* Deprecate componentParameterOverrides in favor of source specific config
* Support rollback when application source changes
* Removes the legacy spec.source.environment and spec.source.valuesFiles which were deprecated in v0.11
* Fix issue where argocd app create APPNAME --file didn't fail when there were name conflicts
* Fix issue where auto-sync and app deletion would cause infighting
* Make injected application instance label configurable from default
Stop removing ksonnet.io/component label, unless using legacy label
* Fix applying of resources when namespace is empty
With this change, the gRPC api client and grpc-gateway now supply a user-agent, `argocd-client/X.Y.Z`, with their all requests. This enables us to discern various versions of the CLI as the requestor, and reject requests from incompatible clients. We assume legacy clients as clients that only supply a single user-agent, grpc-go/1.15.0.
* Add kubeconfig string to ClusterCreateRequest
* Update generated files
* Copy and adapt cluster management logic into db
* Add service account deletion to db
* Return errors from new DB methods
* Adapt InstallClusterManagerRBAC for db
* Update errors in db
* Return error if it occurs from db
* Integrate code to (un)install cluster manager
* Use invalid argument instead of failed precondition
* Set bearer token if error is nil
* Rm cluster RBAC install from CLI
* Rm cluster mgmt install from e2e
* Rm common/install.go
* Move install components into server/cluster, thanks @jessesuen
* Rm unneeded ctx arg
* Restore common/installer.go
* Replace all quoted percent-s with percent-q
* Refactor common/installer.go with error returns
* Return errors rather than exiting fatally
* Return proper number of args
* Slim down cluster methods again
* Simplify, simplify, simplify
* Return gRPC error if RBAC could not be installed
* Issue log entries, not print statements
* Fix log import
* Update generated files
* Refactor
* Major cleanup
* Unmarshal context now
* Put claims check after bearer token insertion
* Initial work to use Kubernetes manifest to create a cluster
* Pass context name now
* Wire up prototype
* Add missing parameter for e2e test
* Just read file directly
* Change how we read cluster server
* Support more attributes from localconfig
* Update generated files
* Support incluster flag
* Comment out unused field for now
* Rm previous NewCluster function
* Unmarshal kube config successfully
* Handle insecure clusters, too
* Use existing logic to get config, thanks @jessesuen
* Revert cluster.go to master version
* Update invocations of RBAC installation
* Fix e2e invocation
* Don't remove management account, thanks @jessesuen
* Fix missing error check in e2e test
* Fix missing clientset arg in e2e fixture
* Create kubeclientset for kubeconfig, thanks @jessesuen
* Issue #295 - implement app destination permissions validation
* Apply reviewer notes. Use project to check application access. Update project access checks
* Use GetProject() instead of project to make sure default value is inferred
* Apply reviewer notes
* introduce rbac library around casbin
* supports claims enforcement by iteration through user's groups
* supports filtering of resources by level of access
* policy loader and automatic updates from configmap
* support for builtin and userdefined policies
* Support OAuth2 login flow from CLI (resolves#172)
* Refactor SessionManager to handle local and OAuth2 logins.
* argo login will request permanent credentials after OAuth2 flow
* Implement proper OIDC app state nonce. Add explicit `--sso` flag to `argo login`
This change implements SSO support.
dex is run as a sidecar to the ArgoCD API server, which fronts dex using a reverse proxy. The end result is that the ArgoCD acts as an OIDC provider serving under /api/dex. The login flow begins at /auth/login, which redirects to the Dex's OAuth2 consent page and ultimately directed to the IdP provider's login page, where they enter their credentials. After logging in, the OAuth2 redirect flows back to the client app, ultimately reaching /auth/callback, where the OIDC token claims are signed, and persisted in the users's cookie.
The dex configuration YAML is formulated during startup (through the argocd-util utility), with the configuration values taken from the argocd-cm configmap and the argocd-secret.
The build process was refactored to build argocd-util statically, so that it could be run inside off-the-shelf dex, which is built from alpine. Also, build speed was improved by expanding the default make targets in the Dockerfile, to avoid rebuilding each binary from scratch
Session management was refactored to use more bare-bones jwt library constructs, so we could reuse code from the user/password flow vs. OAuth2 flow.
* Initial SSO support. Run dex as sidecar. Generate dex config from ArgoCD cm and secret
* Sign and write SSO claims to JWT cookie during SSO login. Refactor session manager
* Build argo-util statically so it can run in dex sidecar. Redirect after SSO login
* Simplify app creation process to not require communication to dex gRPC server
* Re-arrange utilities into more granular packages
* Simplify config manager interface into just Get() and Save()
* Support installation into different namespace
* Combine all secrets into single secret
* Use a hard-wired configmap name
* Admin username is no longer configurable
