DevFW-CICD/argocd-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(argo-workflows): Add support for sso filterGroupsRegex (#2379)

Browse source 
According to https://argoproj.github.io/argo-workflows/argo-server-sso/#filtering-groups

Resolves #2378

Signed-off-by: Neile Havens <neilehavens@gmail.com>
This commit is contained in:
Neile Havens 2023-12-08 16:44:59 -06:00 committed by GitHub
parent 4a0f512f70
commit a9e31c82fd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
charts/argo-workflows/Chart.yaml
View file

@ -3,7 +3,7 @@ appVersion: v3.5.2
name: argo-workflows name: argo-workflows
description: A Helm chart for Argo Workflows description: A Helm chart for Argo Workflows
type: application type: application
version: 0.39.7 version: 0.39.8
icon: https://argoproj.github.io/argo-workflows/assets/logo.png icon: https://argoproj.github.io/argo-workflows/assets/logo.png
home: https://github.com/argoproj/argo-helm home: https://github.com/argoproj/argo-helm
sources: sources:
@ -16,5 +16,5 @@ annotations:
fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
url: https://argoproj.github.io/argo-helm/pgp_keys.asc url: https://argoproj.github.io/argo-helm/pgp_keys.asc
artifacthub.io/changes: | artifacthub.io/changes: |
- kind: fixed - kind: changed
description: Fixes OAuth redirect URL autoconfig. description: Add support for sso filterGroupsRegex according to https://argoproj.github.io/argo-workflows/argo-server-sso/#filtering-groups

1
charts/argo-workflows/README.md
View file

@ -326,6 +326,7 @@ Fields to note:
| server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret | | server.sso.clientSecret.name | string | `"argo-server-sso"` | Name of a secret to retrieve the app OIDC client secret |
| server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups | | server.sso.customGroupClaimName | string | `""` | Override claim name for OIDC groups |
| server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. | | server.sso.enabled | bool | `false` | Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`. |
| server.sso.filterGroupsRegex | list | `[]` | Filter the groups returned by the OIDC provider |
| server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client | | server.sso.insecureSkipVerify | bool | `false` | Skip TLS verification for the HTTP client |
| server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider | | server.sso.issuer | string | `"https://accounts.google.com"` | The root URL of the OIDC identity provider |
| server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers | | server.sso.issuerAlias | string | `""` | Alternate root URLs that can be included for some OIDC providers |

3
charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
View file

@ -162,6 +162,9 @@ data:
{{- with .Values.server.sso.insecureSkipVerify }} {{- with .Values.server.sso.insecureSkipVerify }}
insecureSkipVerify: {{ toYaml . }} insecureSkipVerify: {{ toYaml . }}
{{- end }} {{- end }}
{{- with .Values.server.sso.filterGroupsRegex }}
filterGroupsRegex: {{ toYaml . | nindent 8 }}
{{- end }}
{{- end }} {{- end }}
{{- with .Values.controller.workflowRestrictions }} {{- with .Values.controller.workflowRestrictions }}
workflowRestrictions: {{- toYaml . | nindent 6 }} workflowRestrictions: {{- toYaml . | nindent 6 }}

5
charts/argo-workflows/values.yaml
View file

@ -701,6 +701,11 @@ server:
userInfoPath: "" userInfoPath: ""
# -- Skip TLS verification for the HTTP client # -- Skip TLS verification for the HTTP client
insecureSkipVerify: false insecureSkipVerify: false
# -- Filter the groups returned by the OIDC provider
## A logical "OR" is used between each regex in the list
filterGroupsRegex: []
# - ".*argo-wf.*"
# - ".*argo-workflow.*"
# -- Extra containers to be added to the server deployment # -- Extra containers to be added to the server deployment
extraContainers: [] extraContainers: []