* Update Gopkg.toml
* Update Gopkg.lock
* Add new test-coverage command
* Update .gitignore to ignore coverage.out
* Test injection of COVERALLS_TOKEN variable
* Add draft of .travis.yml
* Rm recursive coveralls token
* Ensure that goveralls gets installed
* Rm second Go version
* Update workflow with coverage testing
* Change service from argo to argo-ci
* Rm .travis.yml
* Try setting coveralls token more explicitly
* Try file-based instead of env-based token
* Try both methods of providing token
* Go back to just env-based token
* Update with another printout test
* Try using container, thanks @alexmt
* Simplify for now, take 2
* Rm quotes
* Move env to ci-builder template
* Rm coveralls token
* Add coverage badge for current branch, take 2
* Add else statement for output in case of missing token
* Ensure we use the race detector
* Don't install goveralls with dep ensure
* Update generated files
* Try ignoring intermediate files
* Don't use race detector for now
* Try new pattern to ignore
* Try different pattern now
* Try different ignore path
* Try a different ignore style
* Ignore generated protobuf files properly now
* Rm standalone test since we have test-coverage
* update getting started to work for post 0.6
* create central install manifest from individual manifests
* point e2e tests to correct manifests dir
* Update roles required by api-server and application-controller to include CRUD on appproject CRD.
* Added back explanations of keys in the secret manifests
NOTE: install.yaml will need change to use a hard wired version (e.g. v0.6.0) in a subsequent checkin.
* Take first shot at enable CGO on Linux
* Simplify CGO_ENABLED flag check
* Use curly braces for consistency
* Build CLI with CGO if possible, thanks @jessesuen
This change implements SSO support.
dex is run as a sidecar to the ArgoCD API server, which fronts dex using a reverse proxy. The end result is that the ArgoCD acts as an OIDC provider serving under /api/dex. The login flow begins at /auth/login, which redirects to the Dex's OAuth2 consent page and ultimately directed to the IdP provider's login page, where they enter their credentials. After logging in, the OAuth2 redirect flows back to the client app, ultimately reaching /auth/callback, where the OIDC token claims are signed, and persisted in the users's cookie.
The dex configuration YAML is formulated during startup (through the argocd-util utility), with the configuration values taken from the argocd-cm configmap and the argocd-secret.
The build process was refactored to build argocd-util statically, so that it could be run inside off-the-shelf dex, which is built from alpine. Also, build speed was improved by expanding the default make targets in the Dockerfile, to avoid rebuilding each binary from scratch
Session management was refactored to use more bare-bones jwt library constructs, so we could reuse code from the user/password flow vs. OAuth2 flow.
* Initial SSO support. Run dex as sidecar. Generate dex config from ArgoCD cm and secret
* Sign and write SSO claims to JWT cookie during SSO login. Refactor session manager
* Build argo-util statically so it can run in dex sidecar. Redirect after SSO login
* Simplify app creation process to not require communication to dex gRPC server
* Don't ask for user credentials if username and password are specified as arguments
* Add cli image make target
* Don't re-prompt username/password in PromptCredentials
