Value Statement

Currently, the ACM/OCM-io Argo CD Agent addon requires a separate username and password for spoke to hub authentication, unlike other ACM/OCM addons which use foundation certificate based authentication post registration. By implementing certificate authentication in the Argo CD Agent project, we will align it with the standard security model already used by other ACM/OCM addons, remove the need for username and password credentials authentication.

Design/POC/Setup are done in https://issues.redhat.com/browse/ACM-18058

Definition of Done for Engineering Story Owner (Checklist)

• Add mTLS authentication method with customizable subject extractor to Argo CD Agent project
• Update the existing OCM-io Argo CD Agent addon to leverage this new feature

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.