fix: Allow self-signed Root CA for SSO. Fixes #6793

[NextNiclas]

Signed-off-by: Niclas Schnickmann [email protected]

Fixes #6793

Introduced optionalinsecureSkipVerify option in sso configuration.
Example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: workflow-controller-configmap
  namespace: argo
data:
  sso: |
    issuer: https://idp.example.org/auth/realms/master
    insecureSkipVerify: true

Thought about checking if --insecure-skip-verify command line option is set but this should be configurable in separate for sso from my pov.

Local testing looked good, but will test on my staging cluster within the next days.

[codecov]

Codecov Report

Merging #6961 (96d20b6) into master (cf9a6cd) will decrease coverage by 0.03%.
The diff coverage is 33.33%.

❗ Current head 96d20b6 differs from pull request most recent head 2c189fa. Consider uploading reports for the commit 2c189fa to get more accurate results

@@            Coverage Diff             @@
##           master    #6961      +/-   ##
==========================================
- Coverage   48.57%   48.53%   -0.04%     
==========================================
  Files         265      265              
  Lines       19267    19269       +2     
==========================================
- Hits         9359     9353       -6     
- Misses       8856     8862       +6     
- Partials     1052     1054       +2     

Impacted Files	Coverage Δ
server/auth/sso/sso.go	26.39% <33.33%> (-0.28%)	⬇️
workflow/metrics/server.go	15.78% <0.00%> (-3.51%)	⬇️
cmd/argo/commands/get.go	59.18% <0.00%> (-1.17%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cf9a6cd...2c189fa. Read the comment docs.

[thesuperzapper]

@alexec @NextNiclas we need to update the SSO docs to indicate that the sso.insecureSkipVerify flag now exists:

• https://github.com/argoproj/argo-workflows/blob/master/docs/argo-server-sso.md