure_issuer_url>
     clientID: <path:projects/1086456784694/secrets/azure_client_id#azure_client_id>
-    clientSecret: $oidc.azure_client_secret
+    clientSecret: <path:projects/1086456784694/secrets/azure_client_secret#azure_client_secret>
     # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
     requestedScopes: ["openid", "profile", "email"]
     # Optional set of OIDC claims to request on the ID token.
diff --git a/manifests/platform/argocd/overlays/okd/kustomization.yaml b/manifests/platform/argocd/overlays/okd/kustomization.yaml
index 0bb6504..1c82320 100644
--- a/manifests/platform/argocd/overlays/okd/kustomization.yaml
+++ b/manifests/platform/argocd/overlays/okd/kustomization.yaml
@@ -3,6 +3,6 @@ kind: Kustomization
 resources:
   - ../../operator/base
   - ../../operator/components
-  - oidc-external-secret.yaml
+  # - oidc-external-secret.yaml
   - quay-external-secret.yaml
   - secretstore.yaml
diff --git a/manifests/platform/argocd/overlays/okd/oidc-external-secret.yaml b/manifests/platform/argocd/overlays/okd/oidc-external-secret.yaml
index 485d06a..25b12db 100644
--- a/manifests/platform/argocd/overlays/okd/oidc-external-secret.yaml
+++ b/manifests/platform/argocd/overlays/okd/oidc-external-secret.yaml
@@ -1,19 +1,19 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: oidc
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-wave: "3"
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: gsm-secret-store
-    kind: SecretStore
-  target:
-    name: oidc
-    creationPolicy: Owner
-  data:
-    - secretKey: azure_client_secret
-      remoteRef:
-        key: azure_client_secret
+# apiVersion: external-secrets.io/v1
+# kind: ExternalSecret
+# metadata:
+#   name: oidc
+#   namespace: argocd
+#   annotations:
+#     argocd.argoproj.io/sync-wave: "3"
+# spec:
+#   refreshInterval: 1h
+#   secretStoreRef:
+#     name: gsm-secret-store
+#     kind: SecretStore
+#   target:
+#     name: oidc
+#     creationPolicy: Owner
+#   data:
+#     - secretKey: azure_client_secret
+#       remoteRef:
+#         key: azure_client_secret
diff --git a/terraform/okd/main.tf b/terraform/okd/main.tf
index e4507f4..6cc56ab 100644
--- a/terraform/okd/main.tf
+++ b/terraform/okd/main.tf
@@ -9,11 +9,11 @@ locals {
         "grafana_admin_user",
         "grafana_admin_password",
         "azure_client_id",
-        "azure_issuer_url"
+        "azure_issuer_url",
+        "azure_client_secret"
     ]
     argocd_eso_secrets = [
-        "quay-jennweir-pull-secret",
-        "azure_client_secret"
+        "quay-jennweir-pull-secret"
     ]
 }