* Deprecate componentParameterOverrides in favor of source specific config
* Support rollback when application source changes
* Removes the legacy spec.source.environment and spec.source.valuesFiles which were deprecated in v0.11
* Fix issue where argocd app create APPNAME --file didn't fail when there were name conflicts
* Fix issue where auto-sync and app deletion would cause infighting
* Make injected application instance label configurable from default
Stop removing ksonnet.io/component label, unless using legacy label
* Fix applying of resources when namespace is empty
With this change, the gRPC api client and grpc-gateway now supply a user-agent, `argocd-client/X.Y.Z`, with their all requests. This enables us to discern various versions of the CLI as the requestor, and reject requests from incompatible clients. We assume legacy clients as clients that only supply a single user-agent, grpc-go/1.15.0.
* Issue #295 - implement app destination permissions validation
* Apply reviewer notes. Use project to check application access. Update project access checks
* Use GetProject() instead of project to make sure default value is inferred
* Apply reviewer notes
* introduce rbac library around casbin
* supports claims enforcement by iteration through user's groups
* supports filtering of resources by level of access
* policy loader and automatic updates from configmap
* support for builtin and userdefined policies
* Support OAuth2 login flow from CLI (resolves#172)
* Refactor SessionManager to handle local and OAuth2 logins.
* argo login will request permanent credentials after OAuth2 flow
* Implement proper OIDC app state nonce. Add explicit `--sso` flag to `argo login`
This change implements SSO support.
dex is run as a sidecar to the ArgoCD API server, which fronts dex using a reverse proxy. The end result is that the ArgoCD acts as an OIDC provider serving under /api/dex. The login flow begins at /auth/login, which redirects to the Dex's OAuth2 consent page and ultimately directed to the IdP provider's login page, where they enter their credentials. After logging in, the OAuth2 redirect flows back to the client app, ultimately reaching /auth/callback, where the OIDC token claims are signed, and persisted in the users's cookie.
The dex configuration YAML is formulated during startup (through the argocd-util utility), with the configuration values taken from the argocd-cm configmap and the argocd-secret.
The build process was refactored to build argocd-util statically, so that it could be run inside off-the-shelf dex, which is built from alpine. Also, build speed was improved by expanding the default make targets in the Dockerfile, to avoid rebuilding each binary from scratch
Session management was refactored to use more bare-bones jwt library constructs, so we could reuse code from the user/password flow vs. OAuth2 flow.
* Initial SSO support. Run dex as sidecar. Generate dex config from ArgoCD cm and secret
* Sign and write SSO claims to JWT cookie during SSO login. Refactor session manager
* Build argo-util statically so it can run in dex sidecar. Redirect after SSO login
* Simplify app creation process to not require communication to dex gRPC server
* Re-arrange utilities into more granular packages
* Simplify config manager interface into just Get() and Save()
* Support installation into different namespace
* Combine all secrets into single secret
* Use a hard-wired configmap name
* Admin username is no longer configurable
