feat: Validation webhook to reject invalid SSO configs in ArgoCD CR

[akhilnittala]

What type of PR is this?

/kind enhancement

What does this PR do / why we need it:
When both sso and oidc config is provided in argocd, we are not rejecting the request. so with this pr changes, we have implemented validation which rejects the request with argocd CR having both sso and oidc configuration.
Have you updated the necessary documentation?

• Documentation update is required by this PR.
• Documentation has been updated.

Which issue(s) this PR fixes:
https://issues.redhat.com/browse/GITOPS-8560
Fixes #?
https://issues.redhat.com/browse/GITOPS-8560
How to test changes / Special notes to the reviewer:

• install argocd operator with changes
• create argo cd CR with both sso and oidc config
• request should be rejected.

Summary by CodeRabbit

• Bug Fixes

  • Validation added to prevent configuring both SSO and OIDC at the same time; setting both now triggers a validation error.

• Tests

  • Added a test to verify that creating a resource with both SSO and OIDC is rejected.

• Chores

  • Updated manifest metadata timestamps.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds declarative validation to the ArgoCD CRD and source marker to forbid setting spec.sso and spec.oidcConfig simultaneously; updates related CRD/CSV manifests and adds a test that asserts creation fails when both fields are present.

Changes

Cohort / File(s)	Summary
Source code marker api/v1beta1/argocd_types.go	Added kubebuilder/OpenAPI validation marker on ArgoCDSpec to declare spec.sso and spec.oidcConfig as mutually exclusive.
CRD manifests config/crd/bases/argoproj.io_argocds.yaml, bundle/manifests/argoproj.io_argocds.yaml, deploy/olm-catalog/.../argoproj.io_argocds.yaml	Inserted x-kubernetes-validations with rule !(has(self.sso) && has(self.oidcConfig)) and message "spec.sso and spec.oidcConfig cannot both be set" for v1alpha1/v1beta1 schemas.
CSV metadata updates bundle/manifests/argocd-operator.clusterserviceversion.yaml, deploy/olm-catalog/.../argocd-operator.v0.18.0.clusterserviceversion.yaml	Updated createdAt timestamps in ClusterServiceVersion metadata.
Tests tests/ginkgo/parallel/1-001_validate_basic_test.go	Added a test asserting ArgoCD creation is invalid when both SSO and OIDC configs are set.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibble on schemas, tidy and neat,
I hop through CRDs with small, careful feet.
"Choose one," I whisper, "don't mix the two" —
SSO or OIDC, but not both for you.
A happy rabbit guards the config tree 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly describes the main change: adding validation to reject invalid SSO configurations where both SSO and OIDC are set simultaneously in ArgoCD CRs.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[anandf]

Validation logic looks good to me. Please add E2E tests to confirm that the validation works as expected.

[svghadi]

Looks good to me aswell. Let’s add some tests and merge it.

[akhilnittala]

@svghadi , @anandf added the e2e tests as well, could you please review

[svghadi]

LGTM. Thanks