fix: Argo Server Secrets Permissions (#307)

Grant permissions to workflow-controller and server roles to read database secrets

charts/argo/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "v2.7.6"
 description: A Helm chart for Argo Workflows
 name: argo
-version: 0.8.0
+version: 0.8.1
 icon: https://raw.githubusercontent.com/argoproj/argo/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:

charts/argo/templates/server-cluster-role.yaml

@@ -28,12 +28,23 @@ rules:
   - get
   - list
   - watch
+{{- if .Values.controller.persistence }}
 - apiGroups:
   - ""
   resources:
   - secrets
+  resourceNames:
+  {{- if .Values.controller.persistence.postgresql }}
+  - {{ .Values.controller.persistence.postgresql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.postgresql.passwordSecret.name }}
+  {{- end}}
+  {{- if .Values.controller.persistence.mysql }}
+  - {{ .Values.controller.persistence.mysql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.mysql.passwordSecret.name }}
+  {{- end}}
   verbs:
   - get
+{{- end}}
 - apiGroups:
   - argoproj.io
   resources:

charts/argo/templates/workflow-controller-clusterrole.yaml

@@ -78,4 +78,22 @@ rules:
   verbs:
   - get
   - list
+{{- if .Values.controller.persistence }}
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  {{- if .Values.controller.persistence.postgresql }}
+  - {{ .Values.controller.persistence.postgresql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.postgresql.passwordSecret.name }}
+  {{- end}}
+  {{- if .Values.controller.persistence.mysql }}
+  - {{ .Values.controller.persistence.mysql.userNameSecret.name }}
+  - {{ .Values.controller.persistence.mysql.passwordSecret.name }}
+  {{- end}}
+  verbs:
+  - get
+{{- end}}
+