sso secretname on configmap is not respected and defaults to sso as secretname

[omerfsen]

Summary

sso secret name on --configmap=argo-workflow-controller-configmap is not respected and defaults to "sso" as the secret name even we define secret on argo-workflow-controller-configmap configmap. This is working fine on v2.11.17 but not on v2.12.0-rc2

Diagnostics

AKS 1.16.15

Argo 2.12.0-rc2

Argo-Server pods:

kubectl logs -n argowf argo-server-b754b67fc-9qmjw 
time="2020-11-13T14:12:39Z" level=info authModes="[sso]" baseHRef=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/workflow/ managedNamespace= namespace=argowf secure=false
time="2020-11-13T14:12:39Z" level=warning msg="You are running in insecure mode. Learn how to enable transport layer security: https://argoproj.github.io/argo/tls/"
time="2020-11-13T14:12:39Z" level=info msg="config map" name=argo-workflow-controller-configmap
time="2020-11-13T14:12:40Z" level=fatal msg="failed to read secret: secrets \"sso\" not found"

configmap (containing argo-server-sso as sso section)

    sso:
      clientId:
        key: client-id
        name: argo-server-sso
      clientSecret:
        key: client-secret
        name: argo-server-sso
      issuer: xxx.com
      redirectUrl: https://xxx.com/workflow/oauth2/callback

---

Message from the maintainers:

Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.

[omerfsen]

Just for test changed secret name from argo-server-sso to sso and that part has passed but now has:

kubectl logs -n argowf argo-server-b754b67fc-qzm6b
time="2020-11-13T14:31:58Z" level=info authModes="[sso]" baseHRef=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/workflow/ managedNamespace= namespace=argowf secure=false
time="2020-11-13T14:31:58Z" level=warning msg="You are running in insecure mode. Learn how to enable transport layer security: https://argoproj.github.io/argo/tls/"
time="2020-11-13T14:31:58Z" level=info msg="config map" name=argo-workflow-controller-configmap
time="2020-11-13T14:31:59Z" level=fatal msg="failed to parse private key: asn1: syntax error: sequence truncated"

Not sure why it is complaining about:

"failed to parse private key: asn1: syntax error: sequence truncated

I also tried 2.12.0-rc1 still getting this "failed to parse private key: asn1: syntax error: sequence truncated error.

[alexec]

sso secret name on --configmap=argo-workflow-controller-configmap is not respected and defaults to "sso" as the secret name even we define secret on argo-workflow-controller-configmap configmap.

Incorrect. There is a new secret used to store the encryption key for JWE cookie. I expect it is unable to create that secret, as per #4514, and therefore probably fixed by it.

@simster7 @sarabala1979 I don't think v2.12-rc1/2 starts up for most people and rc3 is therefore needed.

[omerfsen]

@alexec I think that is valid for secret creation but i simply created secret manually before so this issue has 2 parts:

1. sso secret does not contain JWE cookie encryption cookie as it can't write it (related with issue fix(server): Add list sa and create secret to argo-server roles. Closes #4526 #4514 )
2. sso.clientId.name: client-id-secret is not respected and simply uses default secret which i think sso