Argo-cd: SSO Configuration using argocd-secret not working

Created on 25 Jul 2019  路  2Comments  路  Source: argoproj/argo-cd

Describe the bug
As per documentation ( https://argoproj.github.io/argo-cd/operator-manual/sso/ ) I tried hiding the secret value clientSecret in the argocd-secret resource. The authentication fails because additional characters are added to the clientSecret value when using $dex.google.clientSecret notation.

To Reproduce

  1. Configure the argocd-cm configmap:
data:
  url: https://argocd.example.com
  dex.config: |
    connectors:
      - type: oidc
        id: google
        name: Google
        config:
          issuer: https://accounts.google.com
          clientID: redacted-string.apps.googleusercontent.com
          clientSecret: $dex.google.clientSecret
  1. Encrypt in base64 a value to be set in argocd-secret
  2. Edit the secret and add dex.google.clientSecret: base64-string-from-above
  3. Go into the dex logs and see that the actual clientSecret used by it is:
    clientSecret: |\n string-from-above

Expected behavior
The value should be clientSecret: string-from-above

If the value is set directly in argocd-cm the dex server works as expected!

Version
Both: 0.12.2 and 1.1.1

Not familiar with golang but I can try debugging this myself if you want.

bug
Source
picture lebenitza

All 2 comments

Nevermind, the additional characters were introduced by an automated base64 encoding for secret values.... Closing!

lebenitza picture lebenitza on 25 Jul 2019
👍1

I had this issue too using echo $someValue | base64, however this generates a new line - the correct method is to use echo -n $someValue | base64

chris-vest picture chris-vest on 30 Oct 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

clintberry picture clintberry  路  3Comments
chiragthaker picture chiragthaker  路  3Comments
hulu1522 picture hulu1522  路  3Comments
ksaito1125 picture ksaito1125  路  3Comments
turbotankist picture turbotankist  路  3Comments