argo-workflows icon indicating copy to clipboard operation
argo-workflows copied to clipboard
verified publisher icon argoproj

feat(sso): add client cert and root CA options. Fixes #13545. Fixes #7198.

Open Simple-Analysis opened this issue 1 year ago • 4 comments

Fixes #13545 and fixes #7198.

Motivation

To enable SSO features by ensuring that communication can occur with SSO provider's endpoint that enforces client certificate authentication.

Modifications

  • Added client certificate options for httpClient used in SSO provider communications
  • Added custom root CA option for httpClient used in SSO provider communications

Verification

Unit tests to ensure certificates are consumed properly.

Simple-Analysis avatar Sep 02 '24 06:09 Simple-Analysis

This pull request addresses a specific issue that is currently preventing us from using Argo Workflows across multiple teams, and I’d be happy to make any necessary changes or provide additional context if required.

If you have any feedback or guidance on how I can help move this forward, I’d be more than happy to assist. Thanks so much for your time and consideration!

@agilgur5 and @Joibel I noticed this PR was moved between a few milestones, so I was curious how the milestone assignment works with regard to which PRs make the cut?

Simple-Analysis avatar Jan 17 '25 04:01 Simple-Analysis

@agilgur5 and @Joibel I noticed this PR was moved between a few milestones, so I was curious how the milestone assignment works with regard to which PRs make the cut?

The releases are nominally done on a schedule. 3.6 took much longer. PRs make the cut if they are merged by the time the next release is due. Ideally everything would have been reviewed and merged - but the milestone is a kind of desired checklist. Unless an item is a regression it won't usually hold up the release.

Joibel avatar Jan 31 '25 12:01 Joibel

FYI: @bradfordwagner entered https://github.com/argoproj/argo-workflows/pull/14989 to only add support for the root CA option. I confirmed it's possible to test that in the local development environment: https://github.com/argoproj/argo-workflows/pull/14989#pullrequestreview-3386387456

MasonM avatar Oct 28 '25 03:10 MasonM

FYI: @bradfordwagner entered #14989 to only add support for the root CA option. I confirmed it's possible to test that in the local development environment: #14989 (review)

Thats's awesome! Looking through #14989, it seems like I can leverage the tests that were setup to satisfy your requirements for this PR as well. There's some overlap in our implementation and it looks like #14989 is further along than this one with regard to the approval process, so I'll standby and keep an eye on it. Once merged, I'll adjust this PR accordingly.

Simple-Analysis avatar Nov 09 '25 21:11 Simple-Analysis