fix(argo-workflows): Set only used values on SSO configuration (#1483)

Signed-off-by: yu-croco <yu.croco@gmail.com>
2022-09-24 09:03:36 +09:00 · 2022-09-24 09:03:36 +09:00 · fd0f2c92e1
parent f1fabf17dd
commit fd0f2c92e1
3 changed files with 39 additions and 3 deletions
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@ -3,7 +3,7 @@ appVersion: v3.4.0
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.19.1
+version: 0.19.2
 icon: https://raw.githubusercontent.com/argoproj/argo-workflows/master/docs/assets/argo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@ -13,4 +13,4 @@ maintainers:
    url: https://argoproj.github.io/
 annotations:
  artifacthub.io/changes: |
-    - "[Fixed]: Remove unsupported values from SSO configuration"
+    - "[Fixed]: Set only used values on SSO configuration"
--- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
@ -119,7 +119,38 @@ data:
    workflowDefaults:
 {{ toYaml .Values.controller.workflowDefaults | indent 6 }}{{- end }}
    {{- with .Values.server.sso }}
-    sso: {{- toYaml . | nindent 6 }}
+    sso:
+      issuer: {{ .issuer }}
+      clientId:
+        name: {{ .clientId.name }}
+        key: {{ .clientId.key }}
+      clientSecret:
+        name: {{ .clientSecret.name }}
+        key: {{ .clientSecret.key }}
+      redirectUrl: {{ .redirectUrl }}
+      {{- if and (.rbac) (.rbac.enabled) }}
+      rbac:
+        enabled: {{ .rbac.enabled }}
+      {{- end }}
+      {{- if .scopes }}
+      scopes: {{ toYaml .scopes | nindent 8 }}
+      {{- end }}
+      {{- if .issuerAlias }}
+      issuerAlias: {{ .issuerAlias }}
+      {{- end }}
+      {{- if and (.sessionExpiry) (.sessionExpiry.duration) }}
+      sessionExpiry:
+       duration: {{ .sessionExpiry.duration }}
+      {{- end }}
+      {{- if .customGroupClaimName }}
+      customGroupClaimName: {{ .customGroupClaimName }}
+      {{- end }}
+      {{- if .userInfoPath }}
+      userInfoPath: {{ .userInfoPath }}
+      {{- end }}
+      {{- if .insecureSkipVerify }}
+      insecureSkipVerify: {{ .insecureSkipVerify }}
+      {{- end }}
    {{- end }}
    {{- with .Values.controller.workflowRestrictions }}
    workflowRestrictions: {{- toYaml . | nindent 6 }}
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@ -482,6 +482,11 @@ server:
    # redirectUrl: https://argo/oauth2/callback
    # rbac:
    #   enabled: true
+    ## When present, restricts secrets the server can read to a given list.
+    ## You can use it to restrict the server to only be able to access the
+    ## service account token secrets that are associated with service accounts
+    ## used for authorization.
+    #   secretWhitelist: []
    ## Scopes requested from the SSO ID provider.  The 'groups' scope requests
    ## group membership information, which is usually used for authorization
    ## decisions.